Thanks all, I will give this a go when I get some quality home lab time, hopefully this weekend.

@stephenw10 Yes, I am booting from the Emmc -- I have not attempted the SSD yet. Being a new board I wanted to get the built in storage stable if possible first before an added SSD.

@pbhl8y12 said in X540-AT2 10G NIC from eBay not working: X540-T2 NIC Is this a original Intel NIC with the original Intel firmware? If not you should try out to get hands on the original Intel Firmware and flash it on an Windows or Linux PC onto the card (NIC) to prevent that art and wise of error.

@knight-of-ni Did I offer how I got there are great knight keeper of ni?

@stephenw10 In the meantime I just tried to do iperf3 between two servers (with pfsense in the middle) and I only got: [SUM] 0.00-20.00 sec 10.1 GBytes 4.33 Gbits/sec 12919 sender [SUM] 0.00-20.01 sec 10.0 GBytes 4.31 Gbits/sec receiver If I set the pfsense box as a iperf3 server I get the results I told before: [SUM] 0.00-60.00 sec 56.8 GBytes 8.14 Gbits/sec 12804 sender [SUM] 0.00-60.00 sec 56.8 GBytes 8.13 Gbits/sec receiver

@riahc8 said in Are 4G modules inside firewalls compatible with pfSense?: @dobby_ said in Are 4G modules inside firewalls compatible with pfSense?: @riahc8 pfSense CE 2.6 / pfSense CE 23.01 Seirra Wireless MC7700 4G/LTE Sierra Wireless MC7710 4G/LTE Sierra Wireless MC7455 4G/LTE So they are picked up by pfSense and can be used as a WAN interface? Intresting... Didnt expect it. [image: 1680022800450-modem.jpg] Yes you can use them then as an WAN interface let us say. pfSense CE 2.6 / pfSense CE 23.01 Seirra Wireless MC7700 4G/LTE - miniPCie (full length) Sierra Wireless MC7710 4G/LTE - miniPCie (full length) Sierra Wireless MC7455 4G/LTE - M.2 (half length) Install the modem, install the cellular package, find out the ugen number of your modem, find then out the right cuaU port, probe that port in console, create then an interface, and set up in the interface area mobile ISP, name and password an so on. Then create if needed a Gatewaygroup and balance over that the enitre traffic or let the modem only the fallback option, or perhaps the only one WAN port. Like you need it.

This is not an easy task. There is no FreeBSD driver that includes support for that hardware. So to make that work in pfSense you need to add that hardware ID to the driver then compile it in FreeBSD and move it to pfSense. If that hardware device has any different requirements to the other chips you will also need to add code to support that in the driver. Swapping it out for a supported NIC will be waaaaaay easier! Steve

I'm interested in ballpark IMIX and IPERF over IPSEC throughput for these older models 8 core CPU - C2758 any results from models SG-8860, C2758 4 core CPU C2558 SG-4860, E3845 MBT-4220 C2358 SG-2440 2 core E3826 MBT-2220 C2338 SG-2220 Or - Where do these older boxes line up against the 4100 and 6100 appliances in terms IPSEC throughput? For ipsec throughput, are there general trends / corellations with core counts vs base cpu clockspeed vs number of tunnels acknowledging in practical terms, we're probably bottlenecked by the ISP's offnet traffic shaping Qualitatively, how does Wireguard throughput compare against IPSec without QAT acceleratoin on CE ? I'll assume past C3558 based appliances, perform roughly about the same as the 6100, assuming 1 gbit interfaces. I got side tracked with IPERF3 - the top google result points to an out of date windows binaries from 2016. Future readers looking for an IPERF3 Windows client, should visit the IPERF3 author/developers at https://software.es.net/iperf/ for a link to current binaries. Here's a data point from a pair of SG-2220 's 2 core atom C2338, no QAT Running Plus ( 23.01 ) Through NAT , minimal firewall rules, 500 to 600 mbit throughput ( Iperf3 , and netflix's fast.com ) IPERF3 over IPSEC IPERF3 3.13, Windows clients on interface ETH1, and IPSEC ( async crypto on, AES-128-GCM VTI ) on ETH0 I get between 275 and 350 mbit, depending on IPERF3 options, number of streams (-p) , uni vs bi directional etc. Packet capture of the IPSEC interface showed a 1360 byte TCP payload, in agreement with a 1400 byte MTU A back of the envelope calc yields about 33k packets per second. I couldn't get the windows binarier of IPERF3 to generate smaller frames. The MSS option may not be implemented on the windows version. (With AES disabled / misconfigured as QAT under system, advanced, misc, throughput was about 110 mbit. )

