@stephenw10 Thanks for the info. I only have a low profile expansion slot available on my pfSense box. I found a low profile bracket on the popular online auction site and got it for a few bucks, then I can try it once it comes in the mail. FWIW Amazon lists it as a currently available product priced at $676 (!) so there might be support for it.

Make sure the IP it's giving you is not conflicting with any other subnet on the firewall.

@mercer2 Super cool router that you bought. That is absolutely my dream router. Hows it been treating you? Did you get the speeds you were expecting?

It's only for a SIM card.

Those are not errors or even warnings. Those are messages from the boot log showing the timecounter hardware being detected/initialised: Nov 10 10:41:17 kernel Timecounter "ARM MPCore Timecounter" frequency 12500000 Hz quality 1000 Nov 10 10:41:17 kernel Event timer "ARM MPCore Eventtimer" frequency 12500000 Hz quality 1000 Both the 1100 and 2100 show that as they share the same SoC. Steve

Mmm, that does seem suspicious. I would normally expect a higher result when testing from a client behind the firewall. Unless that client itself is restricted. You can see that in both cases no single core is maxed out. But when testing from the firewall directly the load created by iperf itself is larger than anything else.

@brad73435 said in Hardware upgrade question.: can I use the saved configuration from the old system? Yes. You can usually import the config and simply re-assign the interfaces but we can also convert the config for you to import directly if it's something more complex. Steve

It didn't want to identify in my server so it got pulled and will try it in my desktop instead.

Does it actually fail to boot or does it just not show anything at the console? What's confusing it is the EFI console for some reason. If you installed legacy it would probably boot fine. It could be come conflict between the serial console and console redirect to the port. Hard to imagine what might have changed there though that wasn't at an upgrade.

@stephenw10 Did not see any jumpers close to where the 4 intpah interfaces are but this might take a while to get it working.

If you want to actually route 10Gbps, yes. I'd expect that CPU to reach something in the 3-4Gbps range. Perhaps that's enough for the times you need to connect between VLANs.

@stephenw10 Thank you very much. I'll give it a try and let you know.

@stephenw10 All interesting stuff. ️

Here is a version with 3 conditional LED adaptions. #!/bin/sh check_current_states=$( pfctl -vvss | grep -e ', rule 84' -e '192.168.1.11' -e '192.168.1.15' ) res=1 resb=1 resc=1 case "$check_current_states" in *", rule 79"* ) res=0 ;; esac case "$check_current_states" in *192.168.1.11* ) resb=0 ;; esac case "$check_current_states" in *192.168.1.15* ) resc=0 ;; esac if [ $res = 0 ] && [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null elif [ $res = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null elif [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null else sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 50 >/dev/null fi if [ $resc = 0 ]; then sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 50 >/dev/null else sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null fi

@stephenw10 said in Would this be hardware enough for 1Gb fiber ?: The current passed by Ethernet is very low, it should never get hot like that. Perhaps you had Power-over-Ethernet configured? ah, sry, it was computer that was hot, not the cable :) That computer is passively cooled.

I just wanted to give an update regarding achieving full throughput on 2.7 CE especially given the recent pfsense plus licensing debacle: I was able to attain the full 23.5 Gbps throughput on 2.7 CE straight from a fresh install and the aforementioned enabling of the hardware offloads by enabling SR-IOV on the Proxmox host and passing into pfSense the virtual functions (virtual nics). In this situation, pfSense uses the iavf driver which is included in CE and precludes the need for if_ice.ko and ice_ddp.ko. On a related note: I was able to hit 31 Gbps on pfSense through an e810-cam2 (which uses the same driver setup as the e823. Though I've only just started playing with this 100GbE nic, so 31 is the starting point.

@stephenw10 the best antenna must be hard to find :)

@stephenw10 Hi Steve, THanks for all your help on this but im giving up. Ripped the card out and sticking with previous setup. Going setup a dev box to play with as trying to do this between meetings on Teams is not easys and there. I am going to look at going down the wireguard route instead and keep openvpn just for the dialin stuff as I need it to use radius.

Thank you for resolving the issue. There are no issues with the system or hardware. It's my installation issue.

It still applies, it's fixed in 23.09-beta. If you can upgrade to Plus and then to beta it should work there. It's broken in current CE versions at least until 2.8 snapshots become available. Steve