@thashen4: Hi lamjanus, I hope you doing quite well I have found that the E3845 (AES-NI) is an effective cause it uses less power and the temperature of the processor can be used at -40°C to 110°C  which makes it very agile and robust to use in different conditions. the Qotom i3 is quite expensive and I do not recommend it and I have similar device which I have Pfsense 2.4.0 and it runs quite fine https://www.pondesk.com/product/Intel-Atom-E3845-4-LAN-3G4G-HD-Fanless-Firewall-Router_MNHO-048 If he is going to run a device at -40 or 110 he is going to get one from a reputable western supplier I bet. The E3845 has no upside in this case.

@FranciscoFranco: I would stay on 802.11n chipsets. There is a newer ath10k in the works but it is not done yet. I would buy this: QCNFA222-AR5BWB222 Do note they come in different M.2 key arrangements so look hard at your existing module and match them up. Just ordered it on aliexpress NGFF M.2 format… for under $6! Lets hope it works as expected! Thank you, FranciscoFranco!

Thanks.  I am building a mini-router with a Shuttle DH110, and this will be helpful info.  I am planning to install it under Proxmox as a Virtual Machine, which is one way of it not being headless even if the host is headless.

please let us know the outcome.  that was my next purchase once i decide to replace my sg2220

@panteraboy: Hello guys, thanks for the answer. My net provider is going to give me a fiber optic connection soon, I do not see the meaning of a fiber media converter fiber to lan, I prefer a card to connect the fiber directly into pfsense pc. Serious equipment manufacturers offer such solutions: Mikrotik: https://mikrotik.com/products/group/interfaces Ubiquiti: https://www.ubnt.com/accessories/fiber-modules-cable/ LE: I forgot to mention the pc has 2 ports pci express port 1 lan card with 4 lan port, pci 2 plan to use fiber card. There is no such thing as 'a fliber card'. Fiber is just a material, a medium, just like copper. Just because something uses fiber doesn't mean it's what you think it is. It's like stating that you want a 'copper card' which can be a modem (analog, digital, ISDN, DSL, DOCSIS), a SATA card, a sound card etc and none of them will work if what you actually needed is an ethernet card. If you want something that you call 'serious', you can always just buy something like this: https://store.netgate.com/XG-1537.aspx and get a fitting SFP+ module for your fiber type. What you need (if you want to plug in fiber) is a SFP/miniGBIC adapter and a network card (not a storage HBA). Which one depends on the fiber, as there are multiple types in use. For example,  a card that does up to 10 Gigabit: https://store.netgate.com/Chelsio/T520-SO-CR.aspx And a module to connect your fiber: https://store.netgate.com/Pica8-40GBASE-SR4-Module-MMF-850nm-P2038.aspx But depending on your fiber and speed, maybe something else is enough, like this module: https://store.netgate.com/SFP-1000Base-SX-Transceiver-P2576.aspx And this card: https://www.amazon.com/Addon-Intel-Based-Single-Port/dp/B00AQMDGX0/ref=sr_1_14?ie=UTF8&qid=1515023421&sr=8-14&keywords=sfp%2B+card Fiber isn't as plug-and-play and simple as those toy home use CAT 5 gigabit ethernet over copper connections are. This is why residential setups get an NTU that converts the fiber to ethernet.

90 degree right angle pci express pci-e 16x male female converter card adapter,its what description say. Size should be fine,at least measuring with my eye :)

i cant really help you with the solution to the problem, but i tested a bit more: first i installed pfsense 2.4.2 on an old computer with complete different hardware and i had the same problems then i installed pfsense 2.3.5 (32bit) on that old computer, and voila: it worked. After a restart it didnt work and i always had to reassign the interfaces again. using the tricks to avoid that didnt help, since the interface itself was found on boot but wasnt available as ue0. the only way to get the interface to work after a restart: when the reassign-dialog came up, unplug the usb-interface and plug it in again. then just assign whatever interface you want and in the end, where you have to answer the question if you want to continue with that settings, just say no. and then it uses the re-plugged interface correct. after all the testing i think the interface or the interface-driver itself is not the problem. i think its the usb-driver itself or maybe some energy-saving-stuff inside it. i gave up after that since i dont have many options to change energy-saving in bios. maybe you can try and disable all energy-saving-stuff in bios that could interfere with usb.

Now it looks good. FYI it is good to check, bands used by Your Provider. For example: T-Mobile drops you down to worse band on traffic idle. For me the best is B3 and B20 (so I stick to it) B7 sucks (so I exclude it from AT!BAND) AT!GSTATUS? !GSTATUS: Current Time:  20815            Temperature: 40 Bootup Time:  20762            Mode:        ONLINE System mode:  LTE              PS state:    Attached LTE band:      B3                      LTE bw:      15 MHz LTE Rx chan:  1798              LTE Tx chan: 19798 EMM state:    Registered    Normal Service EMM connection:RRC Idle RSSI (dBm):    -52            Tx Power:    0 RSRP (dBm):    -79          TAC:        xxx RSRQ (dB):    -12            Cell ID:    xxx SINR (dB):    20.8 BTW I assume that module for usie (ethernet device) is not compiled into NanoBSD kernel ?, am I right ? How does it look like on full Pfsense install ? Lack of qmi on FreeBSD makes me unhappy :-(

I have configured this fab little device to route via openvpn to my central pfsense box. I think I will need to manually limit the routing via firewall rules; as all clients are visible to each other, regardless of the "Inter-client communication" checkbox status.

