@stephenw10 thanks I didn't know that one!!

Bandwidth measurements are consistent. Max download is averaging out to 450. I know I won't get the full 600/600 but I don't really need it. Thanks for all of the help.

The chances of getting that device working with pfSense are very low to zero I would think. Mostly because that's not really a NIC it's a CPU and as such requires everything that goes with that. An OS to run independently of pfSense. It may have that already but getting pfSense/FreeBSD to talk to it as a network interface would be a massive task. Steve

At what point does it stop? DO you see any errors? Steve

It appears there's a known issue with Broadcom BCM57810 adapters in FreeBSD (LACP bonding is not working well): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606 Today I tried to make some tests thru the HAProxy running on the firewall and the server has just screwed up after reaching ~140000 connections. Log contained: Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: ECORE: timeout waiting for state 1 Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: Queue(3) SETUP failed (rc = -4) Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: Queue(3) setup failed rc = -4 Aug 9 05:20:18 pfSense rc.gateway_alarm[19058]: >>> Gateway alarm: WANGW (Addr:a.b.c.d Alarm:1 RTT:2000271ms RTTsd:3249226ms Loss:21%) ... Aug 9 05:20:28 pfSense kernel: bxe1: ERROR: TX watchdog timeout on fp[01], resetting! Aug 9 05:20:34 pfSense kernel: bxe1: ERROR: ECORE: timeout waiting for state 7 Aug 9 05:21:02 pfSense kernel: bxe0: ERROR: FW failed to respond! Aug 9 05:21:02 pfSense kernel: bxe0: ERROR: Initialization failed, stack notified driver is NOT running! Aug 9 05:21:17 pfSense rc.gateway_alarm[45717]: >>> Gateway alarm: WANGW (Addr:a.b.c.d Alarm:1 RTT:0ms RTTsd:0ms Loss:100%) ... Aug 9 05:21:31 pfSense kernel: bxe2: Interface stopped DISTRIBUTING, possible flapping Aug 9 05:21:42 pfSense sshd[82110]: Timeout, client not responding. Aug 9 05:21:54 pfSense sshd[19888]: Timeout, client not responding. Aug 9 05:21:55 pfSense kernel: bxe0: Interface stopped DISTRIBUTING, possible flapping Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: ECORE: timeout waiting for state 1 Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: Queue(0) SETUP failed (rc = -4) Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: Setup leading failed! rc = -4 Aug 9 05:23:14 pfSense kernel: bxe1: ERROR: Initialization failed, stack notified driver is NOT running! Aug 9 05:23:36 pfSense kernel: bxe3: Interface stopped DISTRIBUTING, possible flapping Aug 9 05:24:23 pfSense kernel: bxe1: Interface stopped DISTRIBUTING, possible flapping Going to change the adapters to Intel.

Thanks @stephenw10 ! I appreciate your help!

Yeah, at their best USB NICs require more CPU than PCIe NICs, and a D2550 doesn't have much to spare. Also, most USB2 NICs are 100Mbps--you usually need a more recent USB3 NIC to get to 1000Mbps (or 185Mbps). You may also want to check that the USB NICs are on separate buses (the ports are usually in pairs per bus).

@floppysense said in Repurposing old i3 for Gigabit speeds?: i3-530 This i3-530 has no hardware AES-NI, will break starting with pfsense 2.5.

@ivor Thanks!

@stephenw10 said in pfSense Image for Firebox X700!: You might also consider it time to upgrade. Those original X-Core boxes are fairly ancient. Yeah - you're spot on the money, just one of these things that's laying around so I figure it can go in the workshop until it dies... I'll post back shortly with an update

The SoC in the 3100 is thermally bonded to the base plate which it uses as a heatsink. 80°C is not a critical temperature for it. Whilst a little higher than I usually see I would not worry about that as a peak reading. 65-75°C is the expected range. Obviously that depends on the ambient temperature. Are you seeing that shown as 'critical' on the Thermal Sensors widget? Those values are generic there and not taken from the hardware. It should be set higher for the 3100. Steve

@stephenw10 I just updated to the latest snapshot and its working fine. So it must be something with the stable release.

