Nothing shown there is unexpected. The idle processes shown as using high CPU are normal. That's what shows as using CPU cycles when nothing else requires them. I assume it was not dropping packets at that time? You should not run Kea on the 3100. There are known upstream bugs in arm32 that affect it. That wouldn't cause packet loss though. You should upgrade. 24.03 is now a very old release.

Exactly how 'frozen' is it? Like the console stops responding? But, yes, you should upgrade anyway.

@gorki the default location for the kernel source is /usr/src, so it's implicitly referenced. That should also be where OSVERSION gets picked up from when building the module. The override during the make command is as you mentioned to override the package name since it's picking up the version from the OS not the clones by default. Glad you were able to get it working. I tried this procedure for the most recent build for the installer in a new VM and only ran the commands mentioned expect installing ssh and a few other small packages to make it easier to perform. I did make a local modification originally when I built the package for 2.8.x but I don't believe that was necessary the second time I did it.

@stephenw10 said in WatchGuard XTM 5 – Full Repurpose Guide (BIOS Unlock + OPNsense Working): Mmm, I assume pfSense also runs fine there. It does for me. As does mine..

No set timeline for that yet.

@stephenw10 My experience (posted above), with the older firmware, showed that even if I set 2500BaseT and other side was auto-negotiate I still had flapping. I still have 1000BaseT set now and it has been stable for months. This is on my WAN side, igc3. LAN side, igc2, is set to auto-negotiate and other side is 1000BaseT and it has been stable since day one. Looks like @workaholiker has proven that with new firmware setting speed to 2500Base-T stops flapping. I also had purchased new 1m Cat6a cables to rule them out.

Just checking in to confirm that everything is still running smoothly without any issues. I did end up setting up additional services like Avahi but all freezes are history.

Hi all, I have a few M570 boxes that I want to install ESXI 6.7 on them, but ESXI requires Secure Boot to be activated, there is no way to activate it on the default BIOS. Can someone PM me with the new BIOS, I want to write that one and maybe I can activate Secure Boot from there. I confirm, M570 works by default with E3-1260L V5 Intel CPU. Thanks all.

The i7 still commands an unrealistic premium IMO. The i5s are far cheaper and easier to get and still easily powerful enough for most. I'm running an i5-4670S in one without issue. Pulls ~24W.

So we've snuck past the 10 year anniversary of the APU2 Have recently updated my APU2 to pfSense Plus 26.03 - absolutely worth the effort just for these fixes alone: Fixed: GUI performance degradation due to check for weak passwords on each page load (speeds up the UI considerably on the venerable AMD GX-412TC) Added: Update the SSH server configuration to current standards and include post-quantum cryptography algorithms Added: Auto-renewal for certificates Kudos to Netgate, PC Engines & 3mdeb for providing such a robust & performant gateway. Lastly I'm still running the same tweaks as previously documented (see https://forum.netgate.com/post/1222684 above) Enjoy

@stephenw10 Thanks, I really appreciate that I’ve updated both the guide and the download page to properly credit you and reflect the wider community work behind it, and I’ll also be linking back to this thread so people can see the original discussion. This is the credit section I’ve added: Updated Credit section to reflect the community and thread too: [image: 1775498781664-c65debaa-c9b5-4780-8f6c-9d85e5696f41-image.png] ~~🧠 Original BIOS Mod Credit This BIOS modification originates from work within the Netgate community. Credit goes to stephenw10 on the Netgate forums, who confirmed that this ROM matches the version originally created around 2013. The original modification was developed to unlock additional BIOS functionality and enable features such as improved CPU support, system flexibility, and better handling of CPU scaling (EIST) behaviour. There were multiple contributors involved in the wider XTM5 work at the time, so this should be considered part of a broader community effort rather than a newly created file. This file is hosted here to preserve access, as many original sources and download links have disappeared over time. Really appreciate the extra info as well — especially around the AML/EIST side of things ~~

Yes, it's possible. The only real gotcha is that the m.2 socket is B-keyed so the NVMe drive you fit must be B or B+M keyed. Realistically that means it needs to be B+M keyed as I've never seen a B only keyed SSD. Most/many NVMe SSDs are M-keyed only and won't fit in the 4100 (or 6100/8200). https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4100/m-2-nvme-installation.html Steve

@w0w it works for me. Thanks

@JonathanLee said in SafeXcel EIP-97 only registering AES-CBC with OCF on SG-2100 (pfSense Plus 24.03): At the 'OK' loader prompt (with pfSense Plus Installer USB plugged in): OK run usbboot That should be at the uboot (Marvell>>) prompt.

@stephenw10 Very cool. Thank you for the assist.

Well you will need at least some RAM. It's unlikely all RAM sticks would fail though. Otherwise you might try a different PSU. Beyond that I'm not sure what else you could do. The Supermicro board manual might have some info on the diagnostic LEDs.

It cannot on those CPUs. It's a limitation of the SoC as noted by Intel: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/io-ports.html#sfp-ethernet-ports If the module defaults to the required rate it can work which is why some module do even though we don't officially support it. I assume you're trying to have it link at 1G and it's failing to link at 10G?

Yup I'd be amazed if it was anything but soemthing worn and/or blocked in the cooling system.