@ivor:

Let's try again :)

@jahonix:

I change my car more often so why not change a security appliance when requirements bump up? A good working unit can still be sold then.

And if you read some background information about what netgate is working on you might want to replace your unit within this three year time span anyways.

What did you mean by this?

He is aiming for: netgate is making new software, some of it might require new hardware.

Yeah I would still expect you to see Gigabit easily but it's a much better test to use other devices for the iperf client and server.

Just as an example I can see line rate Gigabit (~940Mbps) with pfSense as one end of the iperf test, as you're doing, on an old E4500. That's using em NICs.

Steve

It's almost certainly an MTU issue. The additional overhead PPPoE introduces limits the packet size.

This was clients running pfSense as an IKEv2 endpoint over a PPPoE connection vs other clients running the same setup on cable say?

And other traffic was OK, just IPSec failing?

All traffic over IPSec? Pings still passing at small packet size for example?

Steve

Thanks to all who helped with this!  Once I get it into production I'll watch the logs.  If they start getting too huge I'll re-address the quesiton

Adding new drive for squid cache drive

try to mount on /var/squid/cache as gui default

exp : your ssd as ada1

gpart create -s gpt ad1
gpart show ada6
gpart add -t freebsd-ufs ada1
newfs /dev/ada1p1
gpart show

now your ssd as /dev/ada1p1
then try to mount as proxy cache drive >>> mount /dev/ada1p1 /var/squid/cache
then ckeck list all drive >> df -h

Dont forget to lock your drive to system at fstab.*  ( edit file at /etc/fstab.*)

add this to fstab >> /dev/ada1p1      /var/squid/cache  ufs  rw,noatime        2  2

Good luck  ;)

Good to hear.

Always nice to have more router ports.

Why can you not just buy direct.. I do believe they will ship overseas..

I show exchange rate currently
750 USD =704.080CHF

And then you pay for shipping..

What is the driver required? How does it appear in FreeBSD?

Steve

The ALIX/m1n1wall is very RAM restricted. If it's failing to boot it's probably exhausting the 256MB is has available. That might be logged but if you're running Nano and hard reboot it those would be lost.

Checking the serial console would be my next step here.

Steve

That connection definitely will do great on an APU2.

I have lots of power cuts too. Running a Qotom i5 with pfSense and ZFS filesystem (copies=2 setting). Have had frequent hard-power-downs with no issues. Also have an APC UPS and run apcupsd in pfSense.

Once u insert a dedicated FW, you are basically separating the functions that your One Box used to do.

With a dedicated FW, you should end up with: Plain-Modem–---FW-----AP.

You have what I call a Gateway, a 3/4-in-1 box:  Modem+NAT+WIFI+4portSwitch.  ISP loves to give u those because is easier to maintain one box than 3 or 4, but that construct doesn't work for people who want a dedicated FW, and you cannot disassemble, and often cannot disable part of the Gateway you don't want.  For example I had an AT&T Gateway that I cannot disable its NAT.  A dedicated FW will be doing NAT, so now you are double-NATing, not a good situation.

Want dedicated FW, you will be playing with the big boys$$.

@firefox:

I guess if the rear fan works without breaks
The temperature will drop to a lower level

Dude, the pic shows the cpu is sitting at only 35c, the ZONE is the one getting 55.  What is this ZONE? Not the cpu I don't think.  Does this temperature stay static? come up like that the minute you boot, then it's a bogus sensor to be ignored, otherwise some part of the Mobo, not cpu, is getting the 55c.  Own an IR thermometer? real fun and useful.

@wgstarks:

I didn’t have any problems with mine. Make sure you re-install though. I wouldn’t trust the pre-installed software.

Oh no prob there, I got the bare bone, only trusting brand name Crucial+Sandisk. This is my production box, don't need no strange issues.  10 days now 24x7. If it doesn't break the next 20 days, I should be OK.

Before throwing out that C1327 try…

system/advance/network...

CHECK Disable hardware checksum offload
CHECK Disable hardware TCP segmentation offload
CHECK Disable hardware large receive offload

As said the LCDPROC site got a list.  If ur in a tight budget, just input your query searches into eBay, sit back and be patience.

The last thing u said, WAN is the bottle neck.

Extra LAN ports on a firewall is really intended if you have multiple LAN segments (subnets) and the FW box can be configured as a router to route those subnets.

Plus ask yourself, do you want to ship gigabits IntraLAN traffic through the FW, with its limited resources? or give it to a dedicated box like a switch?

@johnkeates:

@VAMike:

Do you actually mean PCI slots or do you mean PCIe slots? Actual (ancient) multiport PCI cards will burn through any possible energy savings on the CPU side.

He means PCI-X, not PCI or PCIe. But in the PCI-X case, also power burns all.

PCI-X is dead, so he won't find that. My thought was that someone might be trying to reuse an ancient quad port card (even if it were PCI-X that spec was backward compatible with PCI so that might work even if it performed horribly). Or (hopefully) someone is just using the wrong term for a PCIe port.

There were, once upon a time, PCI-X to PCIe bridges, but that's firmly in "just don't do that" territory.