I managed to get rid off sdhci controller timeout and install pfsense on eMMC by changing some settings in BIOS In Chipset -> South Bridge -> SCC Configuration i have SCC SD Card Support : Disable SCC eMMC Support D28: Enable eMMC Max Speed: HS400 SCC UFS Support D29: Enable SCC SDIO Support D30: Disable Board Up Squared BIOS Version: UP-APL01 R2.1 (UPA1AM21) (09/01/2017)

I found rufus to much whistles and bells for simply imaging a MicroSD or CF card, and always used Win32 Disk Imager which has a simple interface. After all the previous attemps, it's best to reset the MicroSD to a clean state (formatting is not enough). Download Win32 Disk Imager : https://sourceforge.net/projects/win32diskimager/ Download Western Digital Data Lifeguard Diagnostic for Windows : https://support.wdc.com/downloads.aspx?lang=en After download and installation of the Western Digital program, plug the MicroSD card in your computer/laptop Open Western Digital Data Lifeguard Diagnostic , and accept the user agreement and click next. Select from the list your MicroSD card and click the yellow icon and choose "erase". Ignore the warnings and proceed, and choose "Quick erase". This takes a few seconds to a few minutes. When ready, close the Western Digital program and go to Windows diskmanagement. The MicroSD card will appear as RAW, richtclick on the MicroSD and choose to format, and select quick and Fat32. Your card is now clean and ready to proceed for the next step Open Win32 Disk Imager and choose the driveletter that corresponds with your MicroSD card, click on the diskette icon and browse to the location of your .IMG file and click write. This writing can take a while, depending on the speed of your MicroSD. If the MicroSD card boots, and everything is set up, then you can take a image also with the Win32 Disk Imager tool. You must then select the diskette icon, select a location where you want to store your image, and type a name for your image. Then click the button "read", and the imaging will start. Grtz DeLorean

I’ve done the same at my mothers house using a rasberi pi and OpenVPN. Also gave her a second SD card so if the first got hosed she’d plug in the replacement. For £20 all in its perfect for remote access and also has a good 10mbps openvpn througput!

They may not get 14.8Mpps 10Gb line rate 64byte packets, but I would think they could get near or at 10Gb/s of throughput for average packet sizes. Netflix can get about 50Gb/s out of stock FreeBSD+nginx for hosting their services. Mostly limited to memory bandwidth. Netflix has made special tweaks to get up to ~90Gb/s, mostly by reducing the copying of data, allowing for more efficient use of memory bandwidth. My 3.2ghz i5 Haswell quad is forwarding 1.4Mpps with NAT+HFSC+Codel @ 17% cpu, less than 1 core. Measured with iperf from my windows box with Intel i210 sending to public internet target iperf UDP 1Gb server. pfSense was showing about 1.45Mpps hitting the LAN and about 1.45Mpps leaving the WAN with HFSC configured to 1Gb/s. I assume the pps was limited by my Windows box being around 70%-80% cpu while attempting to send that many packets. Top showed a load of about 0.64, which is only about 17% of the 4.0 max load for my quad core. Unfortunately I was monitoring this via the web UI instead of SSH, so some amount of that load is the inefficient web UI. My provisioned rate is only 150Mb/s, so iperf was reporting ~85% loss, but I mostly cared about the reporting pps for the interfaces, not iperf stats. Suricata is going to ruin most of this, but I assume memory bandwidth is going to be a big factor. You're going to want lots of bandwidth(quad channel), lowest latency, and probably 8 cores and plenty of L3 cache. <– my layman's opinion

Thanks for the reply's, i did order a bare bones q355g4. i do like to tinker, so my plan right now is 8gig ram, 128 msata ssd. Esxi 6.5 with pfsense, sophos utm 9 and sophos xg. i of coarse will only run one at any time, it is just a quick way to play with what ever i feel like. if it doesn't work out i will find a use for it and look into a more custom mini.

I double NAT with my ISP. I have the option to bridge, but once already they accidentally switched me back to "Gateway" mode because that's the standard. I'd rather not be different if there's not much benefit. I placed my firewall in the DMZ of the ISP's gateway, allowing pfSense to control all of the port forwarding and UPNP related features.

Leave HT / Multi-threading on.

Thanks for the feedback's! :) @johnkeates: Looks like a MiniSys reseller to me. yes it's the same company. @FranciscoFranco: Iwill used to be a noted server maker around Y2K. Looks like this is not the same company. Just remember that these chicom specials are disposable boxes and there will be no real warranty. maybe, I'm not sure.. but they are in business more than 10 years. I have received my package, super fast delivery with good condition. I didn't have time to test it yet but I will update you later regarding the installation and performance .

@johnkeates: I don't think those are available in a virtual environment. In Xen and KVM it won't work by default anyway. But this is a job you should handle at hypervisor level or control-OS level anyway. Okay thanks for the reply. I was just looking for something easy to monitor it on the dashboard as I often keep it open, but if it's a no-go then I'll stick with monitoring on the host.

@johnkeates: Well, now we know. Bloody ISPs and their bad uploads!  :-X I am disappointed, years ago I had much better performance, but it was before I setup a VPN connection. I was simply streaming an IP camera (strong password and only allowed from specific WAN IPs) then I setup OpenVPN, speeds were not really an issue since the camera worked just fine, but I started testing file transfers and I always thought it was the encryption causing bad performance, turns out, the ISP is tweaking the tiers/packages. Upload doesn't matter as much as download, until/unless you are doing what I was wanting to do….....