I think but am not sure PT is a server class card, CT is definitely desktop class. Also 500MB is megabytes not megabits ;)  Plenty of capacity for a gigabit card.

@Balanga: How do I tell what protocols my modem supports? Assuming you have one of the popular Huawei LTE modems like 3272/3276/3372 the rule is very simple: with 21.X firmware you have a choice of RAS (PPP) and NDIS (network card) with 22.X firmware you have a NAT router (HiLink) All I want to do is get my Modem to act as an NDIS device. Do any of those protocols equate to NDIS? Here is an example with E3276: AT^SETPORT=? ^SETPORT:1: 3G MODEM ^SETPORT:2: 3G PCUI ^SETPORT:3: 3G DIAG ^SETPORT:5: 3G GPS ^SETPORT:A: BLUE TOOTH ^SETPORT:16: NCM ^SETPORT:A1: CDROM ^SETPORT:A2: SD ^SETPORT:10: 4G MODEM ^SETPORT:12: 4G PCUI ^SETPORT:13: 4G DIAG ^SETPORT:14: 4G GPS this is what modem supports AT^SETPORT?                                                                    ^SETPORT:FF;10,12,16 this is what I have active This combination or composition as I referred to it earlier affects USB device PID which is presented to a host system and used by the device driver. In the example provided earlier this corresponds to "idProduct = 0x1506". So 'FF' means I don't need anything before the driver installed, 10 is PPP interface, 12 is a COM port used for commands (PC User Interface), 16 is a network card. 3g driver in pfSense will pick first two. There is no native support for NDIS in pfSense, some people were successful using custom scripts to bring the connection up. using ppp, I need a Userid and password. I don't have these and can get online without in other environments. In most cases you can leave those fields empty or put whatever you want in the username field. Some carriers may require the phonenumber to be used as username with no password.

Indeed there's no 802.11ac support in FreeBSD and hence pfSense at this time. Additionally there is no M.2 socket in the SG-4860. There are mPCIe slots you can use though. Older Atheros based cards will work such as the one we previously stocked: http://webcache.googleusercontent.com/search?q=cache:BGgZhXcr-o4J:store.netgate.com/APU-wireless.aspx Generally though you can usually get better coverage by using an external access point. Steve

I've added a fan on top of the Qutum for one reason only. I'm not comfortable with fanless machines locked up in a cabinet with no airflow around them together with 2x NAS units that warm up the ambient air considerably. To be clear this is not an issue with the device, it run super stable without the fan, I just don't like HW running at 50c continuously especially when the fan is silent and the cabinet insulates all the noise anyway. Any fanless i5 unit would be in the same position due to the 14watts needing dissipating somehow so your real alternative is to look at lower TDP parts if you want fanless and are not comfortable with a 50-60C operating range. The CPU will work till 100C or so, so it's not like the unit is overheating.

@umuzidan: USB WiFi Adapters that have removable antennas which work very well with pfSense / FreeBSD. there isn't any, that work "very well" that is. There are very few usb wifi adapters that work with freebsd to begin with and of those they are typically just a dongle/stick. You might have better luck asking Here. But your top response is going to be just don't do it and get a dedicated WAP

@johnpoz: … As to spending money on the HD AP.. Do you have wave 2 clients?  Are you getting wave 2 clients anytime soon?  what is your internet speed?  How much data do you move about locally via wifi?  The cost different between a AC Pro and the HD model more than 2x -- the HD models are wave 2 AC, while the PRO is just wave 1 AC..  If your not going to be changing clients in the next few years that will support wave 2, and actually have the network to make use of those speeds.. Or are just moving files locally over wifi which seems odd if you have a gig wired network, etc. But hey its your money..  I would love to have some HD to play with, but not in the budget currently since don't have any wave 2 clients to take advantage of them, etc. Thanks. Our internet connection is 32/8 now but will be getting fiber this fall or in the spring 2018. Wave 2 clients again no, will be updating our hardware this fall as well with new apple releases, our server is straggling sometimes with HD content. Wow, I did not see that coming when you suggest to get UniFi Security Gateway. To be honest I was not aware it was existed in UniFi product line. I like the idea one brand integration but does it compares well to SG-2440 pfSense?

The device ID is in 2.4: https://github.com/pfsense/FreeBSD-src/blob/devel/sys/dev/amdtemp/amdtemp.c#L83 Also see: https://forum.pfsense.org/index.php?topic=106261.0 Steve

@Actionhenk: What you thought is right. That is what i currently have. It is working but i would like to know what the benefit would be switching over to physical nics. So you already have 2 physical NICs and they are connected to the 2 virtual switches? In that case you probably won't see much benefit from adding more interfaces. What you probably should do is measure what line rates you get. Example: iperf between outer subnet and inner subnet on the physical ingress and egress ports iperf between pfSense LAN (virtual) and physical LAN (so one iperf instance on pfSense, and one on a LAN box) if you get good NAT speeds, you probably don't need to change anything, if you get bad NAT but good LAN-LAN, you probably need to tweak your settings, but if you get bad LAN-LAN and bad NAT, you may need better interfaces indeed. What network cards are you using at this moment?

