@prochid said in Required Hardware Build: ISP is going to give me 2 STM1 connections. So ~300Mbps total? Almost any hardware running pfSense would handle that. You might have a very large number of states with that number of users even if they don;t get much bandwidth so you would want a reasonable amount of ram. Steve

@jibun-no-kage said in Barracuda 310 NIC Bypass-Override: These small C programs are either gone from their original download sites Here's that source for reference. BCHW.c.txt Steve

@alactus So just a mini write up of the actions of the above for future reference (so its all in one spot) Assumptions pFsense setup with 2 disks in a zfs mirror, ada0 and ada1 (as seen from the WebUI) One of the disk fails in the mirror, you can see this if you have the WebUI widget on to monitor the disks etc You have backed up your config and you have a usb key with the install image on ready to go again in case of issues You have physically removed the failed disk from the system and replaced it with a new disk of the same size or bigger Enable the option to ssh into the firewall via the WebUI, use your favourite client to ssh into the firewall and get to the root shell zpool status This will show you the status of the zpool mirror, in my case it said it was degraded because of one failed disk We create the partition table on the new disk ada1 (change this for the actual disk in the mirror you are replacing) gpart create -s gpt ada1 The sizes in the following commands are all based on my own sizes that got used at the time i installed pFsense on this hardware, if you wish to check the exact size used you can check the install log (bsdinstall_log) that is located in /var/log/ example [23.01-RELEASE][admin@pfSense.localdomain]/var/log: grep "freebsd-boot" bsdinstall_log DEBUG: zfs_create_diskpart: gpart add -a 4k -l gptboot0 -t freebsd-boot -s 512k "ada0" DEBUG: zfs_create_diskpart: gpart add -a 4k -l gptboot1 -t freebsd-boot -s 512k "ada1" [23.01-RELEASE][admin@pfSense.localdomain]/var/log: grep "freebsd-swap" bsdinstall_log DEBUG: zfs_create_diskpart: gpart add -a 1m -l swap0 -t freebsd-swap -s 34359738368b "ada0" DEBUG: zfs_create_diskpart: gpart add -a 1m -l swap1 -t freebsd-swap -s 34359738368b "ada1" [23.01-RELEASE][admin@pfSense.localdomain]/var/log: grep "freebsd-zfs" bsdinstall_log DEBUG: zfs_create_diskpart: gpart add -a 1m -l zfs0 -t freebsd-zfs "ada0" DEBUG: zfs_create_diskpart: gpart add -a 1m -l zfs1 -t freebsd-zfs "ada1" Knowing the size you can continue (and the commands, you can change for the ones found in the log if its a different disk etc) Create boot partition gpart add -a 4k -l gptboot1 -t freebsd-boot -s 512k ada1 Create swap partition gpart add -a 1m -l swap1 -t freebsd-swap -s 34359738368b ada1 Create the partition that will actually be added to the zfs mirror gpart add -a 1m -l zfs1 -t freebsd-zfs ada1 in each case ada1 was the disk that had failed in my system, change for the actual one that had failed in yours We can now add this disk (ada1) to the pool. zpool attach zroot ada0p3 ada1p3 at this point (if everything is ok) all the data will be copied from ada0p3 to ada1p3 through a process called 're silvering' zpool status will show this. Once the re silver process is done, you need to add the boot code to this zfs boot mirror gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada1 Is the command i had to run for my setup. -i 1 is the partition we are going to add boot code to and ada1 is the disk we are adding it to. To check which is the boot partition (it should be 1 in the case of pfsense but just for your own information) you can run the command gpart show which will list all the disks and the partitions on the disk Once the re-silver is done, the pool might still show a error because of the failed disk still attached, in my case i had to issue the command zpool detach zroot ada1p3 Which seems counter because you had just attached ada1p3, well in this case i suspect it knows the original disk is failed and gone and so once the command is run it removed the failed disk and the pool health returns to normal Is this the best way of doing it? possibly not but it worked for this setup and has returned the pool to normal for me; adjust the above commands to fit your own setup. And if in doubt, if you have a copy of your config on a bootable install stick for pfsense, just install the fw again and recover your config that way

Yup that's in the raid driver. Not seeing anything that looks excatly like that though: https://bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=mrsas

Yup. Though the usual failure mode there is 'watchdog timeout'. Assuming that's an onboard NIC the only thing you can do it try the alternative driver. Steve

@deltona Did you get this working?

@osalj said in Pfsense and HPE Ethernet 10Gb 2-port 561T: 'm wondering how the CPU E5-2630L v4 would work. 10 Cores / 20 HT - @1.8GHz /Turbo @2.9GHz - 25 MB Cache Might be nice if you not have PPPoE at the WAN, but anyway there should be nothing you could not install or run together with pfSense CE or pfS+ (Plus). It is enough for setting up any packet until you run a whole UTM device together with; Firewall pfBlocker-NG snort or suricata (IDS) Squid & SquidGuard & ClamAV

@provels Actually, they're not counterfeit...the same exact manufacturer that makes Intel ones make those...like all things, some may not come off the floor right or good. I have had two or three "Chinese" make that had been working for over five years or more, now.

