What type of NICs are in those two? If only one has Intel NICs use it for pfSense. Avoid Realtek NICs on pfSense, especially if you want gigabit performance.

After hours of testing in different setups, I have figured out how it works but it is still weird that it does work this way.

1)  Turning hardware acceleration On and Off in OpenVPN setup does nothing.

2)  It runs the fastest when both AES-NI and BSD Crypto is on in advance->miscellaneous.  If any one of those are off, it moves roughly as fast as not having any acceleration on at all.  My guess is that it can't turn on hardware acceleration unless both are on.  This is 2.4.2 by the way.  On a 7600K.

I get 350- 500 mb/s down with hardware acceleration off.  I get 550 mb/s - 650 mb/s down with hard acceleration on.
I get 250-350 mb/s up with hardware acceleration off.  I get 350-450 mb/s up with hardware acceleration on.

@cadamwil:

Hello All,
      I am wanting to build my first PFSense box.  I have managed a PFSense box at my previous job as an IT consultant and I am very familiar with firewalls as I am and have been a Network Admin for a bit.  I would like to build a Mini-ITX box using a small Mini ITX case, like some of the supermicro cases.  I was wondering what the favorite current low power embedded CPU that would support gigabit internet connections and possibly a VPN for all of the connection.  I'm thinking SuperMicro or Asrock for the motherboard, but I don't know what the favored solution would be.

Adam

While using OpenVPN, I achieved 500-600 mb/s down and  200-350 mb/s up in software alone ( no hardware acceleration).  I was using a 7600K and a ATX motherboard with an intel 4x Gb wirless card.  I don't have data on with hardware accelration yet.  I have figured out how to get it to work.  I was using AES-256-CBC on OpenVPN.

PPPoE will be limiting, you only get one thread doing anything. But on a Core2Duo you only have two cores anyway.

Try running:

ifconfig -a

to see what the parent NIC is doing.

You might try swapping the WAN and LAN assignments also. One of those NICs/drivers might perform better for PPPoE.

Steve

Any PCI-e x4 physical slot will do. x1 and x2 will work too. The problem is that the card is x4 big and x4 electrical, and while electrical doesn't matter (PCIe scales down and up really well, you can run anything at x1 if you wanted to, even x16 cards work at x1) it does matter if the card fits. So a x1 or x2 (I'm not sure if x2 even exists) will work, but only if the slot is open at the end.

So, if we check your system it should have PCIe slots, and thus it will work.

It seems like you might need to load a driver if you want to use the existing tools, rather than talking to the device directly.

[2.3.5-RELEASE][admin@apu.stevew.lan]/dev: kldstat Id Refs Address    Size    Name 1  15 0xc0400000 1e6efd4  kernel 2    1 0xca501000 3000    amdsmb.ko 3    2 0xc9805000 2000    smbus.ko 4    1 0xc9e92000 3000    iic.ko 5    3 0xc9f7e000 4000    iicbus.ko 6    1 0xca637000 3000    iicsmb.ko 7    1 0xca63b000 4000    iicbb.ko [2.3.5-RELEASE][admin@apu.stevew.lan]/dev: i2c -s -v dev: /dev/iic0, addr: 0x140e7580, r/w: r, offset: 0x00, width: 8, count: 1 Error opening I2C controller (/dev/iic0) for scanning: No such file or directory

Steve

Ok, wanted to let you know that despite the initial good results, the OS crashed a few hours later. OPNsense looks like has no issues (3 days and counting) with PPPoE (the trigger of the crash). Anyway, I'm going to use both as I have several boxes.

@jahonix:

There are numbers in the picture for a reason.
You're talking about #13, right?
You clearly see the cut-out of the connector base facing to the outside of the board. Either refit it that way or imagine it being there. Then your power connector will fit only one way, no guessing involved.

Thank you for the information. Really appreciated.

It was an interesting product but I guess the demand was not there for it. No great loss IMO, though my use case is probably not typical.  ;)

Steve

@Harvy66:

In theory it has enough bandwidth for half-duplex gigabit for one device on the bus. From what I read, if there are any old controller devices that use ISA, like a floppy controller, the ISA controller comes off of the PCI controller and cuts the PCI controller's bandwidth in half, down to 66MiB/s.

