@stephenw10

Yes, there are many opinions there. The driver I compiled from source is, in my case, in use with scripts based on "echo" and "morse" so no big deal.

@netblues Yeah, you are right, I have limiters and traffic shaping setup at this moment because Bufferbloat is a huge issue for me.

Thank you for your input.

Both those modems look to require modeswitching and the 3372 looks to be Ethernet only.
See: https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html#known-working-3g-4g-modems

What have you tried? How did it fail?

Steve

Now seeing the following in the NTP logs on both boxes. One with the SureGPS (new box) and the other with the UBlox GPS...

Dec 31 10:51:34 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 10:47:34 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 10:36:22 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 10:31:50 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 10:06:14 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 09:57:58 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 09:40:06 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 09:35:02 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 09:32:38 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded Dec 31 09:27:50 ntpd 19356 kernel reports TIME_ERROR: 0x2307: PPS Time Sync wanted but PPS Jitter exceeded

On the NTP status page looks good...

Computer with Sure GPS

PPS Peer 127.127.20.0 .GPS. 0 l 8 16 377 0.000 -0.006 0.003 ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== oGPS_NMEA(0) .GPS. 0 l 15 16 377 0.000 -0.012 0.001 time-d-g.nist.g .POOL. 16 p - 64 0 0.000 +0.000 0.000 0.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000 2610:20:6f15:15 .POOL. 16 p - 64 0 0.000 +0.000 0.000 0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 0.pfsense.pool. .POOL. 16 p - 64 0 0.000 +0.000 0.000 +time-d-g.nist.g .NIST. 1 u 31 64 377 34.472 +3.546 1.306 *ntp2.wiktel.com .GPS. 1 u 26 64 377 29.702 +3.131 1.278 +time-d-g.nist.g .NIST. 1 u 53 64 377 34.859 +2.847 1.668 ntpq -c rv associd=0 status=043d leap_none, sync_uhf_radio, 3 events, kern, version="ntpd 4.2.8p15@1.3728-o Fri Feb 5 22:07:56 UTC 2021 (1)", processor="amd64", system="FreeBSD/12.2-STABLE", leap=00, stratum=1, precision=-24, rootdelay=0.000, rootdisp=1.015, refid=GPS, reftime=e579b796.df8aca69 Fri, Dec 31 2021 11:08:38.873, clock=e579b798.9b3b4c7a Fri, Dec 31 2021 11:08:40.606, peer=1700, tc=4, mintc=3, offset=-0.002700, frequency=-6.038, sys_jitter=0.003059, clk_jitter=0.001, clk_wander=0.003

Computer with U-Blox GPS

PPS Peer 127.127.20.0 .gps. 0 l 6 16 377 0.000 -0.001 0.000 ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== oGPS_NMEA(0) .gps. 0 l 3 16 377 0.000 +0.000 0.001 time-d-g.nist.g .POOL. 16 p - 64 0 0.000 +0.000 0.000 0.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000 0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 0.pfsense.pool. .POOL. 16 p - 64 0 0.000 +0.000 0.000 *time-d-g.nist.g .NIST. 1 u 40 64 377 35.688 +3.124 1.447 +time-d-g.nist.g .NIST. 1 u 9 64 377 35.765 +2.721 1.666 +time.nullrouten 132.163.97.1 2 u 54 64 377 59.810 +3.261 0.899 ntpq -c rv associd=0 status=041d leap_none, sync_uhf_radio, 1 event, kern, version="ntpd 4.2.8p15@1.3728-o Wed Mar 10 18:50:10 UTC 2021 (1)", processor="amd64", system="FreeBSD/12.2-STABLE", leap=00, stratum=1, precision=-21, rootdelay=0.000, rootdisp=1.120, refid=gps, reftime=e579b6c4.00030c50 Fri, Dec 31 2021 11:05:08.000, clock=e579b6cc.a1a5c47b Fri, Dec 31 2021 11:05:16.631, peer=41531, tc=4, mintc=3, offset=+0.001608, frequency=-43.364, sys_jitter=0.000807, clk_jitter=0.002, clk_wander=0.001

@stephenw10
@johnpoz

I honestly don't remember how I turned it off, most likely with the On-Off button and not removing the power cord.
Maybe you are right and this is the reason.

If the X710 has a temperature sensor (it probably does) the FreeBSD driver does not report it via the sysctls so pfSense cannot display it at this time.

Steve

@NogBadTheBad Thanks for the suggestion, the Road Warrior concept looks interesting, I'll do some research here.

@stephenw10 The whole idea was focused around the question, "do we have to pay for a controller/MX, if an AP could do it?". Glad about your detailed answer! The DIY solution sounds not like something we want to maintain, and now I see that APs are limited here. So I think we prefer to use the suited hardware in the first place, without any custom builds.

No questions left, thank you all & Have a good new year :)

@lewis

The solution was to use SATA drives if you can believe it. Then the blade has no problem seeing individual drives and you can install pfsense mirrored to both.

Yeah, anyone buying anything like that should absolutely re-install pfSense themselves. It's probably a (relatively) clean install but you should always assume it isn't.

