When you added the additional interfaces did you add a gateway? You should not have done if you did. Go to System: Routes: Gateways:    You should have only one gateway there, the WAN gateway. If you have more remove them from the Interface setup page and them make sure the WAN gateway is set as default. If you have any problems try posting a screenshot from the Status: Interfaces: page. Steve

Ok, thanks for this info. Maybe I found an distributor for the TP-Link card…..... ;D So I hope I can build up my 3 AP's with these cards. As soon as the new pfsense 2.2 is available, I will test it..... 8) Oh, "it is ready, when it is ready" is much more better, than beeing "fast". Mozilla and others accepted this, too. Some others not, but this is an different topic. ..... ;) Regards SNR

Supermicro PDSMI+ with a Xeon Dual Core 3070 is a spiffy little system for under $50. Its FAR from a great system but its cheap and fits in a 1U case. Dont remember if its ECC or not. EDIT: Yes its is ECC capable. Up to 8Gigs.

@dreamslacker: Just setup a MSI H81i board with pfSense 2.1.  Same issue with the AsRock board - AHCI has to be disabled in BIOS or else GEOM won't see the drive. It'd appear to me that Gigabyte is the only one (for Haswell) without this issue at the moment (I don't buy Asus due to warranty issues - lousy distributor here). I had no problems with achi and my asrock h81-dgs with 2.1.1 prerelease

Attaching pictures… [image: WP_20140226.jpg] [image: WP_20140226.jpg_thumb] [image: Capture.PNG] [image: Capture.PNG_thumb]

This might be a stupid question but can you fit two FW-7541 side-by-side in 1U? It's possible with the Alix and was possible with one previous Lanner product (it seems they "lost" the feature with their current line)… While the FW-7541is definitively more powerful, it would "eat" 1U more in the datacentre if you want a pair of them.

@midacts: I think it might be nice to have a few more options for pre-built appliances like that. The pfsense store does not offer that many pre-built solutions, so many having a few more option, may help those that are new to pfsense or are intimidated by it to give it a try. … yet.  8) 8) 8)

@bryan.paradis: Are you running in a virtual machine by chance? No I do not. Regards

@Jason: The problem with Chinese knockoffs is that even if those are actual Intel controllers they're not likely to be first stock chips or contain other substandard parts. Surprisingly, the units that I've gotten are using decent electronic components.  I do agree that they might not be using top yield controllers though I've not encountered any issues so far. It must be noted that what I've got isn't a knock-off/ clone so this wouldn't apply to those units that are actually direct knock-offs.  It's actually designed by their own engineers (not sure if this is a good thing but their PCB layout does seem rather decent).

IMO, if someone posts, "I need a <foo>", and someone has one to sell, they can contact the wantee off-forum (or PM, or whatever). I don't want to turn the forum into a swap meet.</foo>

It is not a need… It is more of concerns about the uncertainty of the issue.  I am a little concerned that something might come up and I do need to manually switch to the backup without physical access to unplug a cable to work around it.  I worry more that the problem might show up in a way that I have not tested yet since I do not understand the real cause of the problem. I have some i350 cards coming in to test instead of the Quad Intel ET2 cards but since they use the same igb drivers I suspect I will have the same issue. EDIT:  Keep in mind that high load as I defined it above is only a single TCP connection taking up 600mbit of traffic which is something that could happen somewhat frequently depending on what is transferred between interfaces at times(backups, file shares, deployments to production servers, etc).  It is the manually disabling Carp that would be infrequent of course.

