@mercer2 Super cool router that you bought. That is absolutely my dream router. Hows it been treating you? Did you get the speeds you were expecting?

It's only for a SIM card.

Those are not errors or even warnings. Those are messages from the boot log showing the timecounter hardware being detected/initialised:

Nov 10 10:41:17 kernel Timecounter "ARM MPCore Timecounter" frequency 12500000 Hz quality 1000 Nov 10 10:41:17 kernel Event timer "ARM MPCore Eventtimer" frequency 12500000 Hz quality 1000

Both the 1100 and 2100 show that as they share the same SoC.

Steve

Mmm, that does seem suspicious. I would normally expect a higher result when testing from a client behind the firewall. Unless that client itself is restricted.

You can see that in both cases no single core is maxed out. But when testing from the firewall directly the load created by iperf itself is larger than anything else.

@brad73435 said in Hardware upgrade question.:

can I use the saved configuration from the old system?

Yes. You can usually import the config and simply re-assign the interfaces but we can also convert the config for you to import directly if it's something more complex.

Steve

It didn't want to identify in my server so it got pulled and will try it in my desktop instead.

Does it actually fail to boot or does it just not show anything at the console?

What's confusing it is the EFI console for some reason. If you installed legacy it would probably boot fine.

It could be come conflict between the serial console and console redirect to the port. Hard to imagine what might have changed there though that wasn't at an upgrade.

@stephenw10 Did not see any jumpers close to where the 4 intpah interfaces are but this might take a while to get it working.

If you want to actually route 10Gbps, yes. I'd expect that CPU to reach something in the 3-4Gbps range. Perhaps that's enough for the times you need to connect between VLANs.

@stephenw10
Thank you very much.
I'll give it a try and let you know.

@stephenw10

All interesting stuff. 👍

☕️

Here is a version with 3 conditional LED adaptions.

#!/bin/sh check_current_states=$( pfctl -vvss | grep -e ', rule 84' -e '192.168.1.11' -e '192.168.1.15' ) res=1 resb=1 resc=1 case "$check_current_states" in *", rule 79"* ) res=0 ;; esac case "$check_current_states" in *192.168.1.11* ) resb=0 ;; esac case "$check_current_states" in *192.168.1.15* ) resc=0 ;; esac if [ $res = 0 ] && [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null elif [ $res = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null elif [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null else sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 50 >/dev/null fi if [ $resc = 0 ]; then sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 50 >/dev/null else sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null fi

@stephenw10 said in Would this be hardware enough for 1Gb fiber ?:

The current passed by Ethernet is very low, it should never get hot like that.

Perhaps you had Power-over-Ethernet configured?

ah, sry, it was computer that was hot, not the cable :) That computer is passively cooled.

I just wanted to give an update regarding achieving full throughput on 2.7 CE especially given the recent pfsense plus licensing debacle:

I was able to attain the full 23.5 Gbps throughput on 2.7 CE straight from a fresh install and the aforementioned enabling of the hardware offloads by enabling SR-IOV on the Proxmox host and passing into pfSense the virtual functions (virtual nics). In this situation, pfSense uses the iavf driver which is included in CE and precludes the need for if_ice.ko and ice_ddp.ko.

On a related note: I was able to hit 31 Gbps on pfSense through an e810-cam2 (which uses the same driver setup as the e823. Though I've only just started playing with this 100GbE nic, so 31 is the starting point.

@stephenw10 the best antenna must be hard to find :)

@stephenw10

Hi Steve,

THanks for all your help on this but im giving up. Ripped the card out and sticking with previous setup. Going setup a dev box to play with as trying to do this between meetings on Teams is not easys and there.

I am going to look at going down the wireguard route instead and keep openvpn just for the dialin stuff as I need it to use radius.

Thank you for resolving the issue. There are no issues with the system or hardware. It's my installation issue.

It still applies, it's fixed in 23.09-beta. If you can upgrade to Plus and then to beta it should work there.

It's broken in current CE versions at least until 2.8 snapshots become available.

Steve

Hello,

I've just completed setting up VLANs using a TL-SG105e switch. Despite encountering issues with the switch management software being accessible on every port within each VLAN, I found a solution. I created an additional VLAN called "LINK" with a subnet mask of /30 (in my case, 192.168.10/30) on my Netgate 1100 router. I didn't set up DHCP for this VLAN. The Netgate router was assigned 192.168.10.1, and the switch was given 192.168.10.2.

I'm not a network security expert, so I can't vouch for how secure this setup is, but at least it prevents unauthorized access to the switch admin panel. However, a drawback is that if you need to reconfigure something, you must temporarily expand the subnet mask to /29, assign an IP alias, make your changes, and then return to the "secure" settings.

@digitaladdictions Hello, I am facing the same problem. Did putting a switch between the ONT and Pf appliance fix the packet loss problem?