You'll get 50-60Mbps VPN throughput but that will max out the CPU. Thus you can have, say, 25Mbps or VPN and 250Mbps of other throughput. With that many clients you will need to use some form of bandwidth limiting to ensure everyone gets something. You should at least consider a Core i3 based machine. They are often around the same price and with similar power consumption but far higher computational ability. See: http://forum.pfsense.org/index.php/topic,45452.0.html Steve

@sacman: Hi, everybody.  This is my first post.  I thought I'd give you a short story of how I got pfSense installed and working on an old laptop. I had a 7-year old D800 (Dell laptop) that was sitting on the shelf, gathering dust.  It was perfectly functional, but too old for any serious work.  I wanted to try and install pfSense on it.  When I made that decision, my router/firewall was a WRT-54G running DD-WRT.  The main reason for replacing it was so I could turn it into a dedicated wireless access point, and more importantly, get it out of my home server closet and put it in a better location. Obviously, the laptop had only one Ethernet port, which was an issue.  So I stuck in a Linksys PCM100 PC-card 10/100 Ethernet card to provide a second RJ-45 jack.  PfSense installed on the laptop…seemingly without a hitch.  It detected both the internal and the PC Card devices.  But, curiously, the Linksys device seemed to be power cycling.  I was using it as my WAN port.  In the pfSense interface, I could see it cycle from "down" to "up" to "up and with an IP address" to "down" again.  And there was no functional connectivity - I couldn't get to the Internet. Thinking that I had a defective PC card, I swapped in another Ethernet PC card (SMC8040TX).  This, too, was detected by pfSense.  This, too, was exhibiting the up/down, up/down behavior that I was getting with the Linksys. Putting on my basic troubleshooting cap, I was leaning toward a bad PC Card slot in the laptop.  I'm a Windows guy, not a BSD guy, so before I started digging through BSD PC Card documentation, I wanted to try something I knew.  So I installed Windows XP on the laptop to test whether the PC Card slot was any good.  And it was.  Once I had the correct drivers installed, both PC Card Ethernet devices worked immediately and perfectly. Shoot.  Not a bad PC Card slot - it's some issue with the pfSense software.  I did a little Googling to see if there was an obvious answer, but came up empty.  As a last resort, I reinstalled pfSense and tried a Linksys USB300M USB Ethernet adapter.  Lo, pfSense detected it and connected!  Thank goodness. So now I have this ancient D800 laptop running pfSense, with the LAN port assigned to the internal Ethernet (gigabit) and the WAN port assigned to the USB dongle (10/100).  As much as I prefer not to use USB for networking, I have to say it's working perfectly.  In addition, Internet speeds are actually BETTER than with the WRT-54G.  And now I'm well on my way toward setting up a vLAN, although it may be a better option to simply get another USB dongle and run my wireless access points on a totally separate subnet.  Any advice is welcome (I have no managed switches though). Anyway, the main purpose behind this post was to let anybody else considering repurposing an old laptop that it CAN be done fairly easily, provided you have the correct hardware.  In other words, had I been able to find a post such as this, it would have saved me a chunk of time. -sacman Thanks for the heads up. I am looking to do the same. How is your new rig working out for you?

Just for update, because it's RESOLVED!!! This is very strange, however.. For ANY Cisco router/device at first line please disable "SPI Firewall protection", especially "Block IP Flood Detection". on WAN of this device, since it's interferencing with pfSense somehow and causing delays/disconnections. For me, it happends 2 times on 2 different Cisco routers (not only with HP server). [image: pfsense-Cisco-device-firewall.png] [image: pfsense-Cisco-device-firewall.png_thumb]

@Ianes: I'm thinking of buying this atom board, but i'd really like to make sure the integrated ethernet is supported in pfSense. Anyone using this board by any chance? I'm using D2500cc with pfsense. The advantage is two ethernet ports. So you can have physical WAN and LAN port without need to use VLAN. Unfortunatly I do not know if it is exacly the same ethernet chip on both boards. But the graphic chip makes trouble with the the 64 bit version of pfsense. So you should have the same issues with the D2500HN I assume.

This is still noted on the man page: The AES capability of the BCM5823 is not yet supported; it is awaiting public disclosure of programming information from Broadcom. Not sure if that applies to the 5825 also but it could. Not really a problem though unless you can't use 3DES for some reason. Steve

Thank you for getting back to me, however i believed it was a bad hard drive i had installed, but i replaced it with a 4GB CF card and now seems to be stable. Its better with a CF installtion, seems to be a lot quicker and less heat.

@stephenw10: The Alix should be good for ~85Mbps routing/NAT so you may be OK. Not much headroom though. An Atom based box will be good for around 500Mbps but even that is quite a step up in power consumption compared to the Alix. 5W vs 25W or there abouts. Use a VM as you have suggested if you need to. Steve That's true, but only in one direction.  If you're downloading at 80Mbit/s you won't be seeing 20Mbit/s back in the other direction. The next step up would be an Atom box, mine have been able to push about 300Mbit/s TOTAL (upstream + downstream), though an i3 has about the same power consumption (if done right) and is a LOT faster (as in, wire-speed on Gig-E with a high-end i3).

