Do you use 32bit or 64bit ? If you use pfSense 64Bit, you must use the 64Bit version of WGXepc -> WGXepc64 After installing the right version of WGXepc, you must change the read/write permissions with this command : chmod 0755 /conf/WGXepc  (for 32Bit version) chmod 0755 /conf/WGXepc64  (for 64bit version) I always add the WGXepc package and chmod command via : Diagnostics -> command prompt in the Web UI Grtz DeLorean

@messerchmidt: for gigbit you will need a quad core i5+ or ryzen sr3+ with intel lan cards doing 250/20 with a core 2 with 4gb ram with squid+squidguard with an issue. I am the only user. used hardware when you upgrade is a good choice for a router Lol what!? 100Mbps WAN through VPN needs an i5? You have no idea what you are talking about. You need at least a passively cooled celeron  ::). J3355B will do the trick for $55.

Cisco SG300-20 Don't know about retail or used-place prices though.

@VAMike: @RazorUK: I was a little concerned on the PSU as well, but saw in this thread https://forum.pfsense.org/index.php?topic=127757.msg707310#msg707310 someone else using that same power unit. Oh, I'm sure it will work, just in the worst case under sustained load the power brick might melt. Yeah, we definitely don't want that! I'll just step the power supply up a level or two.

@mattlach: I did wind up going with AES-256-CBC and SHA256 just because I could as my router is overkill, but honestly, I didn't notice much (any?) CPU load difference between the two, so might as well use the stronger one, even if it might not be necessary. Anyway, with AES-256-CBC and SHA256, loading up the connection in one direction (it peaks at about 135Mbit, due to my traffic shaping rules) I only get about 9-10% load on the CPU.  So, under a theoretical full load in both directions I ought to hit 18-20% somewhere. I'm glad to have some room to grow should anything change, but this little i3-7100 has definitely outperformed my expectations. @whosmatt: I also use AES-256 and SHA256 on my PIA tunnels and have never noticed a tangible performance difference between the two.    I'm still on AES-128 and SHA1 on my personal OpenVPN server, mostly because I set it up that way years ago and haven't felt the need to change.  SHA1 is approaching deprecation anyhow as far as I'm aware.  Anyway, thanks for the update. I should follow up with the fact that since my initial tests (just speedtest.net) I have succeeded in getting the CPU load up much higher. I was under the impression that OpenVPN CPU load was really just dependent on raw throughput, but that doesn't seem to be the case,  More connections at the same bandwidth use more CPU it would seem. Downloaded a new Ubuntu ISO today using rtorrent, which resulted in downstream maxed, and a little upstream.  This was about 38% CPU on the router.  Still very respectable, but I wanted to update you guys in case someone takes my earlier results too seriously.

In pfSense any interface can be either an external or internal interface. It only depends on whether you set a gateway on that interface. Only the LAN interface has any firewall rules on it by default. That is to make it easier to get started. All other interfaces will block all traffic by default. I'm sure you can use em4 to connect to the gui for management if you wish you simply need to add a firewall rule on that interface to allow it. Steve

No't need to "reinstall" Shutdown –> Replace --> Power ON --> Reassign

@kejianshi: I think the Netgate SG-1000 is just ok.  Pfsense needs 2 or more processors really.  something like the Netgate SG-1000 with 1gb ram or more and with 4 cores would be really nice, but attention needs to be paid to the throughput that the NICs are capable of. Yep, this is right and there will be some or later a second device from Netgate. Netgate R1 Other device would also matching well for pfSense as a target and they will also be powerful enough too as I see it right. ClearFog SolidRun Base & Pro Turris Omnia

Excellent suggestion. Thanks, everyone, for the replies.  Most helpful! –cro

@Larrikin: What does the title of this thread say?  :) It's a bit of an understatement.  I think what people are trying to tell you is that there is no scenario where your hardware choices for a pfSense appliance make sense to any of us.  Of course you can build a system that outclasses the SG-4860 (or nearly any device you can buy off the shelf) as far as raw performance is concerned.  You could have done that for probably 1/4 of what you spent. If you want to actually put your hardware to some good use (rather than it sitting more than 90% idle nearly 100% of the time) consider running a hypervisor on it.  You could have pfSense + an entire home lab's worth of other VMs running with no performance penalty to pfSense.

I've been testing pfSense throughput vs some GNU/Linux router distros, and the results are a little shocking, TBH. Please try out iPerf from client to server and set it up to use 8 streams or more, then you will perhaps seeing other results and you may get other numbers, because the LAN line will be saturated. I love the features of pfSense, but that's one hell of a performance tax we're paying for them :( As above told, the hardware requirements for reaching 1 GBit/s at the WAN are given by the pfSense team shown under the link named some posts above by me, so there will be not really a need to complain about, because the APU is only serving ~1.0GHz at the CPU and > 2.0GHz are needed. For sure in the near future this can be really differ, by using multi-core CPU for the igb(4) driver, the entire pfSense system it self and perhaps more or less one of the forwarding (netmap-fwd, try-fwd, fast-fwd) methods that can change this.

I think you need to investigate 4G-LTE modem speeds on pfSense&FreeBSD, They are not so fast. Plus beyond speed lacking I think you need to consider -How is your cell provider going to like you sharing service with many clients in a commercial setting? I use a handful of client machines behind my mobile broadband but I hesitate recommending it for a business setting. I would consider Sierra LS450 the fastest cellular solution. A business solution you can tie into your pfSense HA configuration. https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/ Cradlepoint makes a cheaper business model which works good too. https://business.verizonwireless.com/content/b2b/en/solutions/cradlepoint.html

Perhaps… just remove the nvidia card? I see no reason to install a consumer hardware on a server. If this is about the dvi kvm use an adapter or the vga port on the console. You have the idrac, serial port, ssh, webgui, to be honest you won't spend too much time on the pfsense screen once is running.

Try use SATA HDD + SATA/IDE converter (3$) from ebay. This is best choice in any time.

The T520-SO-CR was plug and play on my system. I powered down pfSense, installed the card, fired up pfSense, reassigned the LAN to one of the SFP+ ports on the card and everything worked. Couldn't be any happier. Good luck.

I was able to make it work by doing the following; At boot press option 3 enter  set kern.cam.boot_delay="10000" press enter then boot press enter Everything installed correctly. P.S. Installation was done through usb port, that's why the extended boot delay.

To anyone who might be following this topic, the upgrade to version 2.3.4 resolved the beeping problem. Nobody could explain why it was beeping, but it's gone after the upgrade.