try a different bios update does windows 7/8/10 find it in cpu-z?

Using the loader usb quirk is generally a better solution since it will be applied whenever the device is detected. So if the modem is re-inserted during runtime for example. But the value should go in /boot/loader.conf.local to ensure it survives an update. loader.conf may be re-written. Steve

I was able to solve it differently, Using PfSense 2.4.0 was and changed the file in /conf/config.xml, according to the documentation https://doc.pfsense.org/index.php/Executing_commands_at_boot_time it is possible to add command when starting the system. So my file looks like this: <pfsense><version>17.0</version>   <lastchange></lastchange>   <system><optimization>normal</optimization>     <hostname>pfSense</hostname>     <domain>localdomain</domain>     <dnsallowoverride></dnsallowoverride> <earlyshellcmd>usbconfig -d 4.2 set_config 1</earlyshellcmd></system></pfsense> Then when saving just delete the file in memory rm /tmp/config.cache as  https://doc.pfsense.org/index.php/How_can_I_reload_the_config_after_manually_editing_config.xml Now everytime I turn off or restart the modem, it is already up properly.

Perfect. Thanks for that. Great tip on installing the software on both the SSD and the eMMC.

You need to shut down, add the new card, restart, and note the new interface names and reassign or re-patch the interfaces as necessary.

Good deal.  I appreciate all the help with the issue jimp!

@Nathantrinh23: Will the Ralink RT5370 work with pfSense? Well, the RT5370 should work. I use one USB Wifi on my OPNsense Box. But, not all wifi sticks will work in AP Mode! I tried several models with the RT5370. Some works very bad (very often connection problems). Some works perfekt but run very hot. So they died after some weeks.  >:( So it will be a bit lucky to get one that works stable! best regards Dirk

@BlueKobold: Wondered if anyone had some recommendations for a small mini-ITX case for my new pfSense build. The board is a supermicro denverton with passive cooler and M.2, so no drive space, pcie etc needed. There are three well known and working chassis for that kind of boards; Supermicro SuperChassis SC101F Link Small and compact case without the ability to insert a PCIe card Supermicro SuperChassis CSE-E300 Link Small 1U desktop factor with the ability to insert an additional PCIe card mini-ITX case M350 Link Often used and well known working with mini-ITX boards from several vendors Supermicro BareBones that are using this cases. Supermicro SYS-E00-9A Supermicro SYS-E300-9A Would you share which board you are owning? I mean the exactly model and model number or name of this? To be sure that the board is matching and fitting exactly in the case I would at first open the website from Supermicro and search your board number and then see on the right side all matching and fitting cases for that board! So you can´t go with a wrong size or case. Currently I have it in a case that's pretty much the same as the Powercool Q6. However I am finding the temps start to get a little too high with zero fans. This could be very well, inside of the three named above case models you will be able to mount small case fans, in each of them I mean! They are available as spare parts or came together with the case. My ideal would be a case of similar size where in the area on top that the ssd/hdd drives go you could put a 120mm fan, that way I could still have quiet cooling running it at like 300rpm. So far all cases I have found of similar size use 40-50mm size fans which I have always found even on lowest rpm to be a bit too noisy (at least the pitch they make bothers me more than larger fans). Enermax U.R.Vegas 120mm Portable USB Fan with Magnetic Skin Pad (UCUR12-R) For usage together with a mini-itx case with an open metal mesh. I have considered taking a dremel to the top of the case and attaching the fan manually, but if there is a case out there already that can do the job, or someone has a better idea, that would be preferable! Scythe Kaze Jyu SY1012SL12L Kühllüfter - 1 x 100 mm - 1 - 1000 U/Min With opening and using the dremel Next best solution might be the Mini-Box M350 with the top fan brackets, but that's still 40mm fans therefore more noise. Might be one of the best available mini-itx cases and if the fans are to high turning you may be able to get some small fans (40mm - 50mm) from Sunon they have some nice silent fans out. Thank you for all the info, the exact board in question is the Supermicro A2SDi-4C-HLN4F. Considering one of the barebones you mentioned uses the exact same board, I am pretty sure it's compatible :D I actually already have one of those scythe fans you mentioned in my main computer (cooling a modified hdd hot swap caddy), pretty good fan. But I prefer not to dremel unless I have to, attaching a fan to mesh with magnets is a good idea, but feels like more of a temporary solution and not quite as clean as the other options. Looked at the SC101F, really quite like that case. Big advantage is the thick fans, other small cases generally don't take 40-50mm fans thicker than 10mm which also tends to mean they aren't pwm. My board will not do voltage fan control apparently (no matter how much I try) so I would have to have pwm fans. If I went for the M350 that would mean only the front fan pwm, the rest would need to be 'set and forget'. Unless I can find something 28mm that is quiet, I would think the Noctua 40x20mm PWM fans would be a good choice for that case.

