@Fetakungen: Hi, I recently bought GA-H87N-WIFI to use with pfsense. Now i realized that the Atheros chip on the board ain't compatible. Will this be changed in a future update ? Or do i need to purchase a diffrent nic/mb ? I just did this too. I found a GA-Z87N-WIFI at Microcenter for about 40% off because it was an open box. Saw the MAC addresses on the board and got really excited because I thought they were both Intel. I was extremely disappointed when I discovered one was an AR8161. I did load up FreeBSD 11 to see if a driver was included with no luck. I ended up eBaying the Gigabyte board, and I bought a JetWay JNF9J-Q87.

@router_wang: @gonzopancho: Will the ERL be available via the pfSense store?  Likely, if they prove to be stable. Hey Gonzo, for the people that already have an ERL, could you possibly sell a memstick version from the store, like the one on there now? That way people can support the project. It's a consideration.  Another path forward would be to put a memstick image in the Gold member area. (Edit: this avoids the complaints from people who don't want to pay for shipping.  It would, however, encourage us to offer a version of 'Gold' for less than $99)

Thanks the new versium 2.1.2 help a lot. Now i have those 2 ethernet :) Now i'm posting some new question's in the apropriated fórum :) Best Regards

Have you enabled hardware crypto of AMD Geode LX in System > Advanced > Miscellaneous and in OpenVPN servers config? This should work well with AES-128-CBC encryption. However the OpenVPN throughput is limited at about 20 mb/s with this hardware.

After reinstall all went quiet.  ??? Load is almost zero as should be.

@mad|V|aX: From what I gather from all replies so far, I could ditch the requirement to route packages at GBit speed between VLANs and go for a Atom based system (which tops out at around 500 MBit/s apparently, depending on the exact model). You could always get a decent layer 3 switch and do all of your internal routing on the switch itself. Then you could run almost any cheap/low power atom with one nic and pfsense and use it only for a firewall/edge device (one nic with 2 vlans - your WAN isn't gigabit anyway so you wouldn't slow anything down). Edit: reread original post and noted WAN speed

Check that both CPUs are reporting the same tjmax. I can remember exactly what the sysctl is though. A 10C difference can be explained by dried thermal paste. Steve

I'd rather stick with new hardware if I can, although I appreciate the info - I've been reading up, and it looks like I have a couple of good options as fallbacks, if necessary.

That configuration requires you to assign the bridge interface and configure an IP address there rather than on a member interface. https://redmine.pfsense.org/issues/1634

Nothing in the firewall log? Something that jumps out at me is that your nfe0 NIC has flow-control enabled. If the connecting NIC is not supporting that it could explain it. Though you might expect no traffic at all. Try running this to see what modes it supports: ifconfig -m nfe0 Also you could try disabling all the hardware offloading options in System: Advanced: Networking: Steve

Nice.  :) Unusual for a DIMM that old to fail so spectacularly but not unknown I guess. Steve

@foonus: @Hollander: hw.igb.rxd=4096 hw.igb.txd=4096 Adding up all file descriptors from all interfaces can not exceed a total of 4096. Try this and see how things run. hw.igb.txd="2048"                # number of transmit descriptors allocated by the driver. 2048 limit (default 1024) hw.igb.rxd="2048"                # number of receive descriptors allocated by the driver, 2048 limit (default 1024) Thank you very much for your reply  ;D Well, this is weird  :o The wiki says '4096', as do many threads on the FreeBSD forum as well. However, I was intrigued by: number of receive descriptors allocated by the driver, 2048 limit (default 1024) Could I ask where you have this text from? Because it would appear all other information is wrong then (?) Especially given this: LOADER TUNABLES     Tunables can be set at the loader ( 8 ) prompt before booting the kernel or     stored in loader.conf( 5 ). hw.igb.rxd     Number of receive descriptors allocated by the driver.  The     default value is 256.  The minimum is 80, and the maximum is     4096. hw.igb.txd     Number of transmit descriptors allocated by the driver.  The     default value is 256.  The minimum is 80, and the maximum is     4096. From: http://www.freebsd.org/cgi/man.cgi?query=igb&sektion=4&manpath=FreeBSD+8.1-RELEASE

