You shouldn't need to. You might try connecting it thought a powered hub a test.

@stephenw10 Had to put this to the side for a bit, but I'll return to troubleshooting at a later date.

If you are connecting to 1G devices you may well have to set the link speed manually. That is done in the interface config in pfSense. It's common to need to do that on any 10G NIC.

You can't have more than one interface in the same subnet, it would break routing between them.
If you really need them in the same subnet you would need to bridge them:
https://docs.netgate.com/pfsense/en/latest/bridges/index.html

Steve

@stephenw10
Nice!!
i look later tonight

Regards

@ck42 No, not PPPOE. Was just intending to show the relative single-thread performance of a low-end desktop processor vs an embedded one, since that directly affects PPPOE performance. The Geekbench browser will let you compare scores of different processors if you don't already have one to test.

@rcoleman-netgate Thank you but i see that there are still problems, it happens to me too.

@pete Yes it works very well now.

Ah, good result then!

Yeah you almost certainly don't need all those rules. Also those are rulesets and you probably don't have all the rules in them loaded because that would be a lot of rules!

Steve

@stephenw10 Bingo!

I rebooted just to see, and you are correct, it now shows AES-NI as available but inactive.

Thanks..

@p-dang That's good news. I didn't see it in their release notes.

I happened to come across what I read here on the "can I use my own hardware"
https://www.netgate.com/support/frequently-asked-questions-pfsense-plus

I'm on 2100. I'll try to reboot it again. It was pulsing before the upgrade.

cheers,
M.

Edit: it needs one more boot after the upgrade. I have a pulsar again! thanks

Per forum user @w0w, you can download a newer Realtek driver package from freebsd.org per the commands below. I've gone ahead and done this "newer" driver version for my current 2.5.2 install, and it worked well...it is a "test" for me prior to upgrading to 2.6.0 to make sure the drivers worked under load.

You still have to edit the /boot.loader.conf.local file after installation, and it will say so on install of the package. (well, it will say to edit /boot/loader.conf, but you may want to do the /boot/loader.conf.local so these settings will persist on doing a future upgrade, per the instructions from @stephenw10 )

fetch -v https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/realtek-re-kmod-196.04.txz pkg install -f -y realtek-re-kmod-196.04.txz

Ok, that's fair. You won't see 1Gbps OpenVPN through the 7100. Not yet at least.

Steve

@stephenw10 So, moved back to the Intel card and I am seeing the results I expect to see now.

So, the major issue was that I had a hard gateway defined for the LAN interface, which started asymmetric routing issues. While supported, the bce based card was the second issue.

I'm seeing ~230/~110 on a 250/125 circuit, which matches the old firewall almost perfectly, so I think I can put this one to bed. Now, to get BGP and all the other stuff moved to the new firewall, probably gonna setup HA between the old and new and use that to make the switch between the firewalls.

Thanks everyone for the input, it got me in the right direction and hopefully it will help others who come across it.

Update on this for anyone with the same issue. What I though was a memory IC wasn't. It's bricked, I don't think there is any way to fix it.

They are 1G, you can see from the PCI device ID:

https://pci-ids.ucw.cz/read/PC/8086/15e4

Steve

Interesting. You get different public IPs in different subnets?

You can't load-balance like that between WANs that use the same gateway for example.

Steve

@stephenw10 thanks for that detail.

Ah, nice find!

@setarcos there’s no need to downgrade the firmware you can use the latest one if you want. Infact I used a newer one 8.4 I think (My card originally shipped with 7.2). It will still work fine with the inbuilt driver. I did however compile the latest driver from Intel’s site, though not necessary.