Yup, here you go: BCHW.c.txt

I use the QNAP 2.5gb dual port that is Intel based. It works great. It needs the longer PCI-E slot not the short little guys….. I have multiple QNAP 2.5gb cards. All are Intel based. I have one dual, 3 singles. My PFSense “router” works like the more popular routers that way. Allows me to connect several 2.5gb clients easily. Yes I know there’s pro’s and con’s to bridging any multiple LAN cards with PFSense but doing so works great for me. The cards were plug and play for me with 2.6 and now that I’m on 2.7 development version included drivers are not an issue. The tweaks in 2.6 to turn off hardware this, hardware that, not needed with 2.7.0.

You probably can do something like that but FreeBSD has a better solution built in for setting the config index on a device: https://www.freebsd.org/cgi/man.cgi?query=usb_quirk#LOADER_TUNABLE So get the product and vendor IDs from your device using usbconfig -d ugen0.2 dump_device_desc then create the file /boot/loader.conf.local and add to it: hw.usb.quirk.0="VID PID 0 0xffff UQ_CFG_INDEX_1" Then that device will always come up with config index 1 whenever it's attached. Steve

Thank you to bad I already returned it and got a different one coming.

@stephenw10 Thanks. There's also some Intel NIC chipsets that are, on the ARK page, specified as proprietary instead of being on the PCIe or some other standard bus. I assume that means they are part of SoC or the motherboard chipset. Curious how pciconf handles those. I don't have FreeBSD specific info but 82579LM is an example.

@rle said in Intel X710 Issues: I also had to replace the file completely in boot/kernel otherwise it would not load the newly compiled driver. You could have also added: if_ixl_name="/boot/modules/if_ixl.ko" To make it load the new module. Steve

@stephenw10 said in APU --> SG-1100, Faster at IPSec; Slower at Everything Else: Both the MBT and the APU are capable of running the current pfSense CE version, 2.6. I found my null modem adapter, so I now have one of my APU units up and running 2.6. I need to run over to my 3rd site and swap it into place of the other APU, and then upgrade that one to 2.6, and then all of my devices will be at the latest release. Thanks!

To close this out, I bought the Zyxel switch and an Intel SFP+ NIC for pfSense and connected them with a DAC cable and it works exactly as expected. I haven't upgraded my AT&T service yet but I gained about 300Mbps on the upstream in a speedtest (?!) just from not being limited by the port speed. It's 10Gbps from pfSense to the switch and 5Gbps from the switch to the AT&T CPE. I'll call that a win even if I don't go for a package above 1Gbps. I'm getting 940Mbps down and ~1250Mbps up now. Even 2.5Gbps to the AT&T CPE would yield the benefit. Obviously YMMV but it's worth a look if you have AT&T fiber.

With that DAC cable there is no option to set a fixed speed in the Chelsio NIC. It can only be autoselect. That is quite common and in those situations it will often only link at 10G. Using fibre modules instead of DAC will probably allow it if you can test that. Steve

Thanks for the information and yes i agree that the man page might need an update.

The default Realtek NIC support is no worse in 2.6 than in 2.4.5. If it was working fine for you in 2.4.5 I wouldn't expect problems in 2.6. The only thing that changed is that the alternative driver was removed from our repo making it slightly more difficult to install. However if you weren't using it then there's no significant difference. Steve

@AW-pfsense The different hardware will allow be to test the capabilities and allow some limited estimations of performance for my use cases when the hardware is compared.. Ok This is more than just a perforce comparison. If either the s/w or hardware is not capable its not for me. Ok I understand I have tested with Ubuntu to confirm of the network and h/w i'm using is capable of the speed. Ubuntu is doing normally the following, if configurated! SPI = netfilter in Linux NAT = Network address translation It is fast and not really comparable to an firewall, it is what a pure router is doing! Please don´t forget this. pfSense has also NAT, but it a later part of the packet filter (pf) where the names (pfSense) comes from. And the packet filter is doing more, it is working over any packet firewall rules based action, so it needs more time and power. The hardware should be a little bit stronger! That's the only reason for that. Given the hardware I'm using is more powerful than the 6100, if it cant cope this is not generally good for lower powered h/w In some cases we use here the following setup, matching nearly any needs and/or without any problems running no, some or featured UTM (pfSense), you can really trust on. Intel Xeon E3-12xxv3/4/5/6 with 8 / 16 / 32 GB You can add all adapters you need ~500 € - 1000 € Supermicro Intel Atom C3000 8 / 12 / 16 Core Power saving and fast enough, with M.2 and WiFi slot ~1000 € - 2000 € Supermicro Intel Xeon D-2100 series With, M.2 SSD, WiFi and modem + SIM slot Supermicro Intel Xeon D-2700 series With, M.2 SSD, WiFi and modem + SIM slot ~1500 € - 3000 € It is not cheap, but if you need the power you may not looking in the cheaper corner and if this must run 24/7 you may not willing in Intel Core iCPU series. But the most think is that you may fiddle out one or two days that all is matching to your hardware and this comes normally on top of all! What is some ones hour price? What is one or two days price on top of all, and now the prices from the Netgate appliances are not anymore so high as many state here in the forum often. You may be not missing something you want to install! Squid & SuiqdGuard, ClamAV, Snort, pfBlocker-NG, tinc, stunnel, acme, lightsquid and vpn packets runningfast! I'm just trying to solve some technical issues i am coming across as I test the capabilities. Then I would really suggest to go with an installation of pfSense either 2.6 or 2.7 to get a better feeling to this given power of the hardware.

