i cant really help you with the solution to the problem, but i tested a bit more:

first i installed pfsense 2.4.2 on an old computer with complete different hardware and i had the same problems

then i installed pfsense 2.3.5 (32bit) on that old computer, and voila: it worked.
After a restart it didnt work and i always had to reassign the interfaces again. using the tricks to avoid that didnt help, since the interface itself was found on boot but wasnt available as ue0.
the only way to get the interface to work after a restart: when the reassign-dialog came up, unplug the usb-interface and plug it in again. then just assign whatever interface you want and in the end, where you have to answer the question if you want to continue with that settings, just say no. and then it uses the re-plugged interface correct.

after all the testing i think the interface or the interface-driver itself is not the problem. i think its the usb-driver itself or maybe some energy-saving-stuff inside it.
i gave up after that since i dont have many options to change energy-saving in bios.

maybe you can try and disable all energy-saving-stuff in bios that could interfere with usb.

Now it looks good.
FYI it is good to check, bands used by Your Provider.

For example:
T-Mobile drops you down to worse band on traffic idle.

For me the best is B3 and B20 (so I stick to it)
B7 sucks (so I exclude it from AT!BAND)

AT!GSTATUS?
!GSTATUS:
Current Time:  20815            Temperature: 40
Bootup Time:  20762            Mode:        ONLINE
System mode:  LTE              PS state:    Attached
LTE band:      B3                      LTE bw:      15 MHz
LTE Rx chan:  1798              LTE Tx chan: 19798
EMM state:    Registered    Normal Service
EMM connection:RRC Idle

RSSI (dBm):    -52            Tx Power:    0
RSRP (dBm):    -79          TAC:        xxx
RSRQ (dB):    -12            Cell ID:    xxx
SINR (dB):    20.8

BTW
I assume that module for usie (ethernet device) is not compiled into NanoBSD kernel ?, am I right ?
How does it look like on full Pfsense install ?

Lack of qmi on FreeBSD makes me unhappy :-(

I have configured this fab little device to route via openvpn to my central pfsense box.
I think I will need to manually limit the routing via firewall rules; as all clients are visible to each other,
regardless of the "Inter-client communication" checkbox status.

I managed to get rid off sdhci controller timeout and install pfsense on eMMC by changing some settings in BIOS

In Chipset -> South Bridge -> SCC Configuration i have
SCC SD Card Support : Disable
SCC eMMC Support D28: Enable
eMMC Max Speed: HS400
SCC UFS Support D29: Enable
SCC SDIO Support D30: Disable

Board Up Squared BIOS Version: UP-APL01 R2.1 (UPA1AM21) (09/01/2017)

I found rufus to much whistles and bells for simply imaging a MicroSD or CF card,
and always used Win32 Disk Imager which has a simple interface.

After all the previous attemps, it's best to reset the MicroSD to a clean state (formatting is not enough).
Download Win32 Disk Imager :
https://sourceforge.net/projects/win32diskimager/

Download Western Digital Data Lifeguard Diagnostic for Windows :
https://support.wdc.com/downloads.aspx?lang=en

After download and installation of the Western Digital program, plug the MicroSD card in your computer/laptop
Open Western Digital Data Lifeguard Diagnostic , and accept the user agreement and click next.
Select from the list your MicroSD card and click the yellow icon and choose "erase".
Ignore the warnings and proceed, and choose "Quick erase".
This takes a few seconds to a few minutes.
When ready, close the Western Digital program and go to Windows diskmanagement.
The MicroSD card will appear as RAW, richtclick on the MicroSD and choose to format,
and select quick and Fat32.

Your card is now clean and ready to proceed for the next step

Open Win32 Disk Imager and choose the driveletter that corresponds with your MicroSD card,
click on the diskette icon and browse to the location of your .IMG file and click write.
This writing can take a while, depending on the speed of your MicroSD.

If the MicroSD card boots, and everything is set up, then you can take a image also with the
Win32 Disk Imager tool.
You must then select the diskette icon, select a location where you want to store your image,
and type a name for your image.
Then click the button "read", and the imaging will start.

Grtz
DeLorean

I’ve done the same at my mothers house using a rasberi pi and OpenVPN. Also gave her a second SD card so if the first got hosed she’d plug in the replacement. For £20 all in its perfect for remote access and also has a good 10mbps openvpn througput!

They may not get 14.8Mpps 10Gb line rate 64byte packets, but I would think they could get near or at 10Gb/s of throughput for average packet sizes.

Netflix can get about 50Gb/s out of stock FreeBSD+nginx for hosting their services. Mostly limited to memory bandwidth. Netflix has made special tweaks to get up to ~90Gb/s, mostly by reducing the copying of data, allowing for more efficient use of memory bandwidth.

My 3.2ghz i5 Haswell quad is forwarding 1.4Mpps with NAT+HFSC+Codel @ 17% cpu, less than 1 core. Measured with iperf from my windows box with Intel i210 sending to public internet target iperf UDP 1Gb server. pfSense was showing about 1.45Mpps hitting the LAN and about 1.45Mpps leaving the WAN with HFSC configured to 1Gb/s. I assume the pps was limited by my Windows box being around 70%-80% cpu while attempting to send that many packets. Top showed a load of about 0.64, which is only about 17% of the 4.0 max load for my quad core. Unfortunately I was monitoring this via the web UI instead of SSH, so some amount of that load is the inefficient web UI. My provisioned rate is only 150Mb/s, so iperf was reporting ~85% loss, but I mostly cared about the reporting pps for the interfaces, not iperf stats.