Which BIOS are you running? The most recent, derived from the SSL box, can boot significantly more things. There has also been a suggestion (I've not a chance to test it yet) that enabling the SATA controller in the bios will boot even more things. https://forum.pfsense.org/index.php?topic=20095.msg410372#msg410372 Steve

I'm assuming the built-in laptop display is working fine? If so, VGA is enabled and working. From there, whether or not the laptop actually shows anything on its VGA port is dependent on the laptop itself. Some have function keys you can cycle through to change it from internal display only, internal display and external VGA mirrored, and external VGA only. Most have BIOS settings of some sort that let you control the same settings.

I upgraded my system from i386 to x64 full with different hardware, backing up and restoring my configuration. After this I noticed sites failing to load and slow download speeds. In the end I factory reset and rebuilt my config from scratch, this sorted out my problems. It may be worth a try, you can always go back to your original config.

Cool stuff.  :) You may need to modify the BIOS to get access to it then. Obviously some risk involved with that, see the XTM8 thread. Check that all the cores are being frequency changed. Try using: sysctl -a | grep freq It will show a whole load of things but included in that will be current frequency for each cpu. It looks like in the original, un-customised, Portwell box the HD caddy is SATA. Is there additional hardware in the 1050? I couldn't really see much in the de-manufacturing docs. Steve

If you have to ask then you probably don't need anything that has more power than Atom processors. This is probably what you're looking for, this one uses Celeron 1037u, much more powerful than Atoms, fanless, dual gbit lan, idles at 17w, usb3, supports msata/sd, the box is only 29mm thick and can handle 1GBit/s easily: https://forum.pfsense.org/index.php?topic=75262.0 [image: T1Dq4YFCdhXXXXXXXX_!!0-item_pic.jpg_460x460.jpg]

Snort eats memory like nothing else especially if you don't take steps to prevent it from doing so. In that respect your increased memory usage is completely normal. However you do not, ever, want to be swapping. It will bog down the performance dramatically. If you're not seeing that then it's likely the swap usage was not a continuous thing but it shows you are the edge of your ram requirement. You should probably either take steps to reduce Snorts footprint or add more ram. @http://mikelococo.com/2011/08/snort-capacity-planning/: RAM Each snort process can occupy 2Gbytes-5Gbytes of ram. How much depends on: Traffic – The more traffic a sensor handles, the more state it must track. Stream5 can use anywhere from a few Mbytes to 1Gbyte to track TCP state. Pattern Matcher – Some pattern matchers are very CPU efficient, and others are very memory efficient. The ac-nq matcher is the most cpu-efficient, reducing CPU usage by up to 30% over ac-split, but adding over 1Gbyte of ram usage per process.  The ac-bnfa matcher is quite memory efficient, reducing ram usage by several hundred Mbytes per process, but increasing CPU usage by up to 20%. Number of rules – The more rules that are active, the more memory the pattern matcher uses. Preprocessor configs – The stream5 memcap is one crucial factor for controlling memory usage, but all preprocessors occupy memory and many can be configured to be conservative or resource-hungry. A Snort process inspecting 400Mbits/sec of traffic, with 7000 active rules, using the ac-nq pattern matcher (which is memory-hungry), and a stream5 memcap of 1Gbyte uses about 4.5Gbytes of RAM. With a smaller ruleset and the ac-bnfa pattern matcher (which is memory-efficient), I’ve observed snort processes use about 2.5Gbytes of RAM. Note that the operating system and other applications will need some RAM as well, and if you don’t have unusual needs 2G is generally plenty. A detailed discussion of RAM sizing for the database is beyond the scope of this post, but generally for a multi-snort deployment it’s worth putting the database on a separate server that has 1-4Gbytes of RAM. Steve