@Paint: @mafiosa: how do i set uart 0 to work as default console port? Can you please run this command via the console CLI or SSH? dmesg | grep uart Since your output from this command is: uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 Please add, or create, a file /boot/loader.conf.localand add this to the contents: comconsole_port="0x3F8" hint.uart.0.flags="0x10" Next, go to the pfSense Web GUI. Navigate to System-> Advanced Scroll down to the Serial Communications section and make sure your settings match the following: [image: index.php?action=dlattach;topic=113610.0;attach=84866] Lastly, restart your pfSense box. To confirm that your console is working, please run the following command via SSH or Console CLI: dmesg | grep console If this was successful, the output should look something like this: [2.3.3-DEVELOPMENT][root@pfSense.lan]/root/scripts: dmesg | grep console uart0: console (115200,n,8,1) sc0: <system console=""> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300></system> If you still cannot connect via serial, you are probably using the wrong serial cable setup. I am using the following on my pfSense machine: DB9 Female / DB9 Female Null Modem Mini Adapter: https://www.amazon.com/gp/product/7507825604/ USB to RS232 DB9 Serial Male Converter Adapter Cable with FTDI: https://www.amazon.com/gp/product/B00QUZY4JC/

That would be a nice feature. Bring an interface "administratively" down so that the LEDs stop blinking too and the physical link status breaks. Like cisco equipment.

Ruckus is a bit over the top for a regular home user, except you source your equipment from eBay and such. So did I. For the average home: xclaim wireless (a Ruckus company) regular 802.3af PoE, stand alone OR cloud controller OR App configuration, some of Ruckus' Magic, small, cheap. Only 3 models available: single band, dual-band and AC. Officially no Beamflex but AC has beam-steering in the standard anyways.

I could be wrong, but last year i have rebuild a x700 for pfSense, and i can't remember that i changed or updated the Bios. The should work with the original Bios ( i think). Also, on this blog, there's is no mention of changing or updating the Bios : http://www.copyerror.com/2012/10/18/watchguard-firebox-x500-pfsense-hack/ Grtz DeLorean

try to take a look here, maybe it helps  ;) https://forum.pfsense.org/index.php?topic=115673.0

@jimp: Personally and around the forum you'll find cases where their hardware is dodgy. Some people love it, until it craps out. Others have issues from the start. We sold one of their units for a hot minute until the returns were overwhelming, and that unit still has issues with FreeBSD 10.x and refuses to run it from CF, due to some issue in the unit's ATA controller. Not to mention it doubled as a space heater. It's a big roll of the dice. You may be one of the few that has no problems, but more than likely you'll hit something sooner or later. thank you! appreciate the feedback. I guess I will be another reference point in the Jetway study  ;)

do you have any minipci slots?

@guardian: @CiscoX: @guardian: @CiscoX: I also like to put my smart results of my disk. So far so good… everything looks fine with the smart results.  Only challange I see with that drive is that it's not rated to be running 24x7. If you look at the specs: http://www.seagate.com/files/staticfiles/docs/pdf/datasheet/disc/barracuda-ds1737-1-1111us.pdf you'll see Power-On Hours 2400.  Which is 8 hours/day 5 days/week. It may not have a great lifespan given that a pf box will have the drive spinning 24x7x365… unless you turn stuff off. Thank you very much. I think have to replace this disk then. Maybe WD RED (NAS disk) or what about SSD. Do you have any suggestions? :) Thanks in advanced Replacing the disk is a good idea if high reliability is important.  The bulk of the drive is for logs, packet logging, and rulesets, so there isn't anything that really needs protecting other than the configuration.  As long as you keep a backup of your configuration, it shouldn't matter much.  If the disk fails, you reinstall a fresh copy and reload the config and you're done.  (Might be a good idea to keep a fairly recent copy of the installer on your local computer as if pfSense dies, you won't have any internet unless you have a router you can swap in till you get it fixed.) I'd recommend you use an SSD as speed will help if you are logging packets.  Also quiet and cooler with no moving parts - if you buy a decent brand, an  SSD will likely last a lot longer than a mechanical disk, but you never know.  For mechanical disks, I'd recommend Western Digital.  Seagate were good once , but lately I've had way too much BAD experience with  them-Seagate seem to be going for cheap/volume.  Don't know if their enterprise stuff is better, but I've never had any experience with it.  WD Blacks in PC's - WD Reds in NAS - Samsung SSDs for boot drive and embedded devices like pfSense box.  (May be better SSD choices, I bought based on speed/performance ratings from test sites-can't comment about longevity since none of the ones I own are over 1 year old.) If you do use an SSD make sure you enable trim (wear leveling) to make sure you get best life/use out of the disk. I used these instructions and based on personal experience they worked no problem with a Samsung 850 EVO SSD. Original Source: https://forum.pfsense.org/index.php?topic=114202.msg634936#msg634936``` I enabled TRIM on the Samsung SSD as follows.  Below is compiled from several other posters here..so thanks! 1.  booted pfSense from USB stick and installed pfSense to SSD 2.  Used Putty to connect to the box, fired up the shell and obtained ufsid by showing the fstab file:         [2.2.4-RELEASE][root@pfSense.localdomain]/root: cat /etc/fstab         # Device                Mountpoint      FStype  Options        Dump    Pass#         /dev/ufsid/576dca6e13175d08            /              ufs    rw              1      1 3.  booted pfSense from USB stick into single-user mode 4.  at the # prompt, the following was issued:       /sbin/tunefs -t enable /dev/ufsid/576dca6e13175d08 (your ufsid will be different!       /sbin/reboot 5.  booted pfSense from SSD.  Again using putty, ran this command from shell to see if TRIM was enabled.       /sbin/tunefs -p / Hope this helps. Thank you so much for the information. I do run backup almost every day of my pfSense :) I will probably go for the WD Red or Samsung SSD 850 EVO(run this one on my other computers, never experienced any kind of problem with them) when my Seagate is "dead" :)