Suricata is going to ruin most of this, but I assume memory bandwidth is going to be a big factor. You're going to want lots of bandwidth(quad channel), lowest latency, and probably 8 cores and plenty of L3 cache. <– my layman's opinion

Thanks for the reply's, i did order a bare bones q355g4.

i do like to tinker, so my plan right now is 8gig ram, 128 msata ssd. Esxi 6.5 with pfsense, sophos utm 9 and sophos xg.

i of coarse will only run one at any time, it is just a quick way to play with what ever i feel like.

if it doesn't work out i will find a use for it and look into a more custom mini.

I double NAT with my ISP. I have the option to bridge, but once already they accidentally switched me back to "Gateway" mode because that's the standard. I'd rather not be different if there's not much benefit. I placed my firewall in the DMZ of the ISP's gateway, allowing pfSense to control all of the port forwarding and UPNP related features.

Leave HT / Multi-threading on.

Thanks for the feedback's! :)

@johnkeates:

Looks like a MiniSys reseller to me.

yes it's the same company.

@FranciscoFranco:

Iwill used to be a noted server maker around Y2K. Looks like this is not the same company.

Just remember that these chicom specials are disposable boxes and there will be no real warranty.

maybe, I'm not sure.. but they are in business more than 10 years.

I have received my package, super fast delivery with good condition.
I didn't have time to test it yet but I will update you later regarding the installation and performance .

@johnkeates:

I don't think those are available in a virtual environment. In Xen and KVM it won't work by default anyway. But this is a job you should handle at hypervisor level or control-OS level anyway.

Okay thanks for the reply. I was just looking for something easy to monitor it on the dashboard as I often keep it open, but if it's a no-go then I'll stick with monitoring on the host.

@johnkeates:

Well, now we know. Bloody ISPs and their bad uploads!  :-X

I am disappointed, years ago I had much better performance, but it was before I setup a VPN connection. I was simply streaming an IP camera (strong password and only allowed from specific WAN IPs) then I setup OpenVPN, speeds were not really an issue since the camera worked just fine, but I started testing file transfers and I always thought it was the encryption causing bad performance, turns out, the ISP is tweaking the tiers/packages. Upload doesn't matter as much as download, until/unless you are doing what I was wanting to do….....

Thanks  a lot for every hint provided.
So far all looks good

WAN Uptime: 4d 12:23:21

Don't get a J1900 indeed. Also, for Snort etc. you'll need a bit more RAM than usual and an i5 is a good "catch-all" CPU. Keep in mind that it's all going to depend on your configuration, so if you have very few rules, even an i3 will do. If you make a bad config, not even an i7 will work out, so just throwing hardware at things isn't the solution to all things ;-)

As a serial console cable? You would need to re-wire one end to a serial port adapter of some sort…. and it might be the wrong pairs twisted in the cable, but will probably work at serial speeds.

You may not need a serial console at all if you use 2.3.5 Nano at least as an initial test. If the interface types are something standard it should boot fully (and play the start-up tune) and you'll be able to hit the webgui via whichever port was assigned as LAN.

Steve

700+ isn't really gig ;) hehehe  If you were seeing 900's then you would be talking gig - heheeh

Whats your upload? You symmetrical?

While the cpu not going to be an issue - keep in mind with some of these sorts of boxes.. Your not going to want to plug your nic into old pci slot.. There is a recent thread around here were someone wasn't getting the speed they thought they should get and seems their dual port nic was on pci vs pcie and that is going to be a bottleneck..

@Mickjones75:

Now my question is this-if open vpn is “monolithic” or runs on runs on one thread. If I install PF Sense onto a machine that is a core i5 / 3.1 GHZ / 8GB / 1TB will that machine achieve close to gig speed-assuming I install a gig capable NIC.

My two cents. i5, 3.5 Ghz would be a driver for speed and not 8GB and 1TB. You can get away with half the RAM and a way smaller Hard Drive. As Open VPN is monolithic, multi threads are useless atleast for OpenVPN connection.

They best way is put together a machine or use another computer temporarily to test this out.

The choice of how much ram etc is yours. pfSense will run happily in 2Gb of RAM but I would go for a minimum of 4Gb. A small SSD or mSata is fine, a 30Gb mSata is sufficient for pfSense and say running pfBlocker, you'll need more if you run lots of other things.

My setup, and I bought mine barebones, so I used some RAM and mSata I already had is 8Gb RAM and 60Gb mSata,

The options for putting your own pfSense hardware together are endless. Basically, the main things to watch for are:

1 . CPU supports AES-NI
2.  NIC ports are Intel - There can be problems when they are not, or at least there are fewer problems with Intel NICs
3. Choose something that has been on the market for a while that has been proven to work. Some of the latest boards do not yet play nicely with FreeBSD, they will eventually but there may be driver/bios issues, so take care on some new MBs.

So, existing hardware that works out the box, and don't forget to look at Netgate Hardware, it is built for the job. I can only give you advice on the hardware I have and use, there is other hardware mentioned in this section of the forum, others will chime in I'm sure.

Here is what I use.

Qotom i5- 4 Intel Nics, The i3 would do to, the i5 is a bit of an overkill for my system but it is very quick, noticeably so when using the pfSense GUI.

PCEngines APU2 - I would stick with the 4Gb version, takes a single MSata - 3 Intel Nics - very compact and energy efficient.