You probably can do something like that but FreeBSD has a better solution built in for setting the config index on a device:
https://www.freebsd.org/cgi/man.cgi?query=usb_quirk#LOADER_TUNABLE

So get the product and vendor IDs from your device using usbconfig -d ugen0.2 dump_device_desc then create the file /boot/loader.conf.local and add to it:

hw.usb.quirk.0="VID PID 0 0xffff UQ_CFG_INDEX_1"

Then that device will always come up with config index 1 whenever it's attached.

Steve

Thank you to bad I already returned it and got a different one coming.

@stephenw10 Thanks. There's also some Intel NIC chipsets that are, on the ARK page, specified as proprietary instead of being on the PCIe or some other standard bus. I assume that means they are part of SoC or the motherboard chipset. Curious how pciconf handles those. I don't have FreeBSD specific info but 82579LM is an example.

@rle said in Intel X710 Issues:

I also had to replace the file completely in boot/kernel otherwise it would not load the newly compiled driver.

You could have also added:

if_ixl_name="/boot/modules/if_ixl.ko"

To make it load the new module.

Steve

@stephenw10 said in APU --> SG-1100, Faster at IPSec; Slower at Everything Else:

Both the MBT and the APU are capable of running the current pfSense CE version, 2.6.

I found my null modem adapter, so I now have one of my APU units up and running 2.6.

I need to run over to my 3rd site and swap it into place of the other APU, and then upgrade that one to 2.6, and then all of my devices will be at the latest release.

Thanks!

To close this out, I bought the Zyxel switch and an Intel SFP+ NIC for pfSense and connected them with a DAC cable and it works exactly as expected. I haven't upgraded my AT&T service yet but I gained about 300Mbps on the upstream in a speedtest (?!) just from not being limited by the port speed. It's 10Gbps from pfSense to the switch and 5Gbps from the switch to the AT&T CPE. I'll call that a win even if I don't go for a package above 1Gbps. I'm getting 940Mbps down and ~1250Mbps up now. Even 2.5Gbps to the AT&T CPE would yield the benefit. Obviously YMMV but it's worth a look if you have AT&T fiber.

With that DAC cable there is no option to set a fixed speed in the Chelsio NIC. It can only be autoselect.
That is quite common and in those situations it will often only link at 10G.

Using fibre modules instead of DAC will probably allow it if you can test that.

Steve

Thanks for the information and yes i agree that the man page might need an update.

The default Realtek NIC support is no worse in 2.6 than in 2.4.5. If it was working fine for you in 2.4.5 I wouldn't expect problems in 2.6.
The only thing that changed is that the alternative driver was removed from our repo making it slightly more difficult to install. However if you weren't using it then there's no significant difference.

Steve

@AW-pfsense

The different hardware will allow be to test the
capabilities and allow some limited estimations of
performance for my use cases when the hardware is
compared..

Ok

This is more than just a perforce comparison. If either
the s/w or hardware is not capable its not for me.

Ok I understand

I have tested with Ubuntu to confirm of the network
and h/w i'm using is capable of the speed.

Ubuntu is doing normally the following, if configurated!

SPI = netfilter in Linux NAT = Network address translation

It is fast and not really comparable to an firewall, it is what a pure router is doing! Please don´t forget this.

pfSense has also NAT, but it a later part of the packet filter
(pf) where the names (pfSense) comes from.

And the packet filter is doing more, it is working over any packet firewall rules based action, so it needs more time and power. The hardware should be a little bit stronger!

That's the only reason for that. Given the hardware I'm
using is more powerful than the 6100, if it cant cope
this is not generally good for lower powered h/w

In some cases we use here the following setup, matching nearly any needs and/or without any problems running
no, some or featured UTM (pfSense), you can really trust on.

Intel Xeon E3-12xxv3/4/5/6 with 8 / 16 / 32 GB
You can add all adapters you need
~500 € - 1000 €

Supermicro Intel Atom C3000 8 / 12 / 16 Core
Power saving and fast enough, with M.2 and WiFi slot
~1000 € - 2000 €

Supermicro Intel Xeon D-2100 series
With, M.2 SSD, WiFi and modem + SIM slot

Supermicro Intel Xeon D-2700 series
With, M.2 SSD, WiFi and modem + SIM slot
~1500 € - 3000 €

It is not cheap, but if you need the power you may not
looking in the cheaper corner and if this must run 24/7
you may not willing in Intel Core iCPU series.

