There is still an advantage to putting the value in loader.conf.local, however. If the hardware requires more mbufs to properly initialize at boot time, it may not be able to do so if you have only set the value as a tunable. If the problem is that the usage increases with load after boot time, then it is OK to use a tunable.

Hi Anicholas.

There is some overhead when adding more VPNs but it's more about the total amount of encrypted/decrypted traffic. It's also dependent on what encryption algorithm you are using and what type of traffic you're encrypting so it's hard to give a direct answer here.
Generally IPSec will give higher throughput than OpenVPN so if the load was spread evenly it woukd pass more. You can get a lot higher throughput over IPSec if you're able to use AES-GCM which takes advantage on the AES-NI hardware in the SG-2440.

As a very rough guide I would expect to see at least 100Mbps total VPN throughput (probably more) but it's not clear how that would divide. If each tunnel is only passing a few Mbps then I wouldn't expect any issues.

Steve

Thank you for the info on the actual cause.

If people would just do some learning and understand how a capacitor is made and what it does, they would
understand that most electronic failures are due to bad capacitors.

But beyond knowing the specifics, most people know they simply accumulate and release energy/power/voltage.
So, it is like a tiny battery.
Heat is not good for batteries, why should it be for caps?
Batteries don't last forever, why should caps?

@dreamslacker:

@Limbi:

It is anecdotal the 10°C drops in temperature thing, I don't know a paper that can prove this claim. Anyway, it is mostly correct.

Actually, there is a basis for it based on evaporation rate of electrolytes based on temperature. For polymer types, this is related to shrinkage of the polymer.

Most of the major manufacturers do have formulas for calculating the target lifespan and the 10 degree rule factors into the formulas.

For polymers, this is a much greater factor. E.g. For Fujitsu FP-CAPs, the first 10'C drop is 3x, the next 10'C drop changes the lifespan to 10x.

@demannu:

@jalyst:

Ugh, so annoying that our NBN turned into such a political basket-case, if it hadn't, a large chunk of us would be having FTTH by now, instead of the BS "mixed services" approach we're now lumped with. Which was promised to be much faster to roll-out, & much cheaper, it has been a total fail in that regard, so why the hell didn't they just go FTTH all the way (for the most built-up areas only ofc).

Hah, yeah I heard about it all going belly up over there and it turning to "fibre to the node" instead.. what a rubbish idea..

Friend of mine living in Melbourne is a bit of a conspirator and reckons Murdoch had a lot to do with it because he was worried about streamers and didn't want his empire to come crashing down around him.

No one to blame but Liberal's Tony Abbott & his inner cohort, & their extreme opposition to everything while in opposition, worked masterfully for a while & helped his star to rise, but that whole style/approach came back to haunt him, & was ultimately his demise. And the more moderate Liberal Malcolm Turnbull just had to run with it all, & run with it he did, by birthing what TA initially conceptualised, a highly flawed system that will actually cost us more in the long run (despite their rhetoric), when we find we have to re-upgrade large sections.

But we digress, sorry.

The CRT and PSV values are thresholds at which the system will use passive or critical cooling (e.g. throttling the fan down/off or higher). The .temperature OIDs are the sensor values. If they are not correct, blame the BIOS/ACPI :-)

Since you have tz 0 and 1, that means there are two thermal sensors on there, but you'd have to check the board specs or BIOS to see which is which. I imagine one is the CPU and the other is a sensor elsewhere on the board. It is suspicious that they never appear to change temperature.

Depending on your CPU type/board, the amdtemp or coretemp kernel module might get better info.

@stephenw10:

Almost certainly fine then. That review is recent it's hard to imagine anything has changed in that time.

But it still might have.  ;)

Steve

Thanks.

@stephenw10:

For use in the host OS I assume. You realise there are no 802.11AC cards that will work in pfSense?

Steve

Hi Steve,

yes firstly I will use it in Server 2016. So do anyone know a AC PCIe card which is able to host an AP?

Regards

I'll post the outputs of those commands in a day or two when I have some time, in the meantime I have tried everything in this thread:

https://forum.pfsense.org/index.php?topic=106813.msg599061#msg599061

and this one:

https://forum.pfsense.org/index.php?topic=101689.0

To paraphrase… Tried the binary of the driver available for download in the second thread, tried compiling my own binary using the source from Intel's site and a FreeBSD 10.3 machine, tried several 2.3.x snapshots of pfsense, along with the 2.4 version snapshot.  Nothing works with this NIC.  Tried resetting the BIOS to factory defaults, still nothing.

