@grimson : that's an interesting idea. it would certainly make for a simpler physical install but i am not sure about managing the switch and firewall together. my first thought is that they could be less secure in that arrangement, and i should have a single wan interface managed by the firewall.

Necropost here, but I found another option that worked well for me. I thought it might be helpful for others arriving by web search. Similar to the above solution by dotdash, but it works in a shell and is not limited to Intel nics.

Physically connect or disconnect the port in question, then at a shell prompt:

dmesg

or

dmesg | tail

At the end of the output, you should see something like:

emn: link state changed to UP

or

emn: link state changed to DOWN

Depending on whether you connected or disconnected the port.
For what it's worth...

Thanks, it's working! And I was able to activate the module in

/boot/kernel

with

kldload acpi_ibm.ko

and control my fan with

sysctl dev.acpi_ibm.0.fan=0

(switching the fan-control to "manual")
and

sysctl dev.acpi_ibm.0.fan_level=7

(sets the fan-speed to 4300rpm (max))

The laptop is in the basement and may prefer to be a little louder and cooler.
Thanks for your help!

If you're wiling to consider a refurb, this looks like quite a good deal:
https://www.newegg.com/Product/Product.aspx?Item=9SIAE256P82681&cm_re=dual_gigabit--9SIAE256P82681--Product

@stephenw10 thanks I didn't know that one!!

Bandwidth measurements are consistent. Max download is averaging out to 450.
I know I won't get the full 600/600 but I don't really need it.

Thanks for all of the help.

The chances of getting that device working with pfSense are very low to zero I would think. Mostly because that's not really a NIC it's a CPU and as such requires everything that goes with that. An OS to run independently of pfSense.
It may have that already but getting pfSense/FreeBSD to talk to it as a network interface would be a massive task.

Steve

At what point does it stop? DO you see any errors?

Steve

It appears there's a known issue with Broadcom BCM57810 adapters in FreeBSD (LACP bonding is not working well): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606

Today I tried to make some tests thru the HAProxy running on the firewall and the server has just screwed up after reaching ~140000 connections. Log contained:

Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: ECORE: timeout waiting for state 1 Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: Queue(3) SETUP failed (rc = -4) Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: Queue(3) setup failed rc = -4 Aug 9 05:20:18 pfSense rc.gateway_alarm[19058]: >>> Gateway alarm: WANGW (Addr:a.b.c.d Alarm:1 RTT:2000271ms RTTsd:3249226ms Loss:21%) ... Aug 9 05:20:28 pfSense kernel: bxe1: ERROR: TX watchdog timeout on fp[01], resetting! Aug 9 05:20:34 pfSense kernel: bxe1: ERROR: ECORE: timeout waiting for state 7 Aug 9 05:21:02 pfSense kernel: bxe0: ERROR: FW failed to respond! Aug 9 05:21:02 pfSense kernel: bxe0: ERROR: Initialization failed, stack notified driver is NOT running! Aug 9 05:21:17 pfSense rc.gateway_alarm[45717]: >>> Gateway alarm: WANGW (Addr:a.b.c.d Alarm:1 RTT:0ms RTTsd:0ms Loss:100%) ... Aug 9 05:21:31 pfSense kernel: bxe2: Interface stopped DISTRIBUTING, possible flapping Aug 9 05:21:42 pfSense sshd[82110]: Timeout, client not responding. Aug 9 05:21:54 pfSense sshd[19888]: Timeout, client not responding. Aug 9 05:21:55 pfSense kernel: bxe0: Interface stopped DISTRIBUTING, possible flapping Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: ECORE: timeout waiting for state 1 Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: Queue(0) SETUP failed (rc = -4) Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: Setup leading failed! rc = -4 Aug 9 05:23:14 pfSense kernel: bxe1: ERROR: Initialization failed, stack notified driver is NOT running! Aug 9 05:23:36 pfSense kernel: bxe3: Interface stopped DISTRIBUTING, possible flapping Aug 9 05:24:23 pfSense kernel: bxe1: Interface stopped DISTRIBUTING, possible flapping

Going to change the adapters to Intel.

Thanks @stephenw10 ! I appreciate your help!

Yeah, at their best USB NICs require more CPU than PCIe NICs, and a D2550 doesn't have much to spare. Also, most USB2 NICs are 100Mbps--you usually need a more recent USB3 NIC to get to 1000Mbps (or 185Mbps). You may also want to check that the USB NICs are on separate buses (the ports are usually in pairs per bus).

@floppysense said in Repurposing old i3 for Gigabit speeds?:

i3-530

This i3-530 has no hardware AES-NI, will break starting with pfsense 2.5.

@ivor Thanks!

@stephenw10 said in pfSense Image for Firebox X700!:

You might also consider it time to upgrade. Those original X-Core boxes are fairly ancient.

Yeah - you're spot on the money, just one of these things that's laying around so I figure it can go in the workshop until it dies... I'll post back shortly with an update

The SoC in the 3100 is thermally bonded to the base plate which it uses as a heatsink.

80°C is not a critical temperature for it. Whilst a little higher than I usually see I would not worry about that as a peak reading. 65-75°C is the expected range. Obviously that depends on the ambient temperature.

Are you seeing that shown as 'critical' on the Thermal Sensors widget? Those values are generic there and not taken from the hardware. It should be set higher for the 3100.

Steve

@stephenw10 I just updated to the latest snapshot and its working fine. So it must be something with the stable release.

I don't argue at all with the assertion that Intel NICs are superior. And if this is for anything other than a non-critical home setup, I wouldn't even consider Realtek. However, if you're budget-constrained and willing to do a little more work, I can say that I've been running a Zotac CI323 Nano (dual Realtek RTL8111E NICs) for years without any problems. My connection is only 100/10, but iperf tests on the LAN interface suggest they're capable of at least 500+Mbps. That said, the extra work is running with the latest official Realtek driver. It's not too bad really:
https://forum.netgate.com/topic/92884/zotac-zbox-ci323-nano/111

@stephenw10 said in PfSense hardware for home router - OpenVPN performance:

3200/2.7=1185

Nice. Are you able to test a reality figure on there at all?

In linux with a client running on the same machine in kvm, it hit 1100Mbps. (So, zero latency internal network, but with the load of being both client and server.) I'd not expect to see that on a real link, as I don't think OpenVPN will keep enough packets in flight to fill the pipe, but the hardware can do it. That said, I'd pick a newer i3 if I just wanted a firewall with openvpn; the ryzen is overkill for that, and an i3 should hit the same numbers for less money.

@johnpoz said in Intel Gigabit port but only get 100mbps:

^ exactly... You wouldn't believe how many times have this discussion. Gig is designed to auto, if it doesn't auto then something is wrong.. You fix that something vs hard code..

Only time you would hard code is if your wanting gig to run at 100 or 10..

And then only if you know the other side is also hard-set and not auto-negotiate.

About the only place this should ever be the case these days is talking to an ISP 100-Mbit metro-e or something. They often want you to hard-set 100-full for those. They should explicitly ask you to do so.

Hi guys, I know this is a super old thread - but just wondering if anyone in here could share me the a copy of the last x32 bit via DD configured for the x700 - Please see here for the actual thread with the background as to why: https://forum.netgate.com/topic/133044/pfsense-image-for-firebox-x700