@logodude said in Not recognizing x520-da2: Could this have done something to the card? No. Or at least I've never heard of anything like that nor could I imagine any way it could! Have you tried a different card in the new motherboard though? Or booting a different OS on the new board with the X520m card in it? That would tell you if it's a PCI driver issue or something lower level. Do you have the latest BIOS running?

@gertjan Can I get a Usa link of this version are Amazon good place to buy with out getting rip off?

Well like jimp said the description error appears to be purely cosmetic so it the NIC still fails to pass traffic even when assigned correctly that's probably something else.

Thanks all, I will give this a go when I get some quality home lab time, hopefully this weekend.

@stephenw10 Yes, I am booting from the Emmc -- I have not attempted the SSD yet. Being a new board I wanted to get the built in storage stable if possible first before an added SSD.

@pbhl8y12 said in X540-AT2 10G NIC from eBay not working: X540-T2 NIC Is this a original Intel NIC with the original Intel firmware? If not you should try out to get hands on the original Intel Firmware and flash it on an Windows or Linux PC onto the card (NIC) to prevent that art and wise of error.

@knight-of-ni Did I offer how I got there are great knight keeper of ni?

@stephenw10 In the meantime I just tried to do iperf3 between two servers (with pfsense in the middle) and I only got: [SUM] 0.00-20.00 sec 10.1 GBytes 4.33 Gbits/sec 12919 sender [SUM] 0.00-20.01 sec 10.0 GBytes 4.31 Gbits/sec receiver If I set the pfsense box as a iperf3 server I get the results I told before: [SUM] 0.00-60.00 sec 56.8 GBytes 8.14 Gbits/sec 12804 sender [SUM] 0.00-60.00 sec 56.8 GBytes 8.13 Gbits/sec receiver

@riahc8 said in Are 4G modules inside firewalls compatible with pfSense?: @dobby_ said in Are 4G modules inside firewalls compatible with pfSense?: @riahc8 pfSense CE 2.6 / pfSense CE 23.01 Seirra Wireless MC7700 4G/LTE Sierra Wireless MC7710 4G/LTE Sierra Wireless MC7455 4G/LTE So they are picked up by pfSense and can be used as a WAN interface? Intresting... Didnt expect it. [image: 1680022800450-modem.jpg] Yes you can use them then as an WAN interface let us say. pfSense CE 2.6 / pfSense CE 23.01 Seirra Wireless MC7700 4G/LTE - miniPCie (full length) Sierra Wireless MC7710 4G/LTE - miniPCie (full length) Sierra Wireless MC7455 4G/LTE - M.2 (half length) Install the modem, install the cellular package, find out the ugen number of your modem, find then out the right cuaU port, probe that port in console, create then an interface, and set up in the interface area mobile ISP, name and password an so on. Then create if needed a Gatewaygroup and balance over that the enitre traffic or let the modem only the fallback option, or perhaps the only one WAN port. Like you need it.

This is not an easy task. There is no FreeBSD driver that includes support for that hardware. So to make that work in pfSense you need to add that hardware ID to the driver then compile it in FreeBSD and move it to pfSense. If that hardware device has any different requirements to the other chips you will also need to add code to support that in the driver. Swapping it out for a supported NIC will be waaaaaay easier! Steve

I'm interested in ballpark IMIX and IPERF over IPSEC throughput for these older models 8 core CPU - C2758 any results from models SG-8860, C2758 4 core CPU C2558 SG-4860, E3845 MBT-4220 C2358 SG-2440 2 core E3826 MBT-2220 C2338 SG-2220 Or - Where do these older boxes line up against the 4100 and 6100 appliances in terms IPSEC throughput? For ipsec throughput, are there general trends / corellations with core counts vs base cpu clockspeed vs number of tunnels acknowledging in practical terms, we're probably bottlenecked by the ISP's offnet traffic shaping Qualitatively, how does Wireguard throughput compare against IPSec without QAT acceleratoin on CE ? I'll assume past C3558 based appliances, perform roughly about the same as the 6100, assuming 1 gbit interfaces. I got side tracked with IPERF3 - the top google result points to an out of date windows binaries from 2016. Future readers looking for an IPERF3 Windows client, should visit the IPERF3 author/developers at https://software.es.net/iperf/ for a link to current binaries. Here's a data point from a pair of SG-2220 's 2 core atom C2338, no QAT Running Plus ( 23.01 ) Through NAT , minimal firewall rules, 500 to 600 mbit throughput ( Iperf3 , and netflix's fast.com ) IPERF3 over IPSEC IPERF3 3.13, Windows clients on interface ETH1, and IPSEC ( async crypto on, AES-128-GCM VTI ) on ETH0 I get between 275 and 350 mbit, depending on IPERF3 options, number of streams (-p) , uni vs bi directional etc. Packet capture of the IPSEC interface showed a 1360 byte TCP payload, in agreement with a 1400 byte MTU A back of the envelope calc yields about 33k packets per second. I couldn't get the windows binarier of IPERF3 to generate smaller frames. The MSS option may not be implemented on the windows version. (With AES disabled / misconfigured as QAT under system, advanced, misc, throughput was about 110 mbit. )

@riahc8 I believe so Thanks Dan