realtek were problematic for me using FreeBSD 9.3 on intel haswell generation hardware. I found with offloading enabled tcp would misbehave, speed's did not ramp up properly etc.  It was fine with offloading disabled. Otherwise it will work but wont handle as high workloads as intel cards, this is not necessarily due to the hardware but simply the drivers lacking multiple features that help the intel cards, one of the most important been interrupt moderation. I cannot say if things have improved with FreeBSD 10 and 11, as I added a intel card to the realtek machine and all my other server's use intel already.

@BlueKobold: You are mixing here some information´s I think, the J1900 comes without AES-NI and this is actual only speeding up IPsec so if you are using IPsec it should be better there as an option, or if later OpenVPN 2.4 is joining into pfSense perhaps it might be also speeding up the OpenVPN part. I don't understand why you keep saying this: the current version of OpenVPN does use AES-NI and does run faster on CPUs with AES-NI. OpenVPN 2.4 enables AES GCM mode, which is even faster with AES-NI, but the current AES CBC mode does already use AES-NI via OpenSSL.

Sounds silly but I actually carry one of these around with me https://www.scan.co.uk/products/8-port-tp-link-tl-sg108e-gigabit-easysmart-network-switch-10-100-1000mbps-managed-for-small-medium-b so I can stick port mirroring to sniff problem links with wireshark on my laptop; works reasonably well and does all the L2 functions such as tagging I will disclaim that I've never tried to leave it in situ as a primary access switch but at the same time it's never given me any trouble.

The CM600 is a pure modem without any routing capabilities you may use it without any SPI/NAT and your home network will be directly connected to the Internet, so there should be a device that is doing SPI/NAT. What is the correct Internet connection speed your ISP is serving you?  If you connect a pfSense box and a small LAN Switch either Layer2 or Layer3 such the Cisco SG (200 or 300) series is offering at the market. So you could set up or route VLANs with or without the usage of the pfSense box like you need it or be able to pay it.

That's exactly how I've done it previously, though not with the re driver. Looks to be loading correctly to me. What was the reason for doing that? Steve

These things are perfect for our redundant T1 lines. Check sig.

thanks. i want to Run Squid on this. Then I would go with a mSATA or the M.2 solution.

The cpu supports AES-NI  ;D, i can get an SSD drive If we talk about this CPU here (Intel CPU Core i5-650 BOX 3,2GHz S.1156 4MB Clarkdale) it would be stronger then the smaller 4 core cpu or SoC in the APU2C4. The SSD could be a real gain for pfSense! and from what i can see the NIC is listed on the bay as the following but the seller states its only for an IBM server?? Don´t buy it please, there where in the past some models needed to be flashed with another BIOS or Firmware file and this was able to realize at all models so if you are the lucky one it can be a cheap shot, but if not, you gets only your hands on something that can not be really used under pfSense! So a refurbished Intel Pro/1000 PT Dual or Quad Port NIC is able to get from ebay.com in the USA for something around ~$50 and a used cool server pulled Intel i350-T4 will be at ~$120. But this are then cards you will be happy with and they do what you need and want from them! 45W1959 IBM OEM Intel PRO 1000 PT Quad Port PCIE GIGABIT Ethernet Server NIC Intel Pro/1000 PT Dual or Quad Port NIC! Please trust my words! Intel PT NICs on eBay.com They are often not more expensive then ~$40 - $50 but working like a charm under pfSense. Intel i350-T4 starting at ~$55 and really nice! If I was to add these parts would it perform better than say an APU2C4? If you get no  BIOS Problem it would be really more strong and powerful then the APU2C4 Board for sure! I only ask, as once i purchase these additonal parts its already added to 50% of the price of an APU2C4? Be cool, with 8 GB and a 3,2GHz CPU there is nothing that you might be not realizing under pfSense, all is running for you! Here are two other boards that will be also nice matching to your criteria: Jetway NF952-Q170 best ASUS Q87T budget With this you will be getting mSATA Support and a free slot for a miniPCIe WiFI card, many Intel GB LAN Ports on Board or a real PCI 3.0 x4 Slot for good and strong NICs. Both will be holding also between 8 GB and 16 GB and you will be also sized to mini-ITX.

Yeah what's up with you running public IP space behind private IP space?  I've never seen that before for a normal ISP connection.

