@jimp:

AES-NI is broken on FreeBSD for things that need cryptodev support.

If you do not load the AES-NI kernel module, OpenVPN will use OpenSSL's internal AES-NI code which is quite fast.

I have had reports from a customer that they were able to push a sustained >600Mbit/s transfer over OpenVPN on hardware with AES-NI.

AES-NI is not broken on FreeBSD.  It's just that the modes which are implemented (in cryptodev) can't be effectively pipelined, and as a result, AES-NI is … hobbled on FreeBSD.

However, the problem is now understood, and we're fixing it.  You should be able to get 750-850 Mbps with the right hardware using IPSEC tunnel mode.  (In theory, AES-NI is good for 2Gbps per core, but using tunnel mode adds a few bytes to the packet, the encapsulation/decapsulation costs a few instructions, and that test was using a single core processor and 1Gbps Ethernet interfaces.)

With the right hardware ($$$), you should be able to run 20-50Gbps throughputs.  8)  No, I did not stutter.

you should probably wait for pfSense 2.2 before attempting much with 802.11

You won't even need three with pfSense 2.2 (FreeBSD 10).

No problem, enjoy your new setup.  :)

Steve

@stephenw10:

This may also be a symptom of something else causing the interface settings to be reloaded. The dyndns client is triggered and checks to see whether an update is necessary.

Steve

Yeah, I noticed that it does this when the alternative gateway set for WAN 2 has a "packet latency" or "packet loss" status. But why will it update dyndns for WAN 2 when I don't have an entry for it?

You will only hear the three beeps with the FreeDOS image. I put that in there initially because it was the only way I could be sure to know when FreeDOS had booted.
After you have flashed the BIOS (the LCD will then show 'pfSense B7' at boot) you should be able to access the BIOS setup via the serial terminal but at 115200bps. Then you can change the hard drive parameters to allow it to boot the larger CF cards as described in the docs.

Not sure why the images are named inconsistently between the 2G and 1G files.  :-\ Not to worry though, if the MD5 checks out just write the original img.gz file with physdiskwrite.

Steve

People post "for sale" or "for a good home" threads here from time to time.  They're not a very common occurrence but they do happen.

To be honest though, I'm not sure you'll get much of nothing for that system as it's pretty outdated.

Have the Netgear GS108Tv2 and Cisco SG200-8.

They both work fine.  They both also have quirky port mirroring in which VLAN tags are not removed on egress at the mirror destination port.

I prefer the Cisco web interface though.  It is more responsive and has running, startup, backup, and mirror configs.  Also like the rear facing network ports and front bezel status indicators.  True desktop form factor.

The Netgear web interface is slower and many of the images to click for configuration are very small and cumbersome to click on.

If I was buying another one now and those were my two options I would buy another Cisco SG200-8.

No the serial port has to be a real serial port, it's hardcoded into Nano when it's built.
I'm using all re-purposed Watchguard boxes.

Steve

I don't think any consumer USB flash drives have wear leveling, but even then, what difference would it make? Wear leveling would obviously not affect stationary data, so there's no way it would corrupt anything on the dormant slice.

Too hard for me…..

I bought yesterday a jetway mobo at a really good price so i'm going to build a little PF box.

Thks for aller Steve.

@jimp:

It's louder than hell but it'll do the job well.

http://www.alixbox.com/dellR200

Now http://store.pfsense.org/R200/

Yep. ^ exactly.
If it's showing in the dash it's probably already using coretemp (or the amd equivalent).
If you can't load mbmon then the above code definitely won't work. There's another thread that covers using coretemp for a similar purpose I think.

Steve

It been over a week and I'm happy to report the CPU on both Soekris computers went down by about 8-10c on average. Also under load.

In the rack mounted net6501 there are also 2 30mm fans (1 sucking in, 1 blowing out across the board) and that temperature went down an additional 5c averaging at 55c under average load and sinks to 52c idle.
The non-fanned net6501 in a desktop/standard enclosure sits around 60-62c idle and 64-66c under average load.

It would seem to me that if Soekris engineering would put a slight larger finned heatsink on the CPU it would reach these temperatures this by itself already. The Alu slab is a bit insufficient in my opinion.

If you can find such a heatsink (Mounting holes 40mm apart along the side, 45-47mm diagonal) you can easily fit it on as the mount points are on the board. But I couldn't find a suitable heatsink that fits a rackmount or standard case.

Even better would be a low profile finned/ribbed heatsink with a thin (< 5mm thick 40mm fan). On the desktop case this "stack" may not exceed 25mm, preferably 20mm to improve airflow without needing to drill holes in the top cover. In the rackmount case the height may not exceed 35mm.
Since the net6501 has 2 fan headers this can be a viable option for some if some noise is not a problem.

Hello Stephenw and thanks for your answer.

After a while of playing around I seem to have found the issue, it now disables the backlight when the lid closes, SUCCES! :D
I don't know which command actually did it, so I'll post them all:
vidcontrol -t 1 < /dev/console
vidcontrol -t 1 < /dev/ttyv0
vidcontrol -s 1 < /dev/ttyv0

So a combination of green_saver.ko module and one of the above commands helped me disable the backlight.

Thanks for your support,
Cheers

EDIT:
Or not … I just pushed on the screen and the backlight disabled itself, so either the commands are working as intented or the switches are somewhat broken...
I just put an heavy object on the screen and it's disabled, works anyway.

There is no need to load the em driver it's in the kernel already. The 82571 should be supported.
Some of the silicom cards are not correctly initialized by the bios leaving only the pci bridge chip visible to pfSense.  Please post the output of:

Steve

An update for future reference.

Slow write speed was due to nanobsd mount filesystem in synchronous mode. Can achieve 4MBps once mounted as asynchronous (remove the sync option from mount commands).

Looks like for now it is a choice between resilient filesystem or fast filesystem.

@Fevan:

Even if it is supported or half not working may as well get an AES NI enabled CPU which could cut the usage itself for you.

Still that does figure in regards to current AES support.

Does anyone know when 2.2 will release? hopefully it supports all these latest realtek and nics as well as improved or fixed AES support.

Realtek is always gonna suck.  It might suck less in 10 (2.2).  The AES-NI support isn't going to get any better unless we MFC a change back from -HEAD (assuming that happens).

@8buttons:

my projects PSU went up in smoke, put a bit of a spanner in the works

Spanner in the PSU will do it! Try to keep the magic smoke in.  :P

Steve

http://www.mitxpc.com/proddetail.asp?prod=EKJAD5254LM350&cat=209

I have used this for the last year with a HDD and not had any problems.