Got it going, in case anyone is interested, follow the outbound NAT rules created in this thread: https://forum.netgate.com/topic/151649/pfsense-and-meraki-z3/47

It can certainly be as stable, sometimes more so. The hardware presented by a hypervisor to pfSense is very generic and usually well tested. No exotic driver controllers etc! There are advantages to running as a VM. Take a snapshot before an update (or any change) to reduce the risk to close to zero. There are disadvantages. Is it secure? It's easy to misconfigure something and end up connecting it outside the firewall. What happens if you have to reboot the hypervisor? Are you in a chicken and egg situation where the hypervisor needs pfSense to be running? Those are things to be aware of. Test it and make sure the hypervisor can reboot. There are lots of people running virtualised. Steve

Driver for this card is implemented in sys/dev/ixl/if_ixl.c and I see several improvements this year.

We have a review of similar AS -1014S-WTRT in the FreeBSD hardware database.

Just came here to say thanks for this tip. My wife has on more than one occasion accidentally hit the power button while moving stuff around in our closet and caused our SG-5100 to promptly shut down. Grr! I used the System Tunable method. Problem solved! [image: 1594509541704-93838b45-f0a1-4de5-aec1-6a88ae271767-image.png]

Similar thing happens on the Intel S1200BTL, BTS boards. Use UEFI instead of Legacy that solves the issue.

You could try the other values shown at that link. It's odd that you need them though. Even given you're running with PPPoE I would have expected that CPU to pass 100Mbps easily. Check for errors in Status > Interfaces. You are seeing the full line rate if you test from pfSense using speedtest-cli so it looks to be a LAN side issue. But you're also seeing >300Mbps to the LAN directly which implies some routing problem maybe. It looks like you've tried a while bunch of different things here. It's possible you have something left over or a conflicting setting. I would probably reinstall clean and see what you get with a default config there. 100Mbps just shouldn't be a problem. A lot of those tweaks were aimed at getting 1Gbps through that box. Steve

Ha nice.

There are certainly easier platforms you could use! Depends what you're in it for, you could probably learn quite a lot from trying to get that working even if it doesn't work. What NICs are those? If they're not em or igb (Intel) then I'd probably move on to something else. It's almost certainly possible to get it working but it could be challenging. One of those unpopulated headers on the expansion card may well provide a jumper to set the relays. Otherwise it would be a matter of probing in software which is needle/haystack time without any clues to help. Does it still boot the original OS? The bootlog from there may give is a clue. Cymphonix have done it right with that expansion card. Unlike some other devices that look more like something I could have done myself just to get it working. Steve

@Rico Not anything I have access to. There probably are things that have fast enough single thread performance to do it. https://www.cpubenchmark.net/singleThread.html If we assume it scales we could probably guess at what is required... I would expect to need a score there of at least 2200 to get close to 1Gbps using AES-GCM in ideal conditions. Which isn't too wild a requirement. More data needed! Steve

Try geom part list. It looks like mounted slice just isn't any bigger that 2TB. Steve

@DaddyGo thank you very much..... I will first try with a usb vodafone zte 4g modem that i have...maybe less trouble thank you very much. there is no info about this stuff around the net.

@stephenw10 HI, Unless people have an equiped workshop with rework tooks and good SMT skills and the nessasary programmers and code then its not a viable for people to do. Speak with the people who repair your devices at component level they will have certainly come across the problem and know how to resolve it. I've now had quite a lot of people contact me saying that they have a bricked device with the same symtoms we experianced and the serial console regardless to baud rate setting is displaying garbage. It seems its more common than has been talked about. Happy to help anyone who has the nessasary tools and skills to be able to recover their device.

@johnpoz - solid advice!

Does the dashboard now show it running at full speed? Any test where the 2220 is actually running iperf is not a good one. pfSense is not optimised as TCP terminator. Really you need to test through it, with an iperf3 server on one interface and a client on the other. Running iperf3 on the 2220 will itself use a lot of CPU leaving far less for actually moving traffic. Steve

@czar666 We use many pcEngines MOBOs and almost all have different sounds at shutdown and start-up. According to our observations, the sound you hear usually depends on the amount of stopping and starting processes and resource requirements. This small unit is not a power machine and it also depends on processes how long it takes for sound exactly what state you are restarting from. The latest BIOS 4.12.0.1: https://pcengines.github.io/#mr-35 It’s good to hear that you’ve achieved a reassuring result. PS: 4.11.0.6 not recommended "stepping stone" in the BIOS life, for example we did not update to this release. (4.11.0.4 similarly, can cause problems)

@SmokinMoJoe I agree with you, we also use VMware ESXi and Xen hypervisors, but not for pfSense, these are super things, but in my opinion - not at the main front door. (if a hypervisor system dies, a lot of things die with it)

@ColinGill I wish I could remember. I ended up running opnsense on it for a while and I've since switched over to a 1U Supermicro server.

And I use my PCIe 2.0 card in a 1.1 slot. Works fine.