But the most think is that you may fiddle out one or two
days that all is matching to your hardware and this comes
normally on top of all! What is some ones hour price?
What is one or two days price on top of all, and now the prices from the Netgate appliances are not anymore so
high as many state here in the forum often.

You may be not missing something you want to install!
Squid & SuiqdGuard, ClamAV, Snort, pfBlocker-NG, tinc,
stunnel, acme, lightsquid and vpn packets runningfast!

I'm just trying to solve some technical issues i am
coming across as I test the capabilities.

Then I would really suggest to go with an installation of pfSense either 2.6 or 2.7 to get a better feeling to this
given power of the hardware.

Yes. As long as it's supported by the hypervisor.

FreeBSD has no MBIM support. Nor does it support other proprietary interface types like QMI. So you can only use the PPP interface which is limiting and the modem must be configured to present an AT port which most rebranded ones are not. (they can usually be reconfigured to do so though)
I usually see 30-40Mbps. I've seen others report >60Mbps. You won't see the claimed 150Mbps or 300Mbps.

Steve

I just revied my 6100 a couple days ago and using info here was able to get the interfaces/ports assigned the way I wanted. Just made up a table for myself in MS word so I have a quick reference on the box.
2e22130d-f9f2-40c5-807b-3eb091562a47-image.png
20221002_091620.jpg

Hello,

long time ago, there was a SDK from IBM under OpenSource license free for public usage, so you or all others may be interested in, could be write there own applications to use the TPM modules as they need and want it.

If you may be getting your hands on a TPM module that comes "not" sorted with a key or certificate inside, or plain a
piece that let you write on (in) your own "stuff" it might be
you reach your goal.

@sledge replied .)

@davecullen86

Hey guys, many thanks for your response. The more
I look into this, the more I see so many others with the
same issue.

I have some, a couple of PC ENgines APU boards, and
I run MikroTik RouterOS, OpenWRT, pfSense on them,
all Linux comes more to 1 GBit/s with lower powered
hardware, it is a little bit more near to the hardware
due to better driver support and here and there not
so "hardware hungry", but a router and a firewall
that can be turned into a real UTM device is als not
the same! As I see it personally, you could try out as @stephenw10 was suggesting to tune your pfSense
a little here and there. With DanOS you might be getting
nearly two streams with full GBit/s on the same hardware
(PC Engines APUx), owed to DPDK capable LAN ports such
Intel i210 / i211.

As you say the issue is implicit to the PPPoE single core > factor and the clock speed of an individual core of my
small appliance.

Like me, but I was high up the cpu frequency to another
level and play now around with some other tuneable`s,
to get here and there more out of my hardware pointed
to the entire throughput. But I also know that my appliance is better cooled then other and will never goes
higher then 65 C° - 70 C°!!!! The CPU is normally capable
of 1400 MHz and runs even only at 600 MHz - 1000 MHz
and now it is running from 1000 MHz till 1400 MHz, but
if something goes wrong, I don´t complain and be angry!

I have a solution! With another identical appliance, I
have installed OpenWRT x86 and I am not getting close > to 900Mbps throughput.
And with DanOS you may be bidirectional getting fully
1 GBit/s out! But not a fully UTM in your Network!!!!!!!!

Firewall Captive Portal with voucher system (voucher over sms) FreeRadius with certificates and encryption Snort or Suricata for IDS/IPS pfBlocker-NG for less spam and other unwanted things Squid & SquidGiuard as a caching proxy in fron of LAN ClamAV scanning the entire network flow for viruses (perhaps at one day WiFi a/b/g/n/ax)

Now, THIS IS good enough for me :-). So I suggest is
a good potential solution for others who are happy to
offload the PPPoE function to another inline appliance.

I run a AVM FB 7590ax in front of the pfSense and behind
I am running the pfSense firewall! No PPPoE anymore, but
double NAT situation! But all CPU cores in usage!

AVM is offering some interesting APPs (VPN, telephone,..) Really nice to connect from outside (internet) and being secure on the LAN side!

