@bennyc: Seen those new black boxes recently at varia-store.com, prices in €, german distributor, who has +- normal prices compared with others. For that 2240 model, their webshop lists:  "Price: from 643,79 EUR excl. Shipping costs" rate today: USD/EUR 0,89 So you payed €488 (device+shipping) + €97 (20% tax) + €22 (bank fee), that equals about €608 incl. Shipping costs. (under the assumption you only payed once a bank fee, otherwise we need to add €25 (=$28, but not sure what you mean with your comments) Even with that 2nd fee added, you bought it cheaper than when through European retail store, but you had to cope with bank fee(s), extra tax, and of course the risk (unknown factor). Interesting. Device listing price: $353. What I payed in total: €492 Looks expensive, but don't forget that usually no tax is included in the listed prices in us shops. You only have to pay the tax for your country (where the package is imported to). The $28 were basically a buffer in case bank fees on their side occur. Not really a legitimate practice, but I did get $18 back later on. The €22 fee was the charge of my local bank for the bank check and currency change (many us companies do not provide international bank account numbers). PS: I did not find any EU reseller at time of ordering. But you are right: http://varia-store.com/Ready-Systems/pfSense/pfSense-SG-2440-Security-Gateway-Appliance::27988.html that's the same device. If the alrdy installed pfSense and the included support is important to you - that's maybe the better choice. PPS: It's possible to order the board only, thats about $100 cheaper, but the case is actually quite nice.

Hi guys, I have a "39Y6138" quad port pci card on an asus "p8h67-m pro" (latest BIOS installed) and the newest pfsense "2.2.2" only recognized two ports. I have tried many options at "/boot/loader.conf" (and "/boot/loader.conf.local" too) like: hint.agp.0.disabled=1 hw.pci.realloc_bars=1 Do you have another recommendation? Have you detected similar issue? Have you wokerd around? As I could check, there is information about FreeBSD/Debian has updated em(4) driver and it's used in the latests versions of pfsense. Thank you in advance. Best, @rofc

Your only option for an ADSL card is something like the Sangoma card which is in fact an ADSL router just on  PCI card. http://www.voipon.co.uk/sangoma-s519-p-1027.html I don't think I've ever seen anything for PCIe. And FYI PCI-X is not PCI express so that could easily cause confusion.  ;) Steve

I have tested a Trendnet TU-ETG 1.0, also based on the Asix GB chipset. It worked for my tests, but If you search, there is at least one report of asix GB adapters failing under load, or after running for a certain amount of time. I would suggest you test the adapter under load before putting it into production.

did you create the bootable usb stick correctly?

Interesting, I usually type 'exit' if that happens to get back to the menu. Could be you can enter anything there. I'll have to try it. I've only seen that happen if the console is connected after boot by the way. Steve

One more thing. I got the latest version of mbmon here: http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/ It is the file xmbmon-205_14.txz

Hardware should be fine. 4GB RAM is enough for most uses. No wireless AC cards are supported.  Get an external AP, you'll be much happier.

Hi guys, I plan to buy a Lanner 7573A. Any news about the i210 issues ? Does it works well on 2.2.X ? Thanks

Thx for Reply - Sounds good.

So basically I'm testing 2 scenarios 1.  WAN -> LAN (so receiving data)..  I max out at just over 750Mbps in this scenario.  The load is 1 CPU at 100% utilization (system), while the other is at around 60% (interrupt) 2.  LAN -> WAN (so pushing data)..  I max out at just over 800Mbps in this scenario.  The load is 1 CPU at 100% utilization (system), while the other is at around 20% (interrupt) I tried to do bi-directional using iperf 2 vs 3, and due to the load that 1 stream puts on the box, the other stream just sits idle. What I don't understand is the difference in interrupt processing in the two different scenarios. During this testing (I ran 10 minutes at a time using iperf 3) in both scenarios.  This was repeatable.  I was also monitoring the CPU frequency via sysctl during this, and it was jumping up to 2100 (turbo boost I guess?  as the CPU in this unit is a 1.74Ghz I believe). I also tested this by removing the pfSense box and just going direct to direct to ensure that the hardware I was utilizing was not a limitation and was getting over 940Mbps both directions (even bi-directional I was able to push/pull simultaneously above 900Mbps) So my guess is this is just the absolute limit of this processor..  For what I bought it for, this is fine, however it tells me that I need to buy a more powerful box for the other locations.

With the aesni.ko module loaded it's part of cryptodev. : openssl engine -t -c (cryptodev) BSD cryptodev engine [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]     [ available ] (rsax) RSAX engine support [RSA]     [ available ] (rdrand) Intel RDRAND engine [RAND]     [ available ] (dynamic) Dynamic engine loading support     [ unavailable ] OpenSSL on its own will find it and use it internally but that can be a bit more difficult to identify.

any news ?

