ok thank you

Some USB devices have multiple config indexes that result is different interfaces being exposed. You can check it using usbconfig -d ugenX.X dump_all_config_desc

If your device has multiple config indexes you can selet a different on at run time using usbconfig -d ugenX.X setconfig X.

If that gives you the interfaces you need you can add a device quirk to /boot/loader.conf.local to force that every time the device is connected. hw.usb.quirk.0="VendorID ProductID LowRevision HighRevision UQ_CFG_INDEX_X"

Steve

The real issue had to do with EFI. I experienced the same with the Mac Mini Server 2011 and had to end up installing pfSense from a CD. It might be using the DD command in Terminal on Macs some how not creating an EFI boot partition. I downloaded Etcher for Macs and created an Ubuntu USB boot disk to put on the HP Pavillion a6242N to give away, and it worded flawlessly. So, this coming weekend when I'll be back home, I create a pfSense 2.4.4 USB stick to see whether that works.

2nd vote for an SG-5100.

@stephenw10 said in Intel I5-3470 8GB RAM:

This looks likely:
https://www.reddit.com/r/networking/comments/6upchy/can_a_bsd_system_replicate_the_performance_of/dlvdq2e/

That is more relevant to TNSR though.

Steve

Thanks! I searched for that quite a bit but didn't find it again. Although yes it speaks of TNSR, the raw ns calculations stand (with first gen Ryzen's at least) and the higher the bandwith (talking about 10gbps) the more latency comes into play. It's quite highly technical but it has it's reason, that intel dedicated chipset series like the Atom C2xx8/3xx8 for network usage as for Ryzen's more a general purpose desktop system. For speeds up to 1gbps ranges that might not come into play but if we talk bigger bandwiths I'd definitly keep that in mind.

Hmm, interesting. You did not have to run usb_modeswitch after rebooting (or before)? The modem mode was switched automatically?

Did you use those packages from the FreeBSD 11.2 repo?
The usbids file you used looks to be newer, I assume that was required?

You obviously don't actually need nano but apart from that you needed all 4 other pkgs to do this?
I expected just usb_modeswitch to get it working.

You can use ee instead of nano which is included or vi of course if you're a masochist. 😉

I've never played with usbutils or usbhid-dump specifically. Makes me wonder what else might be possible there...

Steve

@tman222

Thanks tman222!

I think that's a good idea. FS actually has the custom option there to select chelsio compatibility.

@Derelict

I appreciate your thoughts on the matter.

In my experience, fiber has it's own set of reliability issues (physically weak, requires careful handling, no pinching/bending/pulling, dust and debris can quickly ruin a connection.)

Not saying that it's worse than a custom DAC or CAT 6/7 solution for patching, but I'm just not convinced it's absolutely superior either. I'll think about it. I think I like the elegance of a custom DAC, especially when FS can make them for so cheap anyway... If the system changes at a later date, I don't mind the DACs being throwaways if they served their purpose.

At least one of the 10G connections out of the pfsense box needs to be a 10GBaseT to go to the Intel 10G integrated on the motherboard of the SIEM appliance, so in some ways I'm a bit married to some copper here.

No problem 😉
I like that casing though! 😄

@tman222 yes is it the ASIX driver.

ugen0.6: <ASIX Elec. Corp. AX88179> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=ON (124mA)

fortunately, this is a working solution to give (an otherwise unused) NUC some purpose

It blocks all incoming connections by default so should be secure out of the box. 😉

But you can install additional packages to improve that. Typically you might use Snort or Suricata for active IDS/IPS. The pfBlocker package allows you to add blacklists to deny outbound connections to.

https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html

https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html

However you would want to be careful applying those as the RAM in the SG-1100 is limited and both those packages can use a lot of RAM if you just choose all the lists available.

Steve

Ok, cool.

So I have nearly a year into the J5005 setup. As you can see via vpn I can nearly max out my At&T Fiber 1000 connection using 2 concurrent VPN connections to AirVPN. I had 8 different Linux Mint Torrents downloading at the same time to achieve this. CPU does not have a fan and at max speeds hovered around 60C.

Hardware:
AsRock J5005-ITX
4gb Corsair DDR4-2400mhz
HP NC360T PCI Express Dual Port Gigabit Server Adapter

I did make a modification to the PCIE x1 slot to allow for a x16 riser card to work.
ATT Provided BGW210-700 in pass-through mode

vpn.PNG

Have a look here for Xeon D based systems....

https://tinkertry.com/

If that’s too expensive I’d recommend a used Dell Optiplex 9020 Small Form Factor (SFF) with an Intel 4770 or 4790 CPU.... you can get up to 32GB of RAM.

I use this system with a fake Intel 350 4 Port Nic in one PCI slot. The other PCI slot holds a PCI Express Adapter for a NVME SSD. I boot Esxi off a USB thumb drive.

Cant say if it’ll meet your performance requirements, but its a good value system.
You’ll have a 3.5” slot for a high capacity HDD ...( no drive redundancy )

@bubbletop said in Pfsense on a new HP Microserver GEN10:

has someone an idea wether the Gen10 has more horsepower than the SG 3100?

The comparison is void as the SG3100 is ARM vs HPs little buddy is a low-cost Intel architecture. With all the Intel bugfixes etc. and Hypervisor in between, I'd guess the SG-3100 would be a faster solution (and cheaper/more power efficient) than HP. But it depends on the variant and CPU of the HP, there were various build on a G10 with different CPUs/APUs.

Well here is the Forum thread for this: https://forum.netgate.com/topic/135850/official-realtek-driver-binary-1-95-for-2-4-4-release

-Rico

Ah, nice! Fingers crossed that fixes the timeout issue.

Steve

Well I was able to get the 10G ports working with the new driver from FreeBSD however the driver doesn't seem to have MDIO support so no way to connect into the marvell switch on board.

Yeah, you will likely need to configure any v-switch in hyper-v to pass vlan 2 to the physical port also. Unless you have a NIC that is passed through to the pfSense VM directly.

Steve

Thx.... I easily reseted the Mainboard.... Now it runns