For what you describe (now and the future) that box has plenty of horsepower. I'd fire it up and try it out. Let us know how it goes.

2gb of DDR1? 64bit system? That must be a really old server .

Let me ask this question a different way: Is there a difference between using a SG-2220 with a managed switch vs using a SG-2440 for layer 2 network segmentation?

So to bring the actual topic to a point… would a 2358 make a Gbit capable pfSense platform

I would not personally trust two radio cards inside a traditional firewall style case. I know we've tested it and found it not to work on our hardware, and likely it fails elsewhere as well. RF interference is a given in that case. Just get an AP and you'll keep your sanity.

Where's the problem to find a case (with front access) that fits? http://www.ebay.de/itm/302012051373 http://www.ebay.de/itm/351603650038 You can still get them new.

@Pippin: The second idea is the difference between 948 Mbps normal and 270 Mbps OpenVPN (unencrypted). Mainly caused by packets travelling between kernel and userland, and OpenVPN`s internal fragmenting and defragmenting, here CPU power (of single core!!!) comes into play. When version OpenVPN 2.4 is ready, bringing AES-GCM, it is expected that throughput will go up. The other issue probably related to process threading, the "pf" is now capable to support multi-threading, while as what I remember OpenVPN doesn't, for those low end ATOM devices we usually need 1-2 core's power to have NAT running at 1Gbps throughput, which means if we allow only single core operation the NAT probably will be cap at ~700Mbps, and OpenVPN will have more impact because it's adding burden on the CPU as well.

Lots of small packets are just difficult to process in general. If you want to fill a 1 Gb pipe with 64 byte frames, you likely need something like netmap to do so, no tool like iperf is going to achieve that rate. With a single stream between a given source and destination, you're not likely going to utilize all the queues on the NIC. Assuming you didn't force it to a single queue (which would be bad), that's likely why you're not getting >1 core utilized.

What is the firmware version on your modem? In which mode are you going to use your modem - RAS or NDIS (means PPP or Network Card)? If you see no com port created in pfSense - plug your modem into any computer, make sure it's detected by the OS and check from any terminal emulator: AT^SETPORT?

Would love to also hear someone's input on this, I have 350Mbps connection, and I want to have a dedicated openvpn rig. SG-2440/4860 ASUS Q87T (BIOS update to F4 is needed) Intel Core i3 (4 Core @3,0GHz) Intel i350-T4 (Quad port NIC) miniPCIe WiFi & mSATA card PicoPSU 160 Watt 8 GB RAM M350 Supermicro C2558/C2758 PicoPSU 160 Watt 8 GB RAM M350 Gigabyte GA-6LISL Intel Xeon E3-1240v3 Intel i350-T4 8 GB RAM M350

Hello, maybe you should take a look on this thread: https://forum.pfsense.org/index.php?topic=114945.msg639526#msg639526 I wanted to replace the home router with one that is able to perform an OpenVPN client at full line speed. For example, mine can manage a VPN connection up to 120Mbs, while the one of Paint up to almost 300Mbs. The AESNI support helps to reach the same performance with a lower load of the CPU and therefore with a lower heating. Fully loaded, the system consumes just over 10W.

WOW~ , I  never thought about that ,  next time I will try to convert to non-RAID mode. I get T130 with a H730 by my supplier ( NOT directly to Dell) , I told them my requirement , and they give me a hardware list. Actually , I want to buy pfsense  XG-2758 directly , it is more cheaper than T130 , but I can not convince my boss about how to fix machine  when it is malfunction.