Thanks :)

@messerchmidt: …run pfsense in a hyper-v vm on server 2012 r2... on a J1900 Celeron CPU? I want the same you had for breakfast.

@P3R: To hopefully save this thread from further abuse and personal attacks I'm leaving now. @jim1000, Good luck with your new switch, whatever it may be. Thanks for your help with this. See, even switches can get people upset and swinging at each other. Thanks for NAT and SPI, as it has undoubtedly saved lives.  Regardless, thanks for the advice that managed to sneak past the need to slug it out on important issues like these. A long time ago I thought about going out for a CCNA, but decided against it because I was too old to start a new career and it was overkill for just tinkering around the home network. Given that the CCNP has an entire exam on switches, I wonder how the tone would have changed if BGP or spanning tree issues got into the mix. Break out the weapons. Seriously, thanks for adding some light. My little V1 will do for now. Maybe I'll get another managed switch if I can find a good inexpensive used one on eBay or Amazon and it has decent reviews. Some of us have yet to build our first VLAN, even though we know, abstractly, what they are. I won't spend $200 - $300 just to split a signal.

Below is my experience with this issue. Should I use a system patch instead of editing the _rw/_ro functions in /etc/inc/config.lib.inc by hand? Is there a config toggle or better way? Should I leave /cf mounted sync, as that's where the conf/rrd/leases live? With the system on a UPS and the NanoBSD "backup partition" to fall back on, I'll take the usable performance. I have an embedded system (it's rebranded, not sure of exact model#) with a 2GB consumer CF card that ran 2.1.3 fine. Pulled the system out of storage recently and decided to do a clean 2.2.2 install; I booted an Ubuntu livecd and downloaded then wrote the x86 2GB embedded VGA pfSense 2.2.2 image to CF at ~7MB/sec. After getting it running, I tried to install some packages but it was taking ages. With iostat/dd/fetch, traced it down to the slow CF card, writing at 17-20KB/sec. Followed some booting tips to disable DMA, write caching and ACPI with no write-speed improvement. Had a poke at BIOS settings but nothing really jumped out. Fired up a FreeBSD 10.1R livecd and got good performance there, so it was back to poking pfSense… continued onto the second page of forum search results for "cf card" this time, which brings us here. [2.2.2-RELEASE][admin@pash]/boot: mount /dev/ufs/pfsense0 on / (ufs, local, noatime, synchronous) /dev/ufs/cf on /cf (ufs, local, noatime, synchronous) [2.2.2-RELEASE][admin@pash]/root/tmp: dd if=/dev/zero of=1MB bs=1M count=1 1048576 bytes transferred in 49.369825 secs (21239 bytes/sec) [2.2.2-RELEASE][admin@pash]/root: mount -o noatime,async  /dev/ufs/pfsense0 / /dev/ufs/pfsense0 on / (ufs, asynchronous, local, noatime) /dev/ufs/cf on /cf (ufs, local, noatime, synchronous) [2.2.2-RELEASE][admin@pash]/root/tmp: dd if=/dev/zero of=10MB bs=1m count=10 10485760 bytes transferred in 1.950883 secs (5374879 bytes/sec) Edit: below is the system patch that I've applied… --- config.lib.inc      2015-04-13 19:16:38.000000000 -0600 +++ config.lib.inc.async        2015-05-31 04:26:02.000000000 -0600 @@ -328,12 +328,12 @@         /*    if the platform is soekris or wrap or pfSense, lets mount the         *    compact flash cards root.           */ -      $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); +      $status = mwexec("/sbin/mount -u -w -o async,noatime /");         /* we could not mount this correctly.  kick off fsck */         if($status <> 0) {                 log_error(gettext("File system is dirty.  Launching FSCK for /"));                 mwexec("/sbin/fsck -y /"); -              $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); +              $status = mwexec("/sbin/mount -u -w -o async,noatime /");         }         mark_subsystem_dirty('mount'); @@ -367,7 +367,7 @@         /* sync data, then force a remount of /cf */         pfSense_sync();         mwexec("/sbin/mount -u -r -f -o sync,noatime {$g['cf_path']}"); -      mwexec("/sbin/mount -u -r -f -o sync,noatime /"); +      mwexec("/sbin/mount -u -r -f -o async,noatime /"); } /****f* config/convert_config

Just backup the config and restore it to the new box when it comes. If the new box has the same physical device names (em0, em1…) then all should be seamless. If the physical device names are different, then edit the backed up config, put the new device names in. Then restore to the new box. That saves having to go through the interfaces assign script on the console.

You should be good to go then (barring some other hardware issue). Let us know how it turns out.