@riahc8 I believe so Thanks Dan

@stephenw10 said in Intel I226-V: Good or bad?: If it's possible someone will try it. Well, that is true. Good leaving a disclaimer.

This: https://forum.netgate.com/post/969072 Can be worked around with this: https://forum.netgate.com/post/983284 So at the first boot interupt the boot at the loader menu to reach the loader prompt OK> Then enter: set debug.acpi.disabled="apei" boot Then once it's booted create the file /boot/loader.conf.local and add the line: debug.acpi.disabled="apei" Steve

My network interfaces are now being detected! I restored the BIOS config to "Optimized Defaults" and on the next reboot all interfaces were available and I got the expected configuration menu with pfSense 2.6.0. For reference my system was shipped with BIOS 1.7.

@madbrain said in How to blank the screen to save power ?: "something went horribly wrong" case is one where I would need the console Couldn't you just then plug it in? I have been using pfsense really since it first came out, and I don't recall ever anything going wrong where I needed console. Not saying it can't, I might of had a remote update go belly up once - which is why I didn't do remote updates during covid and not able to be local, etc.. The console isn't all that different then just sshing in - which I do all the time.. The only time I ever plug in a console is so I can watch it upgrade, etc. Or I do a clean install. My point is if your having some issue with the monitor turning on when you don't want, etc. Seems to me the simple solution would just not plug it in to pfsense. The odds of you actually needing console are really slim, gui is where you do all your config - and if you want to play on a "console" you can just ssh in, etc. The only reason I am on ssh all the time, is running commands to to show users stuff, like how long unbound is been running, unbound control commands, which really could be done from the gui for most of the stuff. But I am a command line guy at heart, etc.

@stephenw10 Thank you stephenw10. May not be worth the trouble. 1gb with existing nic works fine (slow). elmo

Mmm, I would expect that to be supported by re(4). We'd need to see the PCI IDs to know for sure. None of the cards listed there really look that great. You want to use something Intel based if possible. Used OEM rebranded cards are almost always available. See: https://forums.servethehome.com/index.php?threads/list-of-nics-and-their-equivalent-oem-parts.20974/ Steve

@stephenw10 said in NEW SFF Intel build with 4 NICs that can handle symmetric 1Gb download/upload?: You have three topics open covering basically the same thing here. Not really One is asking for clock speed. Another a SSF build Related sure, same no

@pietrushnic said in Our Response To PC Engines Open-Source Firmware Sponsorship Discontinuation: @dobby_ Dasharo is open-source firmware distribution maintained by 3mdeb company. Thank you for enlighten me over that.

@patryan Thanks, Good to know. I've been nervous about Dev builds in my live environment though TBH. Were it not so critical as your firewall, then I might have been less concerned but given the potential security risks, it's not something I am immediately attracted by. My issue right now is anyway not on my live environment, it's merely my backup onto which I cannot (easily) install pfsense. So I am OK for now on 2.6 (ending of FreeBSD support notwithstanding). But if I have a hardware failure, I am toast since I have nothing to fail over to.

@f4-0 @stephenw10 A lot of interesting progress, I am going to start a new thread since I am facing a new set of issues, but in general the Ubuntu base install + KVM + pfSense works (partly so far). I learned a lot about KVM... great piece of kit for Linux, running natively that way.

@abent32 is your connection PPOE? How's the CPU usage? There's a long thread on ServeTheHome about these boxes and I'm sure it's on there someone had an issue like this. Cant remember how they fixed it but the entire thread is a good read. Just don't fall for the upsell of the N5105/J614x. Most pushing that are either virtualizing the firewall or letting alot of CPU power go to waste.