How many watts does your am1 draw?

That value coems from the same place if the coretemp driver is in use. I would suggest that there may have been some BIOS change. Perhaps the BIOS battery has gone flat on that one system and it's gone back to default settings? It's hard to explain what the difference might be but you should see the coretemp driver attaching to the hardware in the boot log. Check for differences between the systems in the log. Steve

Dell PowerEdge R210 II Rack 1U Server Intel Xeon E3-1230 16GB  for $300. Plus a SSD, perhaps plus an Intel i340-T4 or i350-t4 or perhaps an Intel Pro/1000 PT quad port NIC and all will be fine for you to run a big and strong pfSense appliance.

@IggyB: @messerchmidt: keep the ci323 for your pfsense and build a proper bare metal freenas box with ecc ram - xeon d and atom with ecc are fine, if not overkill, for those thanks for suggestion, sounds like the right step. i want to give ci323 another chance, i would like to try realtek's driver from their website and have started a new threat asking how to do it. ci323 is giving me random "stalls" on network. not sure if it's package related or driver that comes with freebsd/pfsense http://mobiletiger.jorba.de/vmware-esxi-6-0-n3150-itx-intel-celeron-braswell-platform-problem-solved/    <-vmware on the ci323

Thanks!  I ended up buying an HP card yesterday that I'm pretty sure is the 4-port version of the one you suggested.  I'm going to start off with a flash-based build for now, and only install to a hard drive if I feel the need down the road.

Time Machine uses Apple File Protocol & Bonjour AKA mDNS in finder is the name changing of your TM drive i.e. Backup Drive (2) ? Maybe try deleting the password that would be stored in the Keychain on the Mac for the drive. I had a WD my Cloud a few years ago and to be honest I wasn't too impressed. I use Carbon Copy Cloner with a directly attacked drive that I swap monthly and I also backup to a Time-Capsule via Time Machine with no issues.

@abpostelnicu: My main concern comes at point 1, the motherboard that has an Atom 2758F cpu with 8 cores, but as far as i understand pfSense does the PPPoE encapsulation on a singe thread and i'm not sure i will be able to achieve the current speeds UP/DW 950Mbps. 2758 is the wrong platform, it has many slow cores and you need single thread performance. I'd personally look at something along the lines of an i3-6100; that is, >3.5GHz, core count doesn't really matter much. That platform should manage >500Mbps OpenVPN, but I haven't tested one to see what the exact limit is (maybe 700-800?). If money is no object you can jump into the i7 or e3 ranges, just remember that clock rate is more important for this application than core count is. If you do go to a 4 core i7/e3 you may improve ipsec performance but it won't make much difference for openvpn unless you run multiple openvpn server instances. You could look at the d series, but you'll be paying for a 10Gbps interface you're not using, they're not clocked particularly high, you won't get the crypto improvements from the skylake architecture, and will probably spend more in the end than an i or e series for no benefit in your use case.

@tzidore: Hi I have setup a full production environment on a netgate xg-2758 and are now testing my 10 GbE interfaces and are getting these disappointing results. [  6] local 172.16.2.110 port 42103 connected with 172.16.2.1 port 5001        [ ID] Interval      Transfer    Bandwidth                                    [  6]  0.0-10.0 sec  425 MBytes  357 Mbits/sec Any ideas? Why this low on a 10 GbE interface? In my experience iperf on pfSense is a poor test of performance.  I always get low numbers if pfSense is either the iperf server or client.  If you have the hardware, test between 2 LAN segments (for routing performance) or LAN/WAN (for NAT performance) with machines that also have 10GbE interfaces.

Thanks for all the great replies.  It seems I need to get a Xeon E3-12xx system for max performance and minimal power usage. As an aside, thanks to "stephenw10" for pointing out an issue with my existing IPSec configuration.  After switching from Blowfish to AES128-GCM on the connection ciphers, the connection speed went from 7MB/sec to ~ 11MB/sec with 50% CPU usage (50% usage on a single core on a 4-core system).  This means my existing box might be strong enough to handle much more IPSec traffic than I initially thought. The only side-affect I see now is high interrupts (120% and higher) on "hpet0".  Not sure if this is an IPSec issue or a hardware issue.

Use the console?