Yes. As long as it's supported by the hypervisor.

FreeBSD has no MBIM support. Nor does it support other proprietary interface types like QMI. So you can only use the PPP interface which is limiting and the modem must be configured to present an AT port which most rebranded ones are not. (they can usually be reconfigured to do so though) I usually see 30-40Mbps. I've seen others report >60Mbps. You won't see the claimed 150Mbps or 300Mbps. Steve

I just revied my 6100 a couple days ago and using info here was able to get the interfaces/ports assigned the way I wanted. Just made up a table for myself in MS word so I have a quick reference on the box. [image: 1664730057810-2e22130d-f9f2-40c5-807b-3eb091562a47-image.png] [image: 1664729488001-20221002_091620-resized.jpg]

Hello, long time ago, there was a SDK from IBM under OpenSource license free for public usage, so you or all others may be interested in, could be write there own applications to use the TPM modules as they need and want it. If you may be getting your hands on a TPM module that comes "not" sorted with a key or certificate inside, or plain a piece that let you write on (in) your own "stuff" it might be you reach your goal.

@sledge replied .)

@davecullen86 Hey guys, many thanks for your response. The more I look into this, the more I see so many others with the same issue. I have some, a couple of PC ENgines APU boards, and I run MikroTik RouterOS, OpenWRT, pfSense on them, all Linux comes more to 1 GBit/s with lower powered hardware, it is a little bit more near to the hardware due to better driver support and here and there not so "hardware hungry", but a router and a firewall that can be turned into a real UTM device is als not the same! As I see it personally, you could try out as @stephenw10 was suggesting to tune your pfSense a little here and there. With DanOS you might be getting nearly two streams with full GBit/s on the same hardware (PC Engines APUx), owed to DPDK capable LAN ports such Intel i210 / i211. As you say the issue is implicit to the PPPoE single core > factor and the clock speed of an individual core of my small appliance. Like me, but I was high up the cpu frequency to another level and play now around with some other tuneable`s, to get here and there more out of my hardware pointed to the entire throughput. But I also know that my appliance is better cooled then other and will never goes higher then 65 C° - 70 C°!!!! The CPU is normally capable of 1400 MHz and runs even only at 600 MHz - 1000 MHz and now it is running from 1000 MHz till 1400 MHz, but if something goes wrong, I don´t complain and be angry! I have a solution! With another identical appliance, I have installed OpenWRT x86 and I am not getting close > to 900Mbps throughput. And with DanOS you may be bidirectional getting fully 1 GBit/s out! But not a fully UTM in your Network!!!!!!!! Firewall Captive Portal with voucher system (voucher over sms) FreeRadius with certificates and encryption Snort or Suricata for IDS/IPS pfBlocker-NG for less spam and other unwanted things Squid & SquidGiuard as a caching proxy in fron of LAN ClamAV scanning the entire network flow for viruses (perhaps at one day WiFi a/b/g/n/ax) Now, THIS IS good enough for me :-). So I suggest is a good potential solution for others who are happy to offload the PPPoE function to another inline appliance. I run a AVM FB 7590ax in front of the pfSense and behind I am running the pfSense firewall! No PPPoE anymore, but double NAT situation! But all CPU cores in usage! AVM is offering some interesting APPs (VPN, telephone,..) Really nice to connect from outside (internet) and being secure on the LAN side! Now I just need to work out if I can pass through the WAN IP somehow to my PFSense :-) 1 LAN Port as "exposed host" to the WAN interface of the pfSense firewall ("Experienced") Double NAT Situation Router: network (net) 192.168.178.0/24 (255.255.255.0) Router IP 192.168.178.1/24 (255.255.255.0) Static IP Address to the pfSense a.e. 192.168.178.10/24 DHCP off: all IPs will be static given to the clients pfSense: WAN IP 192.168.178.50/24 (255.255.255.0) static IP LAN Net: 172.xx.xx.0/24 (255.255.255.0) LAN IP 172.xx.xx.1/24 (255.255.255.0) static IP DHCP: on/off (Like you need it and want it) Thanks for your help again - I really appreciate the pointers that ultimately led me to get a working solution. Not that problem, you are one from xyz sitting in the same boat. I would also have a look on another appliance if I`ll getting more then 50 MBit/s Internet speed!!! P.S. Please don´t forget in the WAN setup to disable the following point! [image: 1663859395891-wan-settings.jpg]

@stephenw10 Thank you for your time and your team for the product. Fantastic.

It is supported by the mlx4 driver. I tested one a while back and found it to be a little odd in my particular hardware. Others are using it successfully. If you need 10G I would be looking for an Intel x500 series NIC. Steve