Now I just need to work out if I can pass through
the WAN IP somehow to my PFSense :-)

1 LAN Port as "exposed host" to the WAN interface
of the pfSense firewall ("Experienced") Double NAT Situation

Router:
network (net) 192.168.178.0/24 (255.255.255.0)
Router IP 192.168.178.1/24 (255.255.255.0)
Static IP Address to the pfSense a.e. 192.168.178.10/24
DHCP off: all IPs will be static given to the clients

pfSense:
WAN IP 192.168.178.50/24 (255.255.255.0) static IP
LAN Net: 172.xx.xx.0/24 (255.255.255.0)
LAN IP 172.xx.xx.1/24 (255.255.255.0) static IP
DHCP: on/off (Like you need it and want it)

Thanks for your help again - I really appreciate the
pointers that ultimately led me to get a working
solution.

Not that problem, you are one from xyz sitting in the same
boat. I would also have a look on another appliance if I`ll
getting more then 50 MBit/s Internet speed!!!

P.S.
Please don´t forget in the WAN setup to disable the
following point!

WAN settings.jpg

@stephenw10 Thank you for your time and your team for the product. Fantastic.

It is supported by the mlx4 driver.

I tested one a while back and found it to be a little odd in my particular hardware.

Others are using it successfully.

If you need 10G I would be looking for an Intel x500 series NIC.

Steve

Important parts of that are:
The backtrace:

db:0:kdb.enter.default> bt Tracing pid 41110 tid 100731 td 0xfffff8039f557740 kdb_enter() at kdb_enter+0x37/frame 0xfffffe00a7eb7eb0 vpanic() at vpanic+0x197/frame 0xfffffe00a7eb7f00 panic() at panic+0x43/frame 0xfffffe00a7eb7f60 propagate_priority() at propagate_priority+0x282/frame 0xfffffe00a7eb7f90 turnstile_wait() at turnstile_wait+0x30c/frame 0xfffffe00a7eb7fe0 __mtx_lock_sleep() at __mtx_lock_sleep+0x199/frame 0xfffffe00a7eb8070 qlnx_ioctl() at qlnx_ioctl+0x528/frame 0xfffffe00a7eb80d0 ifhwioctl() at ifhwioctl+0x596/frame 0xfffffe00a7eb8150 ifioctl() at ifioctl+0x4bc/frame 0xfffffe00a7eb8210 kern_ioctl() at kern_ioctl+0x2b7/frame 0xfffffe00a7eb8270 sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe00a7eb8340 amd64_syscall() at amd64_syscall+0x387/frame 0xfffffe00a7eb8470 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00a7eb8470 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x800b54d4a, rsp = 0x7fffffffd198, rbp = 0x7fffffffd210 ---

The panic strings:

Sleeping thread (tid 100919, pid 62482) owns a non-sleepable lock KDB: stack backtrace of thread 100919: sched_switch() at sched_switch+0x630/frame 0xfffffe00c741ddf0 mi_switch() at mi_switch+0xd4/frame 0xfffffe00c741de20 sleepq_timedwait() at sleepq_timedwait+0x2f/frame 0xfffffe00c741de60 _sleep() at _sleep+0x1c8/frame 0xfffffe00c741dee0 pause_sbt() at pause_sbt+0xf1/frame 0xfffffe00c741df10 qlnx_stop() at qlnx_stop+0x4b5/frame 0xfffffe00c741dfa0 qlnx_init_locked() at qlnx_init_locked+0x2a/frame 0xfffffe00c741e070 qlnx_ioctl() at qlnx_ioctl+0x53a/frame 0xfffffe00c741e0d0 ifhwioctl() at ifhwioctl+0x596/frame 0xfffffe00c741e150 ifioctl() at ifioctl+0x4bc/frame 0xfffffe00c741e210 kern_ioctl() at kern_ioctl+0x2b7/frame 0xfffffe00c741e270 sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe00c741e340 amd64_syscall() at amd64_syscall+0x387/frame 0xfffffe00c741e470 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00c741e470 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x800b54d4a, rsp = 0x7fffffffd198, rbp = 0x7fffffffd210 --- panic: sleeping thread cpuid = 3 time = 1663318115 KDB: enter: panic

There is a bug report open for this:
https://redmine.pfsense.org/issues/13028

And it looks like you've opened a bug upstream:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266480

Steve

@keyser

A bit late but answered for the records too.

APU6B4 might be the best choice together with the SG-6100.