@sledge replied .)

@davecullen86 Hey guys, many thanks for your response. The more I look into this, the more I see so many others with the same issue. I have some, a couple of PC ENgines APU boards, and I run MikroTik RouterOS, OpenWRT, pfSense on them, all Linux comes more to 1 GBit/s with lower powered hardware, it is a little bit more near to the hardware due to better driver support and here and there not so "hardware hungry", but a router and a firewall that can be turned into a real UTM device is als not the same! As I see it personally, you could try out as @stephenw10 was suggesting to tune your pfSense a little here and there. With DanOS you might be getting nearly two streams with full GBit/s on the same hardware (PC Engines APUx), owed to DPDK capable LAN ports such Intel i210 / i211. As you say the issue is implicit to the PPPoE single core > factor and the clock speed of an individual core of my small appliance. Like me, but I was high up the cpu frequency to another level and play now around with some other tuneable`s, to get here and there more out of my hardware pointed to the entire throughput. But I also know that my appliance is better cooled then other and will never goes higher then 65 C° - 70 C°!!!! The CPU is normally capable of 1400 MHz and runs even only at 600 MHz - 1000 MHz and now it is running from 1000 MHz till 1400 MHz, but if something goes wrong, I don´t complain and be angry! I have a solution! With another identical appliance, I have installed OpenWRT x86 and I am not getting close > to 900Mbps throughput. And with DanOS you may be bidirectional getting fully 1 GBit/s out! But not a fully UTM in your Network!!!!!!!! Firewall Captive Portal with voucher system (voucher over sms) FreeRadius with certificates and encryption Snort or Suricata for IDS/IPS pfBlocker-NG for less spam and other unwanted things Squid & SquidGiuard as a caching proxy in fron of LAN ClamAV scanning the entire network flow for viruses (perhaps at one day WiFi a/b/g/n/ax) Now, THIS IS good enough for me :-). So I suggest is a good potential solution for others who are happy to offload the PPPoE function to another inline appliance. I run a AVM FB 7590ax in front of the pfSense and behind I am running the pfSense firewall! No PPPoE anymore, but double NAT situation! But all CPU cores in usage! AVM is offering some interesting APPs (VPN, telephone,..) Really nice to connect from outside (internet) and being secure on the LAN side! Now I just need to work out if I can pass through the WAN IP somehow to my PFSense :-) 1 LAN Port as "exposed host" to the WAN interface of the pfSense firewall ("Experienced") Double NAT Situation Router: network (net) 192.168.178.0/24 (255.255.255.0) Router IP 192.168.178.1/24 (255.255.255.0) Static IP Address to the pfSense a.e. 192.168.178.10/24 DHCP off: all IPs will be static given to the clients pfSense: WAN IP 192.168.178.50/24 (255.255.255.0) static IP LAN Net: 172.xx.xx.0/24 (255.255.255.0) LAN IP 172.xx.xx.1/24 (255.255.255.0) static IP DHCP: on/off (Like you need it and want it) Thanks for your help again - I really appreciate the pointers that ultimately led me to get a working solution. Not that problem, you are one from xyz sitting in the same boat. I would also have a look on another appliance if I`ll getting more then 50 MBit/s Internet speed!!! P.S. Please don´t forget in the WAN setup to disable the following point! [image: 1663859395891-wan-settings.jpg]

@stephenw10 Thank you for your time and your team for the product. Fantastic.

It is supported by the mlx4 driver. I tested one a while back and found it to be a little odd in my particular hardware. Others are using it successfully. If you need 10G I would be looking for an Intel x500 series NIC. Steve

Important parts of that are: The backtrace: db:0:kdb.enter.default> bt Tracing pid 41110 tid 100731 td 0xfffff8039f557740 kdb_enter() at kdb_enter+0x37/frame 0xfffffe00a7eb7eb0 vpanic() at vpanic+0x197/frame 0xfffffe00a7eb7f00 panic() at panic+0x43/frame 0xfffffe00a7eb7f60 propagate_priority() at propagate_priority+0x282/frame 0xfffffe00a7eb7f90 turnstile_wait() at turnstile_wait+0x30c/frame 0xfffffe00a7eb7fe0 __mtx_lock_sleep() at __mtx_lock_sleep+0x199/frame 0xfffffe00a7eb8070 qlnx_ioctl() at qlnx_ioctl+0x528/frame 0xfffffe00a7eb80d0 ifhwioctl() at ifhwioctl+0x596/frame 0xfffffe00a7eb8150 ifioctl() at ifioctl+0x4bc/frame 0xfffffe00a7eb8210 kern_ioctl() at kern_ioctl+0x2b7/frame 0xfffffe00a7eb8270 sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe00a7eb8340 amd64_syscall() at amd64_syscall+0x387/frame 0xfffffe00a7eb8470 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00a7eb8470 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x800b54d4a, rsp = 0x7fffffffd198, rbp = 0x7fffffffd210 --- The panic strings: Sleeping thread (tid 100919, pid 62482) owns a non-sleepable lock KDB: stack backtrace of thread 100919: sched_switch() at sched_switch+0x630/frame 0xfffffe00c741ddf0 mi_switch() at mi_switch+0xd4/frame 0xfffffe00c741de20 sleepq_timedwait() at sleepq_timedwait+0x2f/frame 0xfffffe00c741de60 _sleep() at _sleep+0x1c8/frame 0xfffffe00c741dee0 pause_sbt() at pause_sbt+0xf1/frame 0xfffffe00c741df10 qlnx_stop() at qlnx_stop+0x4b5/frame 0xfffffe00c741dfa0 qlnx_init_locked() at qlnx_init_locked+0x2a/frame 0xfffffe00c741e070 qlnx_ioctl() at qlnx_ioctl+0x53a/frame 0xfffffe00c741e0d0 ifhwioctl() at ifhwioctl+0x596/frame 0xfffffe00c741e150 ifioctl() at ifioctl+0x4bc/frame 0xfffffe00c741e210 kern_ioctl() at kern_ioctl+0x2b7/frame 0xfffffe00c741e270 sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe00c741e340 amd64_syscall() at amd64_syscall+0x387/frame 0xfffffe00c741e470 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00c741e470 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x800b54d4a, rsp = 0x7fffffffd198, rbp = 0x7fffffffd210 --- panic: sleeping thread cpuid = 3 time = 1663318115 KDB: enter: panic There is a bug report open for this: https://redmine.pfsense.org/issues/13028 And it looks like you've opened a bug upstream: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266480 Steve

