Like an i3-8100t? Then yes. Easily. Steve

I agree with #stephenw10 in that you should confirm the WAN speeds first. Only then can you check if your PfSense can pass that level of traffic. FYI, for reference, I did some testing on ESXi today using a couple of virtual switches inside: Test 1: Windows 7 (4 core 4GB) --> Virtual switch --> Centos 7.5 (4 core 4GB) Iperf3 gives me 13Gbps across the v-switch. (therefore the Iperf client & server Virt-machines have plenty of CPU & RAM. Test 2: Windows 7 (4 core 8GB) --> Virt-SW-1 --> PfSense (4 core 4GB) --> Virt-Sw-2 --> Centos 7.5 (4 core 4GB) Iperf3 now only gives 2.5Gbps E2E through PfSense even with 4 Xeon & 8GB ram assigned to PfSense. Tried this with both E1000 and VMX3 virtual NICs but result is the same. Now I'm wondering what I need to tweak inside PF to get better throughput, or if this is a limitation of PF in ESXi environment ?

@stephenw10 Thank you very much for your help. I will buy it next week and start configure.Very happy with the your answer :).

Yes, disable off loading if only as a test. It's something that can cause asymmetric throughput like that. Testing to or from pfSense is still not a good test though. Through it is far better. You can try testing with more processes. The igb NICs can use multiple queue. Maybe try -P 4. Also check the CPU usage when you're testing with top -aSH. See if you're hitting a limit with one core. Yeah I would also expect better throughput from an APU2 than an APU1. Steve

I have not tried swapping cables yet, but will add that to my testing when I have an opportunity. I didn't (still don't) see iperf3 in the available packages list, otherwise I would have installed it. I am assuming from your note that if I do pkg install iperf3 from the command line it will be there and install. Checking the interface status shows In/Out Errors 0/0 and Collisions 0 for both WAN and LAN interfaces. This has been up for 23 days since the last reboot. Jeff

@stephenw10 said in New setup (and a new user): Yes it will. You could use a USB device but a separate AP will be far better in almost every respect. Steve Thanks Steve. I'll go with the separate AP then.

I just came to the same conclusion. You are correct! gop set 1 in /boot/loader.conf.local solved my problem!

Was it blocked UDP packets? Did you see some Cores pegged at 100% during that time? What is the crash you see with LRO enabled? We usually recommend leaving that disabled though for just this reason, it can be unstable. Steve

Ah, nice. So something there is set to fixed speed/duplex and was causing pfSense to fall back to it's default connection type. It would be better to have everything set to autoselect but some ISP still seem to insist on using fixed. Steve

Hi @robi, I appreciate your work on this as I own an HP t5730 on which I would like to install pfsense. Since your last post, the older versions prior to 2.4 have been removed from the pfsense download site. So, I am unclear whether there is a way to directly install the current nanoBSD version on the HP t5730 or if there is a workaround (finding an old version of pfsense elsewhere and then upgrading in accord with the instructions you have provided, installing a current version to a computer, modifying it to fit on the HP 1 GB flash and "dding" it to a USB drive and then installing that, or...). Thanks in advance for advice. stevesr0

@dlucas46 said in Wrong readings on CPU temperature (Atom D525): @aweidner You could correct the issue but it would require you to rebuild the coretemp kernel module. I had to do a similar thing when I replaced the CPU in my Watchguard with a xeon. The coretemp module code is very basic and if your CPU has the same ID as another model the wrong tjmax value gets set. If you change the code you can compile the module and load it at boot to override the coretemp module from the kernel. You will then have the correct temps reported. That would be too much of an effort for me as this box is just a stand in, before i can buy something new. It is at least eight years old and was pulled from the shelf because i needed a quick solution. Also my programming skills are virtually non existent

@grimson That is a good point. The main reason I'm asking now is the potential addition of the 10G switch in the near future. I'm trying to figure out if it will be solely an isolated storage switch or it I want to route it. I only have one pcie slot in my router. So, if I add a SFP+ card, I would like to get one that has the greatest chance of also working with a fiber WAN.

There is a method to artificially disable the AES-NI detection of openssl by setting OPENSSL_ia32cap="~0x200000200000000" to disable AES-NI usage for testing. ## Automatic AES-NI detection $ openssl speed -elapsed -evp aes-128-cbc ## Disable AES-NI detection $ OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc

You could pass 300Mbps with a Pentium4 so you will have zero issues doing it with a Haswell i5. Somethings are still single threaded and hence single core speed matters for them. OpenVPN or Snort for example. But I would expect that CPU to do either of those things at 300Mbps just fine. Steve

The 4.5mins does seem suspiciously like that watchdog reference but I would still expect to see output during that point. No output at all on the VGA port even after resetting the CMOS doesn't look good to be honest. This is a C2000 SoC with everything that implies. Connecting to the serial port usually requires a USB to serial adapter and a null-modem cable. But you can get adapters that are both those things combined. https://www.netgate.com/docs/pfsense/hardware/connecting-to-the-serial-console.html Steve

Thanks Steve, Very good point on being on the same subnet. I have another think how to divide things up, I also have several low speed Wifi IOT devices which be better not on the subnet as he PC's. It's always the same with home networks and computers - pick one only Speed, power consumption, future proof. I think the Asus H110T is good board but not expandable, A board with more network ports or a PCIe slot would be better longer term. Thanks for point things out that I didn't think of !

Wow, nice. I'll try to avoid that I think! Glad to see you found a solution though. Steve

Thanks again! In the meantime, the problem resolved itself, but it's important to know stuff like that can happen :)

How about a used Dell Optiplex 9020 SFF ? https://www.ebay.com.au/itm/Dell-OptiPlex-9020-SFF-Core-i7-4770-3-4GHz-8GB-Ram-128GB-SSD-Win-10-P/253373075009?hash=item3afe364e41:g:1-UAAOSwlAZaT41m 4 core i7 (up fo 3.9 GHZ) with , 8GB RAM + 120GB SSD, plus a Win10 license for 350$AU Add a chinese knock-off i350-T4 network card for 60$AU. The i5 version is available for only 270$... I run the i7 version with ESXi and 16GB RAM. It handles a 50/20 NBN connection withoit breaking a sweat... I have tried OVPN and could achieve 45Mbit/sec during the day. At night times my provider or NBN starts dropping UDP packets and VPN throughput becomes unusable at 1.5 MBit/sec. Back to 45 again after 11pm.

Fix is: This was due to vlans and switch config being erased. If you're restoring a configuration to this device, make sure to either backup the vlan's before restore from the factory image, or recreate them manually. Make sure on the restore you select the box about the switch config.