Hi Anicholas. There is some overhead when adding more VPNs but it's more about the total amount of encrypted/decrypted traffic. It's also dependent on what encryption algorithm you are using and what type of traffic you're encrypting so it's hard to give a direct answer here. Generally IPSec will give higher throughput than OpenVPN so if the load was spread evenly it woukd pass more. You can get a lot higher throughput over IPSec if you're able to use AES-GCM which takes advantage on the AES-NI hardware in the SG-2440. As a very rough guide I would expect to see at least 100Mbps total VPN throughput (probably more) but it's not clear how that would divide. If each tunnel is only passing a few Mbps then I wouldn't expect any issues. Steve

Thank you for the info on the actual cause. If people would just do some learning and understand how a capacitor is made and what it does, they would understand that most electronic failures are due to bad capacitors. But beyond knowing the specifics, most people know they simply accumulate and release energy/power/voltage. So, it is like a tiny battery. Heat is not good for batteries, why should it be for caps? Batteries don't last forever, why should caps? @dreamslacker: @Limbi: It is anecdotal the 10°C drops in temperature thing, I don't know a paper that can prove this claim. Anyway, it is mostly correct. Actually, there is a basis for it based on evaporation rate of electrolytes based on temperature. For polymer types, this is related to shrinkage of the polymer. Most of the major manufacturers do have formulas for calculating the target lifespan and the 10 degree rule factors into the formulas. For polymers, this is a much greater factor. E.g. For Fujitsu FP-CAPs, the first 10'C drop is 3x, the next 10'C drop changes the lifespan to 10x.

@demannu: @jalyst: Ugh, so annoying that our NBN turned into such a political basket-case, if it hadn't, a large chunk of us would be having FTTH by now, instead of the BS "mixed services" approach we're now lumped with. Which was promised to be much faster to roll-out, & much cheaper, it has been a total fail in that regard, so why the hell didn't they just go FTTH all the way (for the most built-up areas only ofc). Hah, yeah I heard about it all going belly up over there and it turning to "fibre to the node" instead.. what a rubbish idea.. Friend of mine living in Melbourne is a bit of a conspirator and reckons Murdoch had a lot to do with it because he was worried about streamers and didn't want his empire to come crashing down around him. No one to blame but Liberal's Tony Abbott & his inner cohort, & their extreme opposition to everything while in opposition, worked masterfully for a while & helped his star to rise, but that whole style/approach came back to haunt him, & was ultimately his demise. And the more moderate Liberal Malcolm Turnbull just had to run with it all, & run with it he did, by birthing what TA initially conceptualised, a highly flawed system that will actually cost us more in the long run (despite their rhetoric), when we find we have to re-upgrade large sections. But we digress, sorry.

The CRT and PSV values are thresholds at which the system will use passive or critical cooling (e.g. throttling the fan down/off or higher). The .temperature OIDs are the sensor values. If they are not correct, blame the BIOS/ACPI :-) Since you have tz 0 and 1, that means there are two thermal sensors on there, but you'd have to check the board specs or BIOS to see which is which. I imagine one is the CPU and the other is a sensor elsewhere on the board. It is suspicious that they never appear to change temperature. Depending on your CPU type/board, the amdtemp or coretemp kernel module might get better info.

@stephenw10: Almost certainly fine then. That review is recent it's hard to imagine anything has changed in that time. But it still might have.  ;) Steve Thanks.

@stephenw10: For use in the host OS I assume. You realise there are no 802.11AC cards that will work in pfSense? Steve Hi Steve, yes firstly I will use it in Server 2016. So do anyone know a AC PCIe card which is able to host an AP? Regards

I'll post the outputs of those commands in a day or two when I have some time, in the meantime I have tried everything in this thread: https://forum.pfsense.org/index.php?topic=106813.msg599061#msg599061 and this one: https://forum.pfsense.org/index.php?topic=101689.0 To paraphrase… Tried the binary of the driver available for download in the second thread, tried compiling my own binary using the source from Intel's site and a FreeBSD 10.3 machine, tried several 2.3.x snapshots of pfsense, along with the 2.4 version snapshot.  Nothing works with this NIC.  Tried resetting the BIOS to factory defaults, still nothing. But again, ipfire works fine (I am using it in the network from which I am making this post) so I know the hardware/BIOS/etc on the motherboard works.

Unfortunately given the age that all those units are it's very likely to be a component failure.  :( Both my x700s no longer boot. Time to move on. They likely won't be supported in 2.4 anyway. Steve

I like this on because it has a Braswell Quad Core N3150 processor that I think has AES instructions so vpn access speed is far superior. Also to the UK it will be cheaper for me.

