@ozlecz:

thanks….may i know what ipmi can do with pfsense

Can't you use the port for a KVM over IP.

ftp://ftp.supermicro.com/CDR-X8_1.22_for_Intel_X8_platform/MANUALS/Embedded_BMC_IPMI_User's_Guide.pdf

Best of luck althoug I doubt you'll need it ;)

Attached a screen of our internal C2758. I was running a linespeed test via the openVPN tunnel and at the same time another test via WAN (on a slow device and against a host that wasn't up for 1gbps throughput, otherwise WAN would be much higher).

The slow openVPN isn't the C2758 at fault but the other end, which is an pcEngines APU1(!) on a 100MBit/s line. As you see, CPU isn't a problem at all and even the APU1 could deliver around 40-50Mbps (but their CPU is stressed out then). The WAN I can bringt up to 900 and more MBit/s but I have yet to see CPU usage go over 20%. As the load shows, not even one core is maxed out.

c2758.png_thumb
c2758.png

All I was saying is, that it's nonsense to rant - and yeah for me your answers sounded a bit like rants - or vent about QAT or not or in which form or what devices it will be. If you read it again, my point is and was, that a device with a rangeley SOC will get the OP support for strong crypto even with OpenVPN. AEAD support IS coming with the next OpenVPN release that will surely make it into pfSense. There isn't much to argue that IMHO. Any further speedup in type of QAT is a nice addition to that, but in my findings at having a C2758 on an office line with a 1Gbps dark fiber, I get those speeds needed without stressing the SOC to its maximum.
Further I was talking that contrary to what Frank was telling above, OpenVPN does indeed utilize the AES-NI capabilities on a SOC that supports it. So both combined a C2558 or C2758 would be capable to run 100/100 encrypted if it has to without much problems AFAIK.

The "trash talk" comment was more with a bit of a blink and meant towards the - IMHO unnecessary discussion - if and when QAT will come to what form of pfSense whatsoever, as QAT is simply not needed to run 100MBit/s encrypted either via IPSec or OpenVPN. With IPSec Jim already wrote that they achieved almost line speed capabilities of 1Gbps on a C2758. So that speaks volumes to the terms of "is it enough" in my book.

Of course the topic of QAT itself is not unimportant or anything, I just wanted to point out it isn't needed here. If a device (or add on card) brings QAT to the table or not isn't really a game changer ATM. :)
Sorry for not being more clearly.

Not much info on that model but if it's anything like their larger devices it will have a separate data plane and control plane. Almost certainly not going to be any use as a pfSense target even if it was x86 compatible and you were able to install it. The data plane will be ASICs and other uncontrollable hardware. Sorry.

Steve

Hi Gen,

Any update on what model did you use?

Just that one.

hey … Same problem for me but on a machine that has no remote / shared storage, only a local RAID

For the moment I changed my LSI controller type from LSI Logic Parallel to SAS .. :)

It's quite strange though .. all my other VMs on the same host (not based on FreeBSD) dont report a problem with storage :s

Also, I'm keeping another PfSense running on this host with the LSI Logic Parallel controller if it can help diagnose something

@gbl88:

I will be purchasing a few HP NC360T nics to compensate.
These cards are pcie x1 but from my understanding they will fit in the x16 slots just fine and operate as intended.

Actually, they're PCIe x4, but they do work in x16 slots just fine.  I have one in my build in an x16 (physical, x4 electrically) slot and it works perfectly.

@VAMike:

@qwaven:

@VAMike:

@qwaven:

1. Connection is PPPoE over fiber

Then you're screwed. You'll need more hardware or beg your provider to provide a straight connection without pppoe.

What do you mean by that?

PPPoE introduces a good bit of overhead, and your hardware isn't beefy enough to deal with that at 1gbps. I continue to be amazed that anybody is still deploying PPPoE.

Is there any recommended hardware minimum that I should aim for?

Cheers!

I'm planning to setup a failover via a 3G stick.
The first step was to configure it and let the USB modem in test phase for a while.
I'm experiencing the exact same issue… Every 2 or 3 days (sometimes just 1), the connection is dropped and the /dev/cuaUx is changed... :-(
Is there a way to force the modem to be reachable always via the same device?

/x

alright didn't realise the VPN throughput would be too great with a j1900 cpu, my network connection is around 100mb at the moment but i will probably increase. i normally use IPEC VPN not tried OpenVPN but i think i'll be aiming for more powerful CPU.

Thank you for all the great answers! I will contemplate this and make a decision.

It's MIPS, so no.

The problem is the output from the 4860 isn't straight serial. It's actually a USB to Serial adapter. Most things you'd see like a multi-port serial console aggregation style box wouldn't work.

You will need to connect to to something with a USB port and the serial drivers, plus a terminal program. As has been mentioned, it would be trivial to cook something like that up with a Pi where you have a monitor/keyboard hooked to the Pi and leave it running screen latched onto the serial port all the time. Most current distros of Linux/BSD/Windows have the drivers built in.

@BlueKobold:

Has anybody tested any other cards? I've seen some of the intel cards for considerably cheaper.

Please have a closer look to that supported hardware list to find a card matching to your criteria or fitting your needs.

Thanks but that is why I specifically was asking for cards folks have confirmed work. Being supported is one thing, working in real life is another. That being said, I just picked up a cheaper Intel card that should be supported on ebay.

@balubeto:

Hi

I'm looking for some appliances with pfSense 64 bit which works both as a firewall that voice (VoIP and ToIP) gateway.

Thanks

Bye

I would more suggest to go with a Asterisk or FreePBY on a Raspberry PI 3.0 inside of the DMZ.
Other wise it might be a good starting point to watch this HowTo´s first to get rid of your problem.
pfSense - Asterisk
PBX VOIP HowTo

@crimsonskyzs:

Will a realtek NIC suffice for the WAN segment or is it best to pretend it doesn't exist? XD (my WAN is going to be 100/100 or 150/150)
I suppose our answer would just come down to trying both setups and benchmarking. One drawback I am foreseeing is, according to the statement below, increased interrupt handling would result in high CPU utilization and thus higher power usage.

For just 150Mbps the Realtek will be fine.

Sounds logical to me, but what do I know ;D

Anyways, I appreciate the effort!