But again, ipfire works fine (I am using it in the network from which I am making this post) so I know the hardware/BIOS/etc on the motherboard works.

Unfortunately given the age that all those units are it's very likely to be a component failure.  :(
Both my x700s no longer boot.

Time to move on. They likely won't be supported in 2.4 anyway.

Steve

I like this on because it has a Braswell Quad Core N3150 processor that I think has AES instructions so vpn access speed is far superior. Also to the UK it will be cheaper for me.

Hi jahonix and johnkeates. Thank you for your support.

It is already working now. :) :D :D

Unless you need to build something that's not ready-to-go from the store, it makes not a lot of sense (pun intended) to not buy a product from pfSense/Netgate.

If you have a special case, like, you are re-using what you have, or you need something even bigger than the biggest they have, or maybe you want something that's super cheap (but also performs like shit), then sure, making something yourself makes sense.

You can maybe shave off a few bucks when you try to duplicate what's in the store already, but you're basically saving a tiny amount of money and pfSense gets nothing. The software is free, yes, but buying "known good" hardware from the store is good for you and good for pfSense. They are not overpriced or low quality either, and the free support incidents you get to use are not a bad deal either.

I know it all sounds a bit 'buy stuff!'-advertisement-ish, but I don't work for pfSense or Netgate or ADI or whoever is involved. I'm just slightly worried about the current state of monetary support for pfSense. It's been a great open source project, and free software is all fine and dandy, but they are moving into the prosumer/pro space, and at this quality level you're going to need a commercial-sized cashflow to keep things going and grow. Of course, pfSense's community is a real thing too, and trying to 'make' people buy stuff never works out for anyone. That said, if you really like the project/software/people-spending-time-on-it, maybe get pfSense Gold, even if just for the autoconfigbackup. It's cheap compared to commercial equivalents yet supports the project.

Now back to your topic: instead of duplicating/cloning this build, you may be better off trying to set specs/budget and select parts on that. If you get a mobo where FreeBSD is known to run great on, the rest is somewhat easy. Some motherboards (hell, many!) have bad/broken firmwares and are a PITA to get a working FreeBSD bootloader/kernel working on. There is a FreeBSD HCL somewhere on their wiki you can try, but if you want to be on the safe side, just get a previous-gen board with CSM support in the EFI, then you'll have a really good chance it'll work fine.

Use your backup (you make periodic backups, right?) with a new install to get back to working order. Alternatively, read the config off the storage medium using a computer, and recover the config.xml from that, and then reinstall using that config.

@RussellB:

I think the PCI bus on the GA-J1900N-D3V is too limited for a gigabit connection.

No surprise that PCI doesn't have the bandwidth for gigabit, never mind dual gigabit on the same bus!  But you still have that mini-PCIe socket which could prove useful using something like this: http://www.ebay.com/itm/Mini-PCI-E-to-PCI-E-Express-1X-USB-Riser-Card-with-FFC-Cable-Up-to-2-5Gpbs-/262289991565
Combined with a cheap server-class dual Intel NIC which seem to be quite cheap on eBay these days, I'd bet your throughput would be significantly improved.

Just thought I would update this.

The box with PFSense installed is still running strong and VERY low usage.  I've installed SquidGuard on it and I have using NZB files I am consistently hitting my 30mbps limit on the internet connection.

Overall for the pittance I paid for the hardware, I'm very pleased with both the hardware and PFSense.

Thank you

@jimp:

If you're referring to Netgate vs pfSense store the BIOS is the same either way (depends on the board)

Yep, this is what I was asking about. I have 4860s from both sides. Thanks Jim.

Thanks guys, perfect answers. 8)

Yes you can do that.  Yes you can do that via a vm.  As long as your switch supports vlans it will not be an issue.  Unless your understanding of vlans and how tags work is limited.  Then yeah might as well be trying to do brain surgery after taking a cpr class ;)

And wich you think is the better configuracion for this purpose? only one interfaz coneected to a DMZ net? Any reference or tutorial for those?