That particular seller has violated a number of things but IANAL so I'll not comment on specifics 😉

Steve

Well, you'd need the right adapter.... 😉

@stephenw10 12.5.2 the same version as current pfsense. What I have noticed also is heating may cause the nic not to work I have three different 10gb nics this one gets hotter than the rest. Perhaps the most hottest nics. I read it has built in control to cut off if it gets too hot so the obvious question is do you have good air flow, perhaps noctua fans or any small fan to fit on-top or close enough to cool it. Another point is that you may have to add this line of code if_glxgb_updated.ko=“YES” updated if you copied from freebsd so the default can be changed. Again I have to emphasise on cooling the nic it’s important as they get weirdly hot like touching hot pan on stove apparently it’s known issue perhaps explains why it’s cheap on eBay. Hope it helps.

Thank you all for your help, links and video's I was able to get it installed after changing the port speed and then tweaking a few settings in putty to display correctly.

I am pretty green to pfSense but it appears to be running well on this hardware platform.

Thanks again

@rhallado ele funciona, mas esta com os caracteres desconhecidos. ainda não tive tempo pra procurar essa configuração. Mas se vc já tiver essa config fique a vontade para compartilhar comigo.

Hello,
I found this thread because I also failed to install pfSense on a S940 computer. This is what I did so far:

Boot from USB-Stick For Partitioning I choose: Auto (UFS) UEFI - Guided Disk Setup using UEFI boot method Partitioning for the entire Disk and use GPT - GUID Partition Table After that, formating and installation run automatically (without problems) After installation finished, the installer asks, if I want to change to a shell. In this shell I try the commands mentioned above, but this fails. I can not mount the efi partition:

pfsense.jpg

I updated the BIOS of the S940 to version: V5.0.0.13 R1.12.0

What did I wrong?

Ah OK! Well still try it and see pretty much if you have the NIC already.

@stephenw10 said in Celeron J3160 vs I3 7167U vs I5 8265U:

core turbo rating for the 8265U

OK, thanks
other precision I wish to be in fanless

@iculookn said in Cant find WAN or LAN during install on QOTOM Q878GE 8 port:

and other magic

Ha. Sometimes that can help. 😉

@grimmsh0t said in PFSense Build - New to PFsense:

seems my home lab is always changing so its a constant money pit.

Well lab are yeah money pits ;) Not all that bad for "lab" use when your going to turn on the stuff here and there to lab something..

But 24/7 is not a "lab" ;)

See all the time elsewhere where "labs" are a subject -- that is not a lab.. That is your network, and your tinkering with it.. .Sorry but something that is on 24/7 and use every day for file storage and other things like plex and whatever - is not a lab ;) Its your network..

And neither is your soho router and a raspberry pi - hehehe

To me a lab is something doesn't matter if on or off, has no effect on your normal network.. Wife has no clue if your lab is on or off.. You could blow it up from a config standpoint, and your normal network users wouldn't have a clue.. Then its a lab.. If your tinkering around and wife screams hey what happened to the internet, good hint its not a "lab" ;)

Now you can lab stuff on your network ;) But if someone could scream hey X not working where your doing it.. Its not a lab - hehehe.

Which console are you using?

The configs on that site do not have the serial console enabled so you will see nothing after root is mounted at boot if you're looking there.

Those configs have a bridge which is generally a bad idea. But additionally it is configured badly for that type of setup. The IP and DHCP server is on the LAN interface rather than on the bridge interface itself. That means that if you connect a device to the OPT ports and do not have the LAN connected it will fail.

It's configured to send all your traffic via the VPN so the available bandwidth will be dependent on the VPN speed which could be limited by either the provider or the CPU in the firewall.

Steve

@steveits,

Currently, I have not so speedy DSL and the VPN is used exclusively by me in one of two circumstances:

I am on a public WiFi and I wish to ensure treatment of my data such that it is fully encrypted
or I am not at my home and wish to access resources (my file server, a Linux system I need to test something on, scripts I have that I use with customers from time to time, etc...)

So for me, encryption speed is currently not an issue, however, I can see where it would also be a consideration when my internet choices are higher speed connectivity too, as why let software based encryption frustrate the higher internet speed you might have and one day i might have? After all, I do not regret having DSL instead of accessing the internet with a Hayes 300 modem!

My first thought was why force people to have AES-NI hardware if pfSense can be designed to not need it or to make the AES-NI portions of pfSense "pluggable"? However, in succession to further consideration I realized that Intel will eventually sell no chips without AES-NI (if they have not stopped selling chips without AES-NI already) and after the passage of more time the only "older hardware" will all have AES-NI based chips in it. At that juncture the point of if AES-NI is required or not will be as moot as anyone being concerned if pfSense can run on an Apple II, TRS-80, or Commodore PET. Thus, I realize that the only intelligent choice is to plan on purchasing hardware that either has AES-NI built in, or expect the lifetime of hardware not supporting AES-NI to be short lived. Clearly, no one will just keep running the last version of pfSense to work on non AES-NI hardware, as why have a firewall if the software it is out of date? The very fact that my DSL modem, made by Zyxel, has NEVER had a firmware update produced in over 3 years is precisely why I run it in bridge mode and have a firewall (currently Gargoyle, my open source router firmware does this for me). Given that Gargoyle does not support 802.11r/k/v/w and I want to use those technologies, I am going to migrate to OpenWRT for router firmware. Part of that migration I plan is to use a pfSense instance as my actual internet facing router, whilst my OpenWRT based APs will move onto my LAN and be facing the DSL modem as one AP does now.

In closing, I must admit that your comments did force me to think more deeply about this issue and to conclude that the future is surely hardware ensconced encryption.

Thank you again and do have a most happy, healthy, blessed, and safe/thug-free holiday season.