Indeed, running pfSense virtualised is a good option on massively overpowered hardware. At least you can then use it usefully for something else and you can very easily allocate more resources if your requirements go up. The two options you have suggested are at the two ends on the hardware scale. The Dell is massivelt over powered, the Alix (current model) is not powerful enough. The performance of the new Alix APU board is largely unknown but it will firewall/NAT 110Mbps. It may not run Squid and Snort at 110Mbps. Steve

If you search the forum for 'v120 firmware' you'll see a few pages where I've mentioned it. Also there is quite a long thread on the Plusnet forum discussing the V120 and various firmwares here: http://community.plus.net/forum/index.php?topic=95503 Steve

So basically to do that you need the Squid webproxy, Squidguard web filter and ClamAV anti virus packages. To get all those running is probably going to take some tweaking and reading of various how-tos. If you are ad-blocking at the firewall it may well cause tracking problems, usually that's a good thing! I find it far easier to run adblocking locally in the browser. That way I can easily whitelist sites that I don't mind the advertising on (like this one!) or disable it when I get to some site that doesn't work at all because some thing is blocked. Increasingly Ebay works less and less with stuff blocked unless you carefully train the filters. There is little point in having a huge cache in Squid especially for a relatively slow home connection, you won't see much increase in speed. It would be better to give a large RAM cache, which will be much faster. Caching Windows updates can indeed be a problem. They use a CDN so the update files may not come from the same location making it difficult for Squid to know they are the same file. There are various threads and docs on that. Yes that's exactly how VPNs work. Though you could configure some stuff to connect directly. You may have some issues with an 8111F. I can't remember quite what the current support is but I believe it wasn't supported by 2.0.3.  :-\ Hmm, have to check that. If it is supported you should see any loss at 30Mbps. If you use a wireless router as an access point you usually have to use one of the LAN port the connect to it leaving only three but, yes, those are then usable as a LAN switch. Some firmwares allow you to add the WAN port to the LAN switch getting around that problem. Steve

I had an Alix 2D13 running 2 WANs on the physical WAN port, by VLANs, 3 VLANs on the OPT1 port for various local subnets and the real LAN port being an ordinary LAN (I did that just so that I can always easily get to the webGUI by connecting physically to LAN, even if all the VLAN switch configs are gone). No trouble running VLANs on that. With multiple WANs I have trouble during failover - with 2.1.* at lot of stuff fires up at once failing over OpenVPN server/clients, doing DynDNS updates… and it sometimes runs out of the 256MB in real time. That means some process/es implementing the failover changes get killed, and so some things in the failover do not always implement. I believe this should be better in 2.2. Anyway, just saying that in a multi-WAN scenario on 2.1.* 256MB is not quite enough memory.

Well a pci-e NIC is always going to be marginally faster than a PCI NIC but at 50Mbps it shouldn't make a measurable difference. Some low quality NICs report having various hardware offload capabilities when in fact they don't or it's broken. You could try going to System: Advanced: Networking: and disabling the various offload options. Or just leave well alone since it's now working.  ;) Look to get more Intel NICs if you can for reasonable outlay. Many people are running Realtek with no problems though. Steve

Well disregard. It is the Netgear switch. When i plugged everything back in, it was fine. Within 15 minutes i was back to 400 plus latency. I hardbooted the netgear 748t again and it was fine. Its is been an hour and up it goes again. Ordering a switch now. In hindsight it was dumb to think it could be pfSense since no packages were installed or configured for QoS .. Live and learn

To reply to myself, I was able to get another VIA EPIA CN10000EG motherboard and test it with Pfsense 2.1. No problems. So it is not motherboard. I did test it with Netgear FA111 NIC which uses single DP83815 chip and it works fine. So it must be something with drivers and/or Soekris NIC. Does anybody have problems with Pfsense 2.1 and that particular NIC?

Yep the driver is not new enough in 2.1. It was supported in 2.1.1 but the driver had to be backed out due to stability issues with some hardware. It happened very recently though, there are still snapshots on the server that have support for the i210. Try one of those, if it works for you your'e all good. Anything from the 17th of Feb or earlier should be good: https://forum.pfsense.org/index.php/topic,72763.0.html Steve

Awesome! thats good to hear that OpenVPN supports AES-NI. Now to build a pfsense firewall that can utilize its capabilities.