SHA acceleration effectively makes CBC encryption like GCM. There are some benchmarks comparing them on the j3355 and the results are pretty much odentical. Yes, the i5 will edge out the Celeron, barely. Still probably not I'm OpenVPN. But that doesn't make it a good selection.

Would those tips be general , and also usable (recommended) for a Qotom i5 setup w. 8G Ram ? It is never really able to reproduce on any hardware with the same effect or on custom hardware with the same effect. As an small example; Broadcom 10 GbE NICs (not all, but many) use more narrow down the entire mbuf size (65.000) and get often success Intel NICs are often gets served when you high them up between 125000 till 1000000! So freeing some things up might be a good sounding idea, but not for nay user or any case of usage fo sure! Please accept it is more or less something or more things I´ve seen peoples are starting a service, running a packet or in general setting up some things and even after this many or some are running in a trap or getting problems after the installation. It is able to get the same result or success but not even and with a guaranty for that, it all depends on the entire hardware and also the pfSense Version itself because not each version likes the other one pending on bug fixes newer functions, options and protocols or given services, it more like a hunting game you will win. and also usable (recommended) for a Qotom i5 setup w. 8G Ram Let us both imagine you are using firewall, vpn, snort, squid, SquidGuard and pfBlockerNG and you turns on the pfBlockerNG & DNSBL + TDL with many IP lists so your ram is going down very fast nearly complete in usage, so it makes no sense to say let us highing up the mbuf size, but if you gets in problems or you see issues and narrow down the entire IP lists in pfBlockerNG that will be in usage, you could do this to solve around any other problems. BIOS settings: (if needed) activate the Hyper threading (HT) set the IPMI port to dedicated (often or sometimes shared with the WAN port as fall back) Often peoples are reporting they was imagine more from the higher tech spec hardware and because the HT function was disabled in the BIOS, so why not telling others please don´t forget to turn it on? Did your Qotom box have such a setting the BIOS, if so then try it out and give us (forum members) a feedback on this please!!! The IPMI Port on some mainboards mostly Supermicro, and we are talking here about a Supermicro Xeon D-15xx vs an Intel Xeon E3 system, are the fall back port associated to the WAN port! So if then the WAN is one time failing the WAN falls back to the IPMI and you are trying to get the access to the Internet back and again and again but without success or any clue why you can´t do so or plain why you would not be able to do so! NIC tunings: (if needed) choose ZFS file system  and TRIM support will be enabled automatically high up mbuf size to something between 125000 - 1000000 narrow down the amount of num.queues to 1 till 4 enable PowerD (high adaptive) If you need TRIM or you wish it to enable nice to know that since version 2.4.0 ZFS is automatic enabling this for you Pending on the used NIC driver and CPU for each NIC port pfSense will be open or create queues and they can be filled more (mbuf size 1000000) or less (mbuf size 65000) and on top of this the amount of this queues will be also able to set up like 1 queue till 4 or more queues likes needed or well matching. PowerD will be bringing the CPU to scale up if needed and also vice versa scaling down of your pfSense box is not so hard stressed by traffic or functions. OpenVPN settings: (if needed) enables Intel RDRAND (if supported by the hardware) activate UDP fast I/O support enable LZO compression if able to do so on both sites set the buffer to 2 MB less or higher could also be matching AES-NI is activated by default since the pfSense version 2.4.0 And this is quitly the greatest part where you weill be able to play around with for weeks to get the best settings matching to your configuration and bringing you the most benefits. Please don´t forget please you can win and be happy with only one setting and/or with all or some of them together. I personally mean that mostly, many things are playing more well together as only one hint. VPN is a both ended "thing" and if both ends are enabling LZO compression or fast I/O support it would makes more sin to me, Intel RDRAND must be supported by hardware and the buffer is more or less pending on your RAM size. And what benefit you will see at your pfSense box or based on the hardware you are using.

ugh necro.

