Ok thanks, I know Grafana pretty well and use it for data logging other items and solar stuff on my house but I just like how quick and responsive the XG-8's display is. Pretty much real-time.

Maybe in my "free time" (lol) I'll start another project and try to design something that looks like it. I just need to find a cool OLED panel or something that's close to it.

Well the J1900 is pretty poor at single thread performance and also is 5 years old. The N3150 is a very low power laptop CPU.
https://www.cpubenchmark.net/compare/AMD-Phenom-II-X4-965-vs-Intel-Celeron-J1900-vs-Intel-Celeron-N3150/370vs2131vs2546

I should have specified almost any recent desktop/server CPU 😉

Steve

@jlibs

The lights should still blink with traffic. If they do absolutely nothing then your box probably has problems..

Since they quit making those close to ten years ago they are getting very old at this point.

OpenVPN is single threaded so, for a single tunnel, you need a CPU with the fastest single thread performance you can get. I'm not sure I've seen anyone hit 1Gbps on a single tunnel, but I have not been following that closely. There are a number of threads here discussing it.
It is possible to setup multiple tunnels and load-balance between them. That only helps if your traffic across the tunnel is multiple connections of course.
All that assumes whatever you're connecting to can actually pass that too.

Steve

Not sure I understand the question... 8 cores will likely be sufficient, in terms of number of cores, for whatever you might do.

Either of those will be more than enough for firewall/NAT at 1Gbps. OpenVPN will be by far your largest user of CPU cycles if you're using that.

Steve

I personally have a Sierra em7305. It's an internal m.2 card but usb connected. That provides serial ports. I get 20-30Mbps over it. The newer em7455 also works fine.

Hard to recommend anything I don't actually use myself.

Other than that external Ethernet connected modems are generally much easier to deal with like the Netgear lb1120.

Steve

Yes, it's now showing correctly as MSI-X. dmesg output below for completeness:

ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x4000-0x401f mem 0xfd300000-0xfd3fffff,0xfd4fc000-0xfd4fffff irq 19 at device 0.0 on pci3 ix0: Using MSI-X interrupts with 9 vectors ix0: Ethernet address: 48:df:37:01:b8:e4 ix0: PCI Express Bus: Speed 5.0GT/s Unknown ix0: netmap queues/slots: TX 8/2048, RX 8/2048

Thanks again for your help.

Sure makes sense, but what about a box made with off the shelf hardware server grade even? Rather if you can't disable is it a huge security hole?

I doubt it unfortunately. Now that we have ported to our own ARM hardware there is a lot less reason to carry another device along with all the additional coding and testing that implies.
If FreeBSD was already running on it that is reduced but it still adds a lot of work for us to maintain.

Steve

@Gertjan said in APU2 Crashing:

@rustydusty1717 said in APU2 Crashing:

Just an update:

Got a replacement board sent, put in another new mSATA drive, updated firmware to 4.0.25 and install pfsense 2.4.4p1 and so far knock on wood I have 10 hours of up-time.

👍

Is it normal for the board itself to beep every time I log into the webGUI?

According to the doc Docs » pfSense » Hardware » Disabling Sounds/Beeps , yes ... ;)
It's actually a user setting, enabled by default.

But the beep is fine, it confirms you login was successfully.
When it starts to beep with you doing something else, well .... that's when things become interesting.

Yes, the last one was beeping continually which I kind of figured was never a good thing.

I would start by checking the FreeBSD forums and mailing lists for reports.

Steve

Have you tried loading default settings in bios?
Got a Supermicro A1SAi-2550f which i use as a NAS but i have been using it with pfsense at one point without problems with no monitor.

@tman222

Use case?
+9k active users(pipes2) on 28k devices (macs2). But I can only shape about 3k devices(macs*2) actively under 1.5gbps before I hit bottlenecks.

I divide the residents depending on usage patterns on all the APs, and then centralize them via vlans to different pfSense servers acting as bridges. I monitor them. each resident has a pair of pipes, and it's shared between his devices that hit at least each pfSense gateway.

I'm trying to centralize it further, but I don't know if adding more NICs and processors would help alleviate the interrupts. The logic says yes.

After reading this, it seems like if I add more cores and more NICs, it should work, but papers don't normally guarantee that current OS's work the same as detailed. I guess I have to try:

https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/MMBnet15-2.pdf

Just an FYI.

IF the NAS and your PC are on the same network segment, they will never touch the pfSense interfaces. Only if the NAS and PC are using the Router as a gateway will you need that interface speed.

It's nice to have a 10gbps in case you have different networks needing it. But typically folks keep their storage on a dedicated network not crossing their gateways.

This has been an awesome first experience with forums. Just wanted to thank all of you for an awesome introduction into the community.

@tman222 Thanks. I ended up ordering the IBM version from Ebay. Using virtualization now, but should be good if I end up going back to a physical box, too.

@rebi said in pfSense box advice:

BTW since pfSense now supports ARM, it might be possible to be installed on a Raspberry PI (never dug into the topic, it's just an idea)

No it isn't. The two devices with ARM have custom images. There is no "generic ARM" image for pfSense. Sorry. Besides, a RasPi is a really bad choice for routing.

If the client gets an IP address via dhcp but can't make any connections otherwise it's almost always because there's no firewall rule on the interface to allow it. So either there simply are no rules (the default) or the rules haven't been applied or less likely they cannot be applied for some reason.

If you rebooted and it started working they probably just hadn't been applied.

Steve

SFP modules should generally work on SFP+ cards (and just operate at 1Gbit speeds), but I'm sure there are some exceptions out there (e.g. SFP+ cards that only support 10Gbit and not 1/10Gbit). I'd take a look around first and see if you can find a good SFP card (though there is a decent chance it will be used, e.g. check out Ebay). If not, consider just getting a SFP+ card and using SFP modules (there should be more availability and ability to buy new if you want). As @stephenw10 already mentioned, both Intel and Chelsio cards work very well with FreeBSD (and hence pfSense).

Hope this helps.

Bought one of these off ebay. Seems to work perfectly.

Dell 0HM9JY

david