Hi jahonix and johnkeates. Thank you for your support. It is already working now. :) :D :D

Unless you need to build something that's not ready-to-go from the store, it makes not a lot of sense (pun intended) to not buy a product from pfSense/Netgate. If you have a special case, like, you are re-using what you have, or you need something even bigger than the biggest they have, or maybe you want something that's super cheap (but also performs like shit), then sure, making something yourself makes sense. You can maybe shave off a few bucks when you try to duplicate what's in the store already, but you're basically saving a tiny amount of money and pfSense gets nothing. The software is free, yes, but buying "known good" hardware from the store is good for you and good for pfSense. They are not overpriced or low quality either, and the free support incidents you get to use are not a bad deal either. I know it all sounds a bit 'buy stuff!'-advertisement-ish, but I don't work for pfSense or Netgate or ADI or whoever is involved. I'm just slightly worried about the current state of monetary support for pfSense. It's been a great open source project, and free software is all fine and dandy, but they are moving into the prosumer/pro space, and at this quality level you're going to need a commercial-sized cashflow to keep things going and grow. Of course, pfSense's community is a real thing too, and trying to 'make' people buy stuff never works out for anyone. That said, if you really like the project/software/people-spending-time-on-it, maybe get pfSense Gold, even if just for the autoconfigbackup. It's cheap compared to commercial equivalents yet supports the project. Now back to your topic: instead of duplicating/cloning this build, you may be better off trying to set specs/budget and select parts on that. If you get a mobo where FreeBSD is known to run great on, the rest is somewhat easy. Some motherboards (hell, many!) have bad/broken firmwares and are a PITA to get a working FreeBSD bootloader/kernel working on. There is a FreeBSD HCL somewhere on their wiki you can try, but if you want to be on the safe side, just get a previous-gen board with CSM support in the EFI, then you'll have a really good chance it'll work fine.

Use your backup (you make periodic backups, right?) with a new install to get back to working order. Alternatively, read the config off the storage medium using a computer, and recover the config.xml from that, and then reinstall using that config.

@RussellB: I think the PCI bus on the GA-J1900N-D3V is too limited for a gigabit connection. No surprise that PCI doesn't have the bandwidth for gigabit, never mind dual gigabit on the same bus!  But you still have that mini-PCIe socket which could prove useful using something like this: http://www.ebay.com/itm/Mini-PCI-E-to-PCI-E-Express-1X-USB-Riser-Card-with-FFC-Cable-Up-to-2-5Gpbs-/262289991565 Combined with a cheap server-class dual Intel NIC which seem to be quite cheap on eBay these days, I'd bet your throughput would be significantly improved.

Just thought I would update this. The box with PFSense installed is still running strong and VERY low usage.  I've installed SquidGuard on it and I have using NZB files I am consistently hitting my 30mbps limit on the internet connection. Overall for the pittance I paid for the hardware, I'm very pleased with both the hardware and PFSense. Thank you

@jimp: If you're referring to Netgate vs pfSense store the BIOS is the same either way (depends on the board) Yep, this is what I was asking about. I have 4860s from both sides. Thanks Jim.

Thanks guys, perfect answers. 8)

Yes you can do that.  Yes you can do that via a vm.  As long as your switch supports vlans it will not be an issue.  Unless your understanding of vlans and how tags work is limited.  Then yeah might as well be trying to do brain surgery after taking a cpr class ;)

And wich you think is the better configuracion for this purpose? only one interfaz coneected to a DMZ net? Any reference or tutorial for those?

2U case (Rosewill?  Aren't too many good manufacturers out there). CPU:  Intel Xeon (Haswell) quad core @ 3.1GHz. Mobo:  Some SuperMicro server motherboard.  4 Intel i250 Gigabit NICs.  Separate IPMI port. RAM:  16 GB ECC Kingston DDR3 (Japanese Elpida chips). Storage:  64GB Crucial SSD I had lying around. PSU: Seasonic 80+ Gold.  Can't remember the output. With that hardware you will be able to use pfSense as a full UTM device! With Snort, Squid, ClamAV and pfBlocker-NG. To this day, it's been overkill for my home setup.  The 16 GB of RAM isn't even close to touched.  The CPU isn't even close to utilized.  The machine idles at maybe 50W, possibly due to the case fans.  I'd like something that barely sips power (<10 Watts) and maybe go with fanless.  The 2U case is too big: I'd rather go with 1U next time or even a SOHO sized unit like the 4860 that isn't rack-mount.  It's hard to DIY for 1U unless you buy the case and mobo together (Supermicro?  Dell?) high up the mbuf size to 1000000 increase the amount of RAM for Squid if it is in use set more RAM for RAM disks if in usage Hold that machine and after a longer time you will be the lucky one of us! To be fair, I haven't really fine tuned Snort or done much more basic firewalling and pfBlocker with lots of rules for malware C&C blocking (and Spamhaus DROP, Abuse.ch, and other IP block lists).  I just enabled FreeRADIUS for a WPA2-Enterprise EAP-TLS setup. What about Squid & SquidGuard or Dansguardian and ClamAV and Snort? I plan on building or buying a lower power rig and migrating to that hardware.  The 4860 in the pfSense Store looks nice and has 6 ports, which would come in handy so I can have separate DMZ and Internal Server zones, WAN, LAN, Guest Wi-Fi, Dev/Test zone, etc. Please search first the forum for reaching full GBit/s over PPPoE if you use it! But the unit looks fine for me. Here is another one for ~$700 (Supermicro SYS-E300-D8) But I don't need that much CPU or RAM.  Until the day I get Google Fiber as well as have some kids or something. A powerful CPU able to drive pfSense as a full UTM and much RAM likes 8 GB or 16 GB will be not a bad thing as I see it right it is more for long time usage and installing more packets if wished or needed in some days and if electric power is cheap where you are living it may be a real gain to go a long time period with that set up! $700 : 120 month = ~$6 a month for a full UTM device is a really cheap price in my eyes!