For the cooler, I'm not sure I can do much, will test under heavy load in 1U and see how it goes… At the netgate shop they are also talking about a heating situation that can be going to high in some situations and there fore I would really have a look on this!

If your willing to spend the money 350 will get you the brand new sg-3100 which netgate is insistent can handle 1Gb symmetrical without issue. Benefit with this little guy is at 6w you get a built in switch.. Plus you support the project and get 1 year of support on top of it.

@belt9: That's certainly more better  ;D Another thought, just use your HTPC as pfSense and buy a J3355B to use as your HTPC. It does HEVC 10 bit hardware decoding. Mine plays back the higher bitrate 4k HEVC 10 bit jellyfish test files just fine. That option might save you some $$. My HTPC doubles as a gaming rig too (it has a gtx 750ti)  8) Steam link and Nvidia gamestream require the host to be not in use, so I've got no choice to to play games locally. Otherwise I'd definitely setup streaming, my network is mainly wired after all.

Today I am at 75/75 on one side of my vpn.  My current equipment keeps up. If I have to chose today a new hardware I´d waiting until the new Spuermicro Boards are both on the market. Intel Xeon D-15xxN (3rd. generation) and until the Intel Atom C3000 (Denverton) will be fully supported by NIC drivers too! And then one of this two new Chips will be mine. For sure perhaps I must wait a small time period, but then I am able to chose between board coming with, AES-NI, Intel QAT and DPDK support. Soon (1 month) I will be at 300/300 both sides and my current equipment will not be able to keep up. Again I really would wait as a minimum for the newer hardware from Netgate. In the future (maybe a year or so), I might be 1g/1g both sides (actually not full gig, but Verizons 800/700ish FIOS) Intel C2000 vs Intel C3000 AES-NI And from the 3rd. generation Intel Xeon D-15xxN I personally expect a little bit more as from the Denverton platform. So If I am going to research, purchase, configure and install new firewall hardware I want to try and do it for my eventual line speed which will be FIOS gig service.  I really don't want to have to do this twice, once for when I go to 300/300 and again when I move to gig. Is FIOS using PPPoE on its 1 GBit/s Internet connection? I'd like to determine what equipment can do full gig vpn and install that now. This might be to high in price if we are talking about 1 GBit/s OpenVPN speed, if we are talking about IPSec VPN speed this might be able to realize. With a small Intel Atom C2558 (Rangeley) you might be able to push ~470 MBit/s over a IPSec VPN tunnel and the Denverton is more strong and the D-15xxN will be topping this once more again! So it is also able to realize it with common consumer PC hardware if the CPU is strong enough and comes with AES-NI. I hope my explanation is clearer.  Sorry for the confusion. Yes for it is! You might be waiting one moth or two and perhaps netgate is bringing out then their new hardware based on a C3000 (Denverton) SoC, this might be better then for you to decide wether to go with in my eyes. So all variants are open to you, you may go with the new Netgate Hardware, the Denverton based Supermicro boards or the newer Xeon D-15xxN boards not able to get hands on today, or plain strong enough consumer PC hardware as you need or wish it!

@doktornotor Any ideas why I'm getting a board mismatch error: Calibrating delay loop… delay loop is unreliable, trying to continue OK. coreboot table found at 0xdffae000. Found chipset "AMD FCH". Enabling flash write... OK. Found Winbond flash chip "W25Q64.V" (8192 kB, SPI) mapped at physical address 0x00000000ff800000. This coreboot image (PC Engines:PC Engines apu2) does not appear to be correct for the detected mainboard (PC Engines:PCEngines apu2). Aborting. You can override this with -p internal:boardmismatch=force. As you can see in the logs, they're the same exact board so I'm not sure why there's a mismatch? EDIT: Nevermind, I already figured it out. It seems to be caused by the space between PC and Engines so forcing it fixed the problem.

Let us imagine some other points, I said only imagine, not that this will be coming or passing through! You do understand that the QAT in the C3xxx series is incompatible with the QAT in the C2xxx series? Yes I am understanding that! But you should be thinking more positive please. If the QAT driver version 1.6 from pfSense team is not compatible with the Intel Atom C2000 but perhaps with the newer negate hardware based on Intel Atom C3000 called Denverton and the QAT driver version 1.5 from the NetBSD team is supporting also the Intel Atom C2000 called Rangeley, they only have to exchange this drivers and porting them to each of their OS, so the developers will not have any more to bother with that driver and all is fine for them and us! So it could be happen, that at November 2017 the newer hardware from netgate will be launched and fine for using QAT and perhaps in Dezember 2017 or later it could be happen that the older customers and clients of them get their "Christmas parcel" too and will be able to use QAT also. Its more cutting half the entire work time on that drivers that must only be exchanged then as the results. For sure that can be running very different each from another, or never becomes true but it will be a real chance for and us too as I see it right. And being very open talking over that point, perhaps many users will be very impressed if they know that peoples from pfSense and/or were talking with employees from the VyprVPN company about the one or other thing, who knows it really…..... The more talk there is about the QAT in the newer series, the less likely that the QAT in the C2xxx will ever be utilized. But with this words you are talking that it will be not utilized only and not it is not finding its way into the system, right?  ;) Like on Rangely, the QAT scales by the number of cores. Unlike on Rangeley, the QAT has good support. Link And, in fact, you can find the pfsense developers directly aying that it's unlikely that they'll ever bother with the QAT in the (C2xxx.) I don´t know if that driver from the NetBSD project is able to exchange only, or if this will be easy or able to realize, but if so I think this might be nice for both parties as well as for us.

The pfSense GUI might not have the code to deal with 802.11ac Ah ok, I understand that this will be perhaps then the breaking point, thanks in advanced.

domotz takes all of a couple of minutes to setup.. If you have a bunch of vlans it takes a bit longer.. Since you have to add the interfaces or sub interfaces for your vlans on the box and make sure the box has access to all your different vlans at layer 2.  You need this because it arps the whole subnet to find devices and monitor when they go up down, etc.  You can change how often it arps for something, etc. You can run it on anything really, a pi, a vm you have, something running linux, etc.. I have it running in on a ubuntu vm currently.  Even runs on some NAS boxes, etc.. Synology, QNAP, ReadyNAS You can try it out for 21 days before you have to pay for it.  Its a great little piece of software for monitoring devices on your network be it new stuff that joins or wanting to know when stuff goes down or up, etc.  Since it phones home.. You will know if it goes down as well, etc.  Or you internet is down which would prevent other things from sending you alerts.. You can even have it monitor services like http or ssh, etc.  You get a few "eyes" to watch services in your normal cost.. You can add more for a few bucks, etc.  It even can monitor snmp of switches and show you what sort of util your interfaces are seeing, etc.  It really is a sweet little product for the cost.. Something you setup with arpwarch or nmap or aprping and some cron job is not going to come close to the feature set of domotz, etc.

I have built and used pfSense systems for many years, usually based on an i3 based high clock speed CPU to ensure I get 1Gbps throughput under varying configurations. But under varying configurations means here the raw WAN throughput or am I wrong with this? I am tempted to get a SG-4860 unit as I like the form factor and finding a decent small case with front facing network ports is a pain.  So I have a few questions: There are many solutions to fit your needs in any kind of art and wise! The SG-4860 is able to get also in a 1U rack mount case with front I/O ports! You may also be able to buy the board only and let produce a custom case as you may want it in the desktop factor but w/ fron I/O ports! Schaeffer AG You may also be able to buy a small 1U dual board case and let only drill the front plate or panel as a custom work only on your "special" demands. Case & Frontpanel 1. After the initial year of support, am I free to install a stock community image on the device as I would do for a custom built system? You are free to do so, but if they offer an ADI image that fits to their boards and came pre tuned I would be aware of this was to feed any SG-unit. 2. Would the Atom 4-Core 2.4Ghz CPU be fast enough to sustain 1Gbps even with OpenVPN / IPSec, and packages running such as ntop? I only know one person that was reporting to get with an SG-4860 nearly ~900 MBit/s over a 1 GBit/s symmetric internet line, but not using PPPoE at all. And something likes ~470 MBit/s over IPSec VPN. Link 3. Does the unit support the upcoming 2.5 requiring AES-NI? Yes. 4. Is there any reason you would recommend building a custom system rather that purchasing the SG-4860?  Asking since I can build a mITX based i3-8100 4-Core 3.6GHz, 8GB RAM, 128GB SSD, 4 x Intel NIC system for about the same price as the SG-4860.  It will be larger and the ports will be in the back, which is a bit of a pain in my cabinet. You must get the hardware to fit your needs and not sorted by brands, the one way is supporting the project and the other way is supporting your budget and offers more options too.