@Ryu945: I just need to know how the software is capping the hardware so I can try to find the best hardware for handling the problem. This might help you understand the limitations of OpenVPN, it certainly helped me :) https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux Here you will see some proper tests on OpenVPN and ways to optimise it with the right hardware. Don't forget if you are using mobile devices its unlikely that you can support the fragment command hence the above won't work and you'll be stuck with an unoptimised OpenVPN connection. However for point to point server connections or connections from Laptops/desktops to "home" it should work. Also this WILL NOT work for connections as client to VPN providers as they do not allow you to alter the connection parameters (tun size, fragment etc). In that case multi-openvpn gateways is the answer and you will be comfortably hitting 500-700mbps with a dual core quad connection OpenVPN configuration. Finally the tests are done on Linux so your milage may vary with FreeBSD which PFSense is based on. Summary from the link above: 1. First bottleneck is the OpenSSL encryption / decryption routines perform better with larger packet sizes due to the way the algorithm works. This also helps reducing the context switching between user space and kernel space as more data are fed in one packet hence reducing the switching overhead (less switching is done) 2. Second is AES NI acceleration on the CPU and support being compiled into the OpenSSL library 3. Encryption itself. Without encryption they managed to hit almost gigabit speeds with jumbo frames in the TUN In general you will need a CPU with the highest possible CPU clock as OpenVPN is not multithreaded. Even with that though you will NOT hit gigabit speeds due to the encryption overhead. From my personal experience with the above settings I am hitting about 300mbps from my Digital Ocean web server to my gigabit connection at home. CPU utilisation on the Digital Ocean Ubuntu box is about 90% on the OpenVPN process so it could be the virtual CPU limiting me or the network stack/virtualisation drivers they are using. On my personal devices I use IPSec where I get a comfortable 400-500 mbps throughput and I would strongly advise you the same unless the IPSec ports are blocked for whatever reason.

It's sometimes good to have access to both NIC types. If you have a fast PPPoE connection for example you are probably better off using an em NIC for that currently. https://redmine.pfsense.org/issues/4821 Steve

Just to put a number on it I would expect an Atom N280 to be capable of passing somewhere in the 350-400Mbps range with default firewall and NAT. It's the right decision not to spend money on that at this point. Besides the previously mentioned lack of AES-NI (pfSense 2.5) it's a 32bit CPU which means it won't run pfSense 2.4. We will be supporting older versions for sometime after the newer releases but we expect 2.4 to be released relatively soon. Steve

For PPP some kind of tutorial is here. With 22.X firmware your modem cannot run PPP, firmware needs to be changed to 21.X, keep in mind the difference between 3372s and 3372h - firmware files are different! For HiLink modems (i.e. those running 22.X firmware) you can read here.

Thanks everyone, really appreciate it.  :) :)

Thanks both for replying. I already bought this one: http://www.ebay.com/itm/1U-Server-Supermicro-X8STI-F-Intel-Xeon-L5630-Quad-Core-16GB-RAM-2x-3-5-HD-Bay-/152606623062?hash=item2388104556:g:2FEAAOSwiQ9ZVqEs The CPU is great for what I want (running VMs and pfsense), has AES-NI, Hyper-Threading, and a TDP of 40W! The other parts are also perfect, It has 2 Intel NIC, 16gb of RAM and I can put the server in my rack. Is going to take a couple of weeks before it gets here (Uruguay, south america), I will let you know how it went by then.

@BlueKobold: my pfsense is sitting on an intel pentium e5300 2.6ghz and 4gb of ram This CPU is not supporting AES-NI and in some years perhaps you might be taking a newer one, if you want to stay with the actual pfSense releases, or am I wrong with that. correct, no aes-ni, i'll upgrade when the time comes. when i was reading about it, it was projected at over a year away. lower end intel cpu's didn't receive aes-ni until 4th gen. So I'll probably look at an intel core i3 4330 or comparable Pentium….depending on how they ebay, other wise if the price hasn't dropped that much ill just go 5th or 6th gen.

On top of all that, a cheap (crappy?) chinese box probably would be a beter fit, with Intel nics and a more fitting CPU/SoC for the same or a lower price point. I get it, new boards and marketing are cool, but don't get yourself trapped in the 'shiny new thing' cycle.

lol, I haven't browsed the boards for awhile, but like normal there is a lot of useful information in detail here.  You guys are funny and very informative.  I think you scared the OP off lol. If you come back Nitewolf, I have used the HP v2 for years now and love it because it's quiet and reliable for homeuse…at least from my experience.  I previously used corporate class switches (Nortel and Cisco), but I got tired of the jet fans and noise.  The HP switch has enough power and config options for most home use.