@galaga: interrupt                          total      rate irq0: clk                      44649833      1000 irq1: atkbd0                          18          0 irq8: rtc                        5714155        127 irq10: uhci0 uhci1                    1          0 irq11: fxp0                      485977        10 irq14: ata0                      121600          2 irq15: vr0 ata1                  1241827        27 Total                          52213411      1169 This is incorrectly configured: irq14 and irq15 normally are "edge triggered" interrupts so are unsuitable for use by PCI devices which use level triggering. The BIOS might have some options which would allow vr0's interrupt line to be moved to an unused irq or one shared with another PCI device.

hi, thaks for your help !!! is working port was cuau0 and connection is now on serial ! many thanks….

I have couple of 560,570,530 units depend the size of your network and internet connections System Uptime Uptime 60 days, 14 hours, 7 minutes, 46 seconds. the 560 unit have by default 1 wan and 4 lan but each lan port can configured as a lan/wan or dmz a short review +green(power) +boot in ~15sec +very stable for <70mb/s internet connections +easy to manage/configure +minimal hardware (Processor : XScale-IXP42x 16mb ram) -unstable ipsec/pptp after a while -load balancing is strange  :) -end of life support 07.2013(latest release 03.2011)

the latest bios release is 1.40 http://support.advantech.com/support/DownloadSRDetail.aspx?SR_ID=1-22S1SY 1)you don`t have hyper threading enabled 2)ACPI is disabled with 2 procs operating systems will see 4 cores(each CPU+hyper threading ) L.E: print screen is from a pfsense on esxi but should be the same on your system [image: pfsense.png] [image: pfsense.png_thumb]

Thanks very much for posting this, I am using a WRAP and having all sorts of problems till I found this.

@turboproc: @nexusN: @turboproc: @fragged: @turboproc: @fragged: I have the same board with a Intel Pentium G630T and 8 GB of RAM. How did you setup C3 state to be set after a reboot? The command I used was sysctl dev.cpu.1.cx_lowest=C3 (and 2 and 3). I left CPU 0 to C1 as lowest value. What I don't know is what states the G630T supports. I'll have to check this. Yes, but did you set it to apply on boot? As that setting resets every time you reboot the system. The G630T supports C1-C3 states and reduces the clock speed from default 2.3 GHz down to 1.6 GHz when idle. To make sure it works after every reboot, put it in /boot/loader.conf.local . Furthermore, to reduce power use the powerd option in System/Advanced/Miscellanious. Hi, I see you are also using nanoBSD on USB as I did, would you mind checking if you have got from a similar problem as I did with PowerD? By turning off the throttling, can you see the EIST CPU frequency correctly? You may get it by first putting the below in /boot/loader.conf.local hint.p4tcc.0.disabled=1 hint.acpi_throttle.0.disabled=1 then in command prompt enter the below: sysctl dev.cpu.0.freq_levels and you should see some A1/B1, A2/B2…...in which As are the freq of the CPU and Bs are the corresponding power consumption. The below is my case: http://forum.pfsense.org/index.php/topic,46912.0.html Appreciated if you can help identify the source of the issue. Hi, I did some checking as I don't want to play too much with a production firewall. First I can't find the OIDs starting with hint. you are referring to. When I check for dev.cpu.0.freq_levels I get the following results: dev.cpu.0.freq_levels: 2500/35000 2400/33000 2300/31000 2200/29000 2100/28000 2000/26000 1900/24000 1800/23000 1700/21000 1600/20000 1400/17500 1200/15000 1000/12500 800/10000 600/7500 400/5000 200/2500 Thanks for trying to help. Your displayed freq is not the EIST one, while without throttling disabled I am not sure if you are sharing the same problem with me.

Anyone know where these are available in the UK and maybe a price. Thanks in advance. Chris

@stephenw10: If you just need to use the remaining ports as a switch in order to save having a a separate device you just need to bridge them. The documentation on this is a bit sparse! http://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used%3F I attempted this on my own box as a test a while back, see this post and few following it: http://forum.pfsense.org/index.php/topic,25011.msg236750.html#msg236750 You should be aware that the resulting bridged interfaces will not be as fast as a switch. (still quite fast though!) Also have you read through the, now ridiculously long, thread for these fireboxes? http://forum.pfsense.org/index.php/topic,20095.0.html There is a bug in the driver included with pfSense 2.0.1 used by the four interfaces on the right hand side of the box (msk0-3) which can cause the interface to stop responding. You should connect less important clients to these! I have never had a problem if they are connected at 100Mbps. This will hopefully be fixed by updated code in 2.1. Steve Thanks for the info. I did read parts of the firebox thread, so I know that changing the CPU would be helpful in order to reduce overall consumption and so on. They are pretty much x86 boxes, hence the appeal I guess! If I can secure the firebox I have my eye one I will definitely follow up. I know what I want is certainly do-able know which is a big help, so thanks :)

The KB connector is the one that appears to have a Floppy-sized molex power connector on in the picture. I have a PS2 connector salvaged from an old clone on mine. I forget if I switched wires around or if it worked as is. If you're trying nano, I don't think it's ever going to work. I played with the BIOS and got nowhere. It will boot a full install from a laptop HDD. If you get it working, check out the LED module here: http://forum.pfsense.org/index.php/topic,36546.15.html

What could be wrong about that?  ;D Why didn't I think of this at Ikea? Hmm, perhaps I could add a beech veneer to my firebox…. Steve

It looks like I'll be able to do this wit a dual nic pfsense and a managed/smart switch cabable of port based vlans. I would have the NAS port and the pfsense port common to all vlans. And then setup the 3 vlans via ports. makes configuration a little more difficult but I think it would work.

http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards