Thank you for the extremely quick feedback on this VAMike! I am aware of the realtek view, I have read your discussion on this the other day (https://forum.pfsense.org/index.php?topic=123462.0). So this question definitely didn't mean to be an intel vs. realtek topic, I was more concerned that using both port of the intel dual port adapter will have some speed limitation vs. using both intel and oboard NIC. So thanks for answering this in the second part of your feedback. If the Intel can handle both ports at full speed without any limitation/ drawback, then I am happy to ditch the onboard realtek for sure.

@BlueKobold: For POE I would just need to make sure that I am using Cat5, Cat5e or Cat6 cables correct? Was not sure if there was a difference other than throughput speed or if there was more to it than that. For 1 GBit/s you will need CAT.5e and if you ware willing you can also go with CAT.6(A) if you want to, For 1000baseT you need cat5, which is the cable the 1000baseT spec was designed for. Some additional tests were added to the cable standard and the result was cat5e. The differences mainly involve crosstalk tolerance, and had more impact on connector/punchdown assembly than the cables themselves. Most factory built cat5 cables would pass the cat5e spec but weren't tested/certified as cat5e. (Field terminated cat5 was a mess, as 100baseTX didn't push the specs as hard as 1000baseT, and only used 2 pairs like 10baseT–so some installers back in the day didn't even bother to terminate all four pairs.) In practical terms, any decent cable you buy new today will work fine at 1000baseT. You won't find any cat5 for sale in 2017, and If you're looking ahead to 10GbaseT there's no reason to buy cat5e rather than cat6 (if there's a huge price difference, find a different source.) If you already have cables, they're probably fine--just try them. If you run into problems (like the link takes a long time to come up, or won't get above 100Mbps, or starts at 1000Mbps and then steps down) it's probably the termination--but unless it's a really long run it's not worth fixing rather than tossing it.

I use this board for 4 months now. I have no problems at all. Performance is great using ips, squid, Pfblocker. Power consumption can’t be lower. It’s a very solid board. I like the Ipmi feature.

Possibly just about I would say. Is the connection symmetrical (300/300)?  Will you be maxing out the line all the time? What type of VPN connections will you be using? Will they be on all the time and at the same time? If you want to use squid (caching?) as well at the same time as the VPN you may max out the CPU. Since you have the unit, try and see how well it gets on.  If the CPU maxes out all time or throughput is slow you will know for sure. Realistically though you should try and get hold of an XTM 5 series. 2.3 will be the last 32 bit version and 2.4 will not be available as a nano install. I have an XTM 5 running an Intel Xeon CPU L5420 @ 2.50GHz using the 771 to 775 mod , 4gb ram and an SSD. You need to find the fastest clock rate CPU that you can as the firewall thread only runs on one core.  Faster the clock the more traffic you can shift. In the future even the XTM 5 will not work with pfsense 2.5 as it will require an AES CPU which none of these models do.

Hi all …. I'm still here  ;) Clarifications: I bought the AP42 after a cursory hardware/software review (including pfsense). The Gigabit traffic is not seen by the AP42 because it's isolated locally to the primary DD-WRT router network. So IMHO 10Mbps AP42 interfaces is adequate (Gbe a nice overkill). Yes/No? Back to the basic problem - booting the pfsense USB (built with rufus 2.17) The USB is not recognized by the BIOS, even in legacy boot mode. Tried building on uBuntu with dd. Same issue. Downloaded again, same issue. Seems I'm overlooking something very basic. I was able to boot a rufus built OPNsense img so it must be something else I'm missing. Advice? Final update: 9 days, two posts, no response. Good bye.

Hi, Updating the doc would save time for next users following the 'Getting Started' manual… Thanks, Hakim

I bought the thing on October 12 last year. That device has a 1-year warranty. Sounds like you should immediately register your device for support if it isn't already and open a ticket. Are you running pfSense 2.3.4-p1 like you should be? If not you should probably upgrade. Your WAN interface should be configured as: Default (no preference, typically autoselect)

@VAMike: Maxing out around 70Mbps single core doesn't seem impossible, those were really slow CPUs. It does look like hyperthreading is disabled, so you can see if there's a BIOS setting to enable that. (It also might just not be supported on your motherboard.) You were absolutely right, hyperthreading was disabled. I enabled it and now I have full speed. YEAH! Thank you so much, I never thought about that and probably would have bought new hardware next weekend. And thanks to anybody else for the input.

@BlueKobold: Is there a VPN connection for the update-from-console option? For extra $? There are many secure ways to get it, but mostly some vendors are submitting that over an encrypted tunnel using an internal TMP module for that or doing it in software. … Who are these vendors you speak of? Shoestring budget osdisc.com (its owner's sidejob), random & late linux format? Sincerely, JC Magras

Hey thanks, I saw their offer on Amazon but good to hear they use good components. For the lower Internet connection speeds here in Germany it will be one of the best and often sold hardware in combination with pfSense as I am right informed. It is running here for 100 MBit/s down and 50 MBit/s up for ~ 70 employees together with IPSec VPN, Squid & SquidGuard, snort and pfblockerNG, all is fine. One line of thinking was to start with that and if for whatever reason I don't have enough power on this one, use it as a slave in a HA setup. You will be able to run it in one big 1U" case as well available from the Varia-Store, here is a link to that dual 1U" case; APU2C4 - 1 U" - rack mount case Haven't looked into that too much, but it would enable me to use a VM with plenty of power and a backup unit in case the server gets rebooted / dies / explodes / flies away. That could be also very interesting, but I love more the real hardware HA setup, if one server is "gone" mostly also both VMs are also "gone" please don´t forget this too! For more power you could also have a look on the new Supermicro Atom C3000 line But the network drivers will be not really matching to all NICs that are SoC integrated!!! Stronger and faster then the Intel Atom C2000 series, but slower and less powerful then the Intel Xeon D-15xx series. it is not only interesting what kind of Internet connection speed you are running, also the amount of installed packets, running applications, offered services or used protocols will be also important likes the amount of users and their produced traffic such mailing, surfing, gaming or audio/video streaming!

enable and auto likely do the same thing.  Only disable would behave differently. Note EIST is required if you want to use turbo clocks.

@stephenw10: You may want to add that as a Shellcmd so it gets stored in the config file and survives updates. https://doc.pfsense.org/index.php/Executing_commands_at_boot_time Steve The fix that I put in has been working well for many days now, so I followed the instructions in the link above and found the line in the file /conf/config.xml and inserted the following line right above it: <shellcmd>/usr/sbin/usbconfig -u 0 -a 3 power_off</shellcmd> Then I saved the file and rebooted. Everything seems to be working fine.

Don't do it. A single SSD can saturate practically all network links. Mostly because even with 10GbE you'll still have on-disk compression, caches in RAM and the possibility of using ZFS and having two disks in a pool to increase IO.

Used to run pfsense on a 433 MHz Celeron with 386 MB of memory until recently. Perhaps the memory system is to low, the actual version will be running well, but in the near future the support of the entire hardware will be changing step by step and so it might be a better thing to change now, and go with 64Bit hardware that comes with AES-NI support too. So you might be able to run it likes now for years without any issues. What if it were not that particular hardware, can't you say where the hardware check is done and ways to disable it? There will be not a switch to disable or enable it! As I personally know it, it was announced here in that forum or over the blog on the netgate website, the following changes will be coming with the new version 2.4 and above; No 32Bit support anymore, only 64Bit hardware will be supported (but we got ARM support for two devices (at the moment) therefore or instead of) No NanoBSD support anymore (pfSense version 3.0 will be written totally new from ground and this is also very hard work and to the cost of much time) AES-NI is a must be or must have option and not a can be or should be option (Over the change of using Phyton over PHP and perhaps other things get also changed too) Were they forced to stop building 32bit for technical reasons or was it a management decision? Who should be pressing them to do so? But handling all, I mean, 32Bit and 64Bit, NanoBSD, rewriting version 3.0 totally new from scratch, AES-NI support, QAT, netmap-fwd and tryfwd or fast-fwd, failure and bug hunting, ARM support, might be a bit to much at one time, perhaps this can be differ or changing at one days back who knows, but I personally think it is more the lag of time to realize that all. For a firewall only unit, with low power demands, you has more then one option at this time. Official with support: SG-2220 SG-1000 SG-3100 Alternatives well known and working: APU2C4 Lanner units Scope7 units Qotom Intel i3 AxiomTek units I personally would have a look for the SG-1000 or SG-3100 or APU2C4 as a replacement here.

@ssbarnea: I am still looking for a barebone or minipc, (nearly) silent that can reach 60-70MB/s OpenVPN (256) for under $250/£200. No 2nd hand or repurposed hardware or "run your openvpn from another place". I just want one small router, not a big collection of devices which would only increase the number of possible points of failure. I own this one, no problem to reach 120Mbps OpenVPN (256) https://it.aliexpress.com/item/New-Braswell-mini-pc-M150S-with-2G-ram-8G-SSD-celeron-N3150-Dual-H-D-M/32533935685.html

The UP Squared board can run pfSense 2.4. Pentium N4200 Dual Reltek NICs Up to 8 GB of ram Up to 128 GB of storage 1x mSATA/mPCIe slot 1x M2 2230 slot (non SSDs, only PCIe devices) 1x 6Gbps SATA3 Rapsberry Pi form factor w/GPIO pins (though there are no kernel drivers in FreeBSD 11) Though FreeBSD 11 (which pfSense 2.4 uses) is limited in that it doesn't fully support the Intel eMMC 5.0 specifications.  I'll later test pfSense 2.5 w/FreeBSD 12 when it matures a bit to see if they included the drivers there. I'm personally running Xen on ArchLinux on my UP^2 to gain access to its GPIO and eMMC 5.0 storage, with pfSense running within Xen. The Reltek NICs handle my 500 Mbps up/down Verizon FiOS connection just fine.  As a matter fact, I stress tested the UP^2 with this setup and achieved 890 Mbps UP and Down simultaneously.  OpenVPN I haven't finished setting up yet though. http://www.up-board.org/upsquared/ Link to pfSense on UP Squared: https://up-community.org/wiki/PfSense

pfSense fits a fairly niche market, at least for home users). But for those that fall into that niche, pfSense is a really exceptional tool. To me pfSense is apples and oranges from anything Unifi/Ubiquiti.

I know this is a bit old but i'm just now getting a bit of free time!  ::) @vizi0n: @Fmslick: @stephenw10: The lcdproc package should run pretty reliably in 2.3.4 with whatever option screens you selected. To get the NIC LEDs working as expected you need the modified drivers that set the LED registers correctly. However I've seen some reports of them not running nicely in 2.3.X. YMMV. Steve yeah I will have to work on the LCD a bit and I think I am one of them who is going to have the LED's not run nicely :/ I did modified the drivers and they are still the same. Guess ill have to look into this a bit more.  ::) EDIT/ADD TO: So I got my IDE drive and installed it, I will make a new post later on to update on the progress I am using these: http://www.vizi0n.com/watchguard/if_sk.ko http://www.vizi0n.com/watchguard/if_msk.ko Solid when link up and no activity Blinks when there is activity Works fine on 2.3.4 You can verifiy if the mod is running by running "dmesg | grep LED". You should see an output like this: [2.3.4-RELEASE][admin@pfSense.localdomain]/root: dmesg | grep LED mskc0: <marvell yukon="" 88e8053="" gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0x8000-0x80ff mem 0xd0020000-0xd0023fff irq 16 at device 0.0 on pci1 mskc1: <marvell yukon="" 88e8053="" gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0x9000-0x90ff mem 0xd0120000-0xd0123fff irq 17 at device 0.0 on pci2 mskc2: <marvell yukon="" 88e8053="" gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xa000-0xa0ff mem 0xd0220000-0xd0223fff irq 18 at device 0.0 on pci3 mskc3: <marvell yukon="" 88e8053="" gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xb000-0xb0ff mem 0xd0320000-0xd0323fff irq 19 at device 0.0 on pci4 skc0: <marvell gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xc000-0xc0ff mem 0xd042c000-0xd042ffff irq 16 at device 0.0 on pci5 skc1: <marvell gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xc400-0xc4ff mem 0xd0420000-0xd0423fff irq 17 at device 1.0 on pci5 skc2: <marvell gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xc800-0xc8ff mem 0xd0424000-0xd0427fff irq 18 at device 2.0 on pci5 skc3: <marvell gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xcc00-0xccff mem 0xd0428000-0xd042bfff irq 19 at device 3.0 on pci5</marvell></marvell></marvell></marvell></marvell></marvell></marvell></marvell> Thanks I will give this a try. PS. Sorry I didn't post an update like I said, it was late and I was at the DC working and on a bit of a slow night when I did the mod so I forgot to take pic's  :(

@belt9: One of the new i3 K parts has I think one of if not the highest clock speeds of any consumer Intel CPU, that's the one you'd want for OpenVPN max speed! Intel Core i3-7350K @ 4.20GHz It's no longer number 3 on the Passmark Single Thread performance chart with the new coffee lake CPUs starting to trickle out, but it's still a price performance leader and then some! It's a heck of a CPU for the money and the real sleeper of the Kaby Lake CPUs. Also if you are a gamer, that's the CPU benchmark list to prioritize your CPU choice from.  The vast majority of games are STILL heavily single thread dependent.  In the off chance you have a beast of a video card like a GTX 1080ti so that your CPU will be more likely to bottleneck things, then you want something high on that single thread chart.