@keyser A bit late but answered for the records too. APU6B4 might be the best choice together with the SG-6100.

Ok now after reboot the message with the Intel licenses are not any more to see at the boot prompt. Thank you all.

Well.... that could be fun!

The public 2.7 snapshots were built on FreeBSD 12 but will be rebased soon. We are testing internally to find and fix all the show stopping issues before making them public again. Steve

This works for me! Thank you. APU2C4 is running v4.17.0.3 Coreboot with the bios watchdog timer set to 300, amdsbwd loaded, and watchdogd -t 128. Kill -9 watchdogd process does indeed cause the system to reboot once the timer expires. Otherwise, the system stays up.

@sledge said in Thunderbolt PCie enclosere and Intel NIC: Also, looking at your signature (assume it's somewhat current today in 2022) I see you switched to a Lenovo M93p. Did the Mac Mini slow down, or did you run into another issue. I got a great deal on the Lenovo and since I could up the RAM to 32GB. I decided to re-purpose the Mac Mini to an Adobe suite server. The thing about the Mac Mini it’s awesome but since Apple OS runs the fan, FreeBSD may not have the driver and one has to wait around making a request for FreeBSD to include and that can be nightmare. Alternatively, one can compile the driver but that was over my head and would have loved the challenge but time didn't permit.

@sledge said in Tehuti 10 Gbe NIC (TN9710P) Supported?: Temporarily I could install pfSense on the Mac Mini and use the Apple ethernet adapter to confirm if it can obtain a DHCP lease or not. You can just install with only the on-board NIC. As a test you only need one NIC to be WAN and try to pull a lease. It will do that in the default setup after installing. No idea on the SM NICs unfortunately. Not something I've ever looked into. The one I have here (AOC-SGP-i4) doesn't appear to have any sort of date on it directly. Steve

Looks like it's a rebadged Supermicro. So probably. Steve

@stephenw10 Thank you very much for that information.

I would expect any of those to work. We fitted the T520-SO-CR ourselves so I know that works. They do run hot though so be sure your cooling is sufficient. I would choose an Intel NIC if you have a choice. Steve

I just got my pfSense running with the following hardware.... HP Prodesk 6200 i3-2100 with 8 gb RAM (came with an HDD I didn't use): $50 second hand from a private seller. (Just the box, no peripherals) Two, TP-Link TG-3468 NICs (one for LAN and one for OPT); ~$12/ea from Amazon. One, Silicone Power 128 gb SSD: ~$17 from Amazon. I used a keyboard and monitor I had to get it set up, but now it's freestanding. I don't know how many VLANs you're talking about, but I run a LAN for security and the OPT interface is for multiple Static IPs from Google Fiber. I have it attached to a Netgear Gigabit 8-port switch I got off Amazon for ~$19 The built-in NIC on the HP Prodesk provides the WAN. I get full speed 1 GBs through the Fiber Jack. So, outside of my time I spent a total of about ~$125 and it seems to work just fine.

@cgi2099 said in HP T730 help please: @stephenw10 Ended up getting it fixed by flashing my old firmware and then upgrading. Was rather painless after that, installed my packages and did a config restore. I guess this x710 goes in the tech cabinet until there is a fix. Got an i350-4 ready to install tomorrow. For Fiber connection you could try out the Allied Telesis AT-29M2/SC M.2 module, it is nice cheap for something around ~$30 in the usa. So you will be having fiber and copper based NICs. If they are supported by FreeBSD (pfSense) you will be able to set up one more network connection.

Or in this case just that the kernel module is not compatible with the kernel. You could just use the appropriate module for the version you have but you should really upgrade to 2.6 for the reasons mentioned. Steve

@sledge said in early 2011 macbook pro i7 model. screen won't turn off and function keys don't work!: Any reason the 2012 is your sweet spot? It was only if you didn't already have the 2014 decked out with 16GB RAM, since those RAM is soldered...in your case, hallelujah. Yes, both device and thunderbolt to Ethernet adapter used Broadcom which is not compatible with Netmap. The thunderbolt two enclosure worked like a charm with Intel NIC, and I had no problem running Suricata on WAN and Snort on LAN both in-line mode despite that not recommended by the package maintainer. I just love the idea, and it works great as long as one is not using the same rules feed with both. I was lucky to find the thunderbolt PCI enclosure on eBay for close to $100 used (Akitio) and if you're unable to find one, I maybe able to help you out. I believe the current version of FreeBSD should have the fan driver but could be added and recompiled although I had not done it.