This PDF has some interesting info https://pdfs.semanticscholar.org/6316/ad6b564201a5b860789cae3f43a7f132047f.pdf

Fine, you win !!  :P

Hi,

what do you think about qotom q370g4 i7 4500u ?

It's good ?

Thanks

@johnkeates:

Yes it could but why would you even do that, pfSense won't support non-AES CPUs in the future.

I'm locked into using Lga1155 as my socket, so I'm trying to figure out my options.

As far as I can tell only Xeons have AES-NI on the Lga1155 socket. The cheapest Xeons I could find are the e3-1220 for 75$ USD and the 18w 1220L for 100$, both are significantly more expensive than a 10 Pentium

Consider this: https://forum.pfsense.org/index.php?topic=142341.0

Tested, works awesomely!

@thashen4:

Hi lamjanus,

I hope you doing quite well I have found that the E3845 (AES-NI) is an effective cause it uses less power and the temperature of the processor can be used at -40°C to 110°C  which makes it very agile and robust to use in different conditions. the Qotom i3 is quite expensive and I do not recommend it and I have similar device which I have Pfsense 2.4.0 and it runs quite fine

https://www.pondesk.com/product/Intel-Atom-E3845-4-LAN-3G4G-HD-Fanless-Firewall-Router_MNHO-048

If he is going to run a device at -40 or 110 he is going to get one from a reputable western supplier I bet. The E3845 has no upside in this case.

@FranciscoFranco:

I would stay on 802.11n chipsets. There is a newer ath10k in the works but it is not done yet.
I would buy this: QCNFA222-AR5BWB222
Do note they come in different M.2 key arrangements so look hard at your existing module and match them up.

Just ordered it on aliexpress NGFF M.2 format… for under $6! Lets hope it works as expected!

Thank you, FranciscoFranco!

Thanks.  I am building a mini-router with a Shuttle DH110, and this will be helpful info.  I am planning to install it under Proxmox as a Virtual Machine, which is one way of it not being headless even if the host is headless.

please let us know the outcome.  that was my next purchase once i decide to replace my sg2220

@panteraboy:

Hello guys, thanks for the answer.
My net provider is going to give me a fiber optic connection soon, I do not see the meaning of a fiber media converter fiber to lan, I prefer a card to connect the fiber directly into pfsense pc.
Serious equipment manufacturers offer such solutions:

Mikrotik: https://mikrotik.com/products/group/interfaces

Ubiquiti: https://www.ubnt.com/accessories/fiber-modules-cable/

LE:
I forgot to mention the pc has 2 ports pci express port 1 lan card with 4 lan port, pci 2 plan to use fiber card.

There is no such thing as 'a fliber card'. Fiber is just a material, a medium, just like copper. Just because something uses fiber doesn't mean it's what you think it is. It's like stating that you want a 'copper card' which can be a modem (analog, digital, ISDN, DSL, DOCSIS), a SATA card, a sound card etc and none of them will work if what you actually needed is an ethernet card.

If you want something that you call 'serious', you can always just buy something like this: https://store.netgate.com/XG-1537.aspx and get a fitting SFP+ module for your fiber type.

What you need (if you want to plug in fiber) is a SFP/miniGBIC adapter and a network card (not a storage HBA). Which one depends on the fiber, as there are multiple types in use.

For example,  a card that does up to 10 Gigabit: https://store.netgate.com/Chelsio/T520-SO-CR.aspx
And a module to connect your fiber: https://store.netgate.com/Pica8-40GBASE-SR4-Module-MMF-850nm-P2038.aspx

But depending on your fiber and speed, maybe something else is enough, like this module: https://store.netgate.com/SFP-1000Base-SX-Transceiver-P2576.aspx
And this card: https://www.amazon.com/Addon-Intel-Based-Single-Port/dp/B00AQMDGX0/ref=sr_1_14?ie=UTF8&qid=1515023421&sr=8-14&keywords=sfp%2B+card

Fiber isn't as plug-and-play and simple as those toy home use CAT 5 gigabit ethernet over copper connections are. This is why residential setups get an NTU that converts the fiber to ethernet.

90 degree right angle pci express pci-e 16x male female converter card adapter,its what description say.
Size should be fine,at least measuring with my eye :)