I don't argue at all with the assertion that Intel NICs are superior. And if this is for anything other than a non-critical home setup, I wouldn't even consider Realtek. However, if you're budget-constrained and willing to do a little more work, I can say that I've been running a Zotac CI323 Nano (dual Realtek RTL8111E NICs) for years without any problems. My connection is only 100/10, but iperf tests on the LAN interface suggest they're capable of at least 500+Mbps. That said, the extra work is running with the latest official Realtek driver. It's not too bad really: https://forum.netgate.com/topic/92884/zotac-zbox-ci323-nano/111

@stephenw10 said in PfSense hardware for home router - OpenVPN performance: 3200/2.7=1185 Nice. Are you able to test a reality figure on there at all? In linux with a client running on the same machine in kvm, it hit 1100Mbps. (So, zero latency internal network, but with the load of being both client and server.) I'd not expect to see that on a real link, as I don't think OpenVPN will keep enough packets in flight to fill the pipe, but the hardware can do it. That said, I'd pick a newer i3 if I just wanted a firewall with openvpn; the ryzen is overkill for that, and an i3 should hit the same numbers for less money.

@johnpoz said in Intel Gigabit port but only get 100mbps: ^ exactly... You wouldn't believe how many times have this discussion. Gig is designed to auto, if it doesn't auto then something is wrong.. You fix that something vs hard code.. Only time you would hard code is if your wanting gig to run at 100 or 10.. And then only if you know the other side is also hard-set and not auto-negotiate. About the only place this should ever be the case these days is talking to an ISP 100-Mbit metro-e or something. They often want you to hard-set 100-full for those. They should explicitly ask you to do so.

Hi guys, I know this is a super old thread - but just wondering if anyone in here could share me the a copy of the last x32 bit via DD configured for the x700 - Please see here for the actual thread with the background as to why: https://forum.netgate.com/topic/133044/pfsense-image-for-firebox-x700

NM This thread is 3 years old.. Yikes!

Make me an offer on your old hardware, because I need to build a NAS box. :) Then use the money to buy a Netgate device. :)

I can answer some of your questions but not all of them. I'll give you my experience and suggestions for the areas that I know. Regarding the build, I would recommend something newer than the N3700 series. I'm currently running an Asrock J3455 based system now with a PicoPSU, and it's pulling 11 watts on 110v power here in the US. The J3455 board was about $65 from Newegg. The PicoPSU + power brick was $55. If you have some DDR3 memory laying around and an extra case, that is all you need to get started. If you need to purchase those items, add them to the cost. For a NIC, Intel based is highly recommended. I have also had good luck with Broadcom NICs after some tweaking however, Intel NICs can be found very affordably on ebay from a working server pull. When you order the NIC, make sure you're getting one from a server recycling vendor that is selling an actual OEM product, do not order from China or you will very likely get a fake Intel NIC. Some good options are the HP NC365T, this is the same NIC as an Intel Quad I340. It uses the latest Intel IGB driver on pfsense and is very easy to tune. I have one of these NICs and it is rock solid stable, and quad port gives you room to grow. I have also used HP NC382T NICs (dual port Broadcom 5709) and HP NC360T NICs (dual port Intel 82571). Both of these also work well, they aren't quite as new as the I340 and can be found cheaply, the broadcom NIC regularly sells for under $10. These are good budget options and both of them are very stable. If going with a J3455 setup, PCIe slots are limited, and there is usually only one full bandwidth slot for an x2 or x4 PCIe card. I would recommend you buy a quad port card on the J3455 setup so that you can have a single card in the fastest PCI slot and maximize your bandwidth. IMHO, I don't like to use onboard server NICs because of Intel Manage Engine issues (security hijack point). I much prefer a separate physical NIC to assign to WAN port and LAN ports to. Because of this, using a J3455 wasn't an issue for me because it had low quality Realtek NIC onboard, and I just disabled it and used my own PCIe NIC of choice. People have issues witht he J3455 because FreeBSD had a regression in 11.1 release, which is what pfsense 2.4.3 is based on. If you run the development release (2.4.4.a), it will install natively in UEFI without any issues, that's how I run on my J3455 setup. Traffic shaping is now easy on 2.4.4.a and fq_codel is built in to the GUI on the latest pfsense builds in 2.4.4.a. I don't used pfblocker, snort, or VPN on the firewall, so I can't give you direct feedback on those items. If you're on a budget, the J3455 is a very good setup, especially if you can re-use some older components (like an old ATX case) and just stick it under the stairs. You didn't mention your budget requirements so I'm not sure what targets you're trying to hit.

The Chelsio card will work. The HP branded card probably won't after Googling it. Looks like a QLogic/NetXen device. Are you able to get the actual PCI device and vendor IDs for that? Steve