Peter,

I'm glad you are all set. Enjoy your firewall!

Cool. Thanks again for the help guys.

Merry Christmas!! 🎄

I've recently purchased and configured from scratch my first pfSense box using the MBT-4220. It's been running well for about a week now and I'll have a few weeks further to evaluate it and tweak it. This MBT-4220 is a great replacement for a quite old FreeBSD system I've not upgraded in years.

For home use this is more than adequate and meets my needs:

DHCP pools and static mapping OpenSSH user shell OpenVPN connection for family mobile devices traffic mapping using ntopng
*Queing
*Squid/squidguard

Many of these things I configured by hand in the past but now have everything in a nice little box. Wifi access is provided by a separate wifi router.

I've read about replacing the fan with a heat sink so I'm investigating that as a possible upgrade.

For home the cpu runs 4-10% depending on activity and ntopng. Load averages are about 0.24 with a video stream running. Temperature with the fan is about 38-40°C.

Configuring OpenVPN for my family's phones and PCs is pretty simple. It's been good to add squidguard on the OpenVPN interfaces so I can filter out the trackers and ads (and other unwanted content).

Thank you, Derelict, for your suggestion. Support was able to help me.
-Fred

@mhab12

I think this might be it (can't reach the DNS servers). I swapped the 3.1 modem for a 3.0 modem I had used for a long time with no problems. So far the problem has ceased. I was actually hoping it would be the modem, but the behavior from pfSense is well uhm, a bug if you ask me. You're trying to work out a problem and pfSense just contributes to the problem.

Well thanks all for replies.

Yes, I could ping. Yes it was a rapid reply. I did not ssh into the box. Once the above appeared to solve the problem I did not want to go back to the old modem since it seems clear (for now) the problem is not with pf Sense.

Regards,
Barry

Thanks Stephen.
SUCCESS!
Here is a synopsis of what I did in case someone else encounters this problem:

Marvell>>boot
...
loader>boot -s
...
Trying to mount root from ufs:/dev/diskid/DISK-CEF032182700058s2a [rw,noatime]...
WARNING: / was not properly dismounted
Enter full pathname of shell or RETURN for /bin/sh:

fsck -y

...

fsck -y

...

fsck -y

...
***** FILE SYSTEM MARKED CLEAN *****
#reboot
...

Netgate SG-3100 - Serial: 1130180696 - Netgate Device ID: bdfbc7c1c133fb11d042

*** Welcome to pfSense 2.4.4-RELEASE (arm) on pfSense ***

WAN (wan) -> mvneta2 -> v4/DHCP4: 192.168.1.9/24
LAN (lan) -> mvneta1 -> v4: 192.168.3.1/31
OPT1 (opt1) -> mvneta0 -> v4: 192.168.100.1/32

Logout (SSH only) 9) pfTop Assign Interfaces 10) Filter Logs Set interface(s) IP address 11) Restart webConfigurator Reset webConfigurator password 12) PHP shell + pfSense tools Reset to factory defaults 13) Update from console Reboot system 14) Enable Secure Shell (sshd) Halt system 15) Restore recent configuration Ping host 16) Restart PHP-FPM Shell

Enter an option:

@chrismacmahon : Thanks, I appreciate any help/info provided. I'm aware we are not currently on paid support so no expectations.

I would look into using IPSEC instead of the OpenVPN client connection you are using, you will see a speed improvement.

My unit's getting around 100Mbps when on AES-128-CBC (UDP), adding SHA1 auth drops me to ~80Mbps.

Same link using IPSec (IKEv2, AES-128-GCM), I get around 150Mbps

Aside from an older bug https://forum.netgate.com/topic/130980/suricata-not-limiting-log-sizes-by-default Suricata shouldn't use much disk space. I checked a client's SG-3100 and Disk Usage on the pfSense home page shows "24% of 7.0GiB."

Ok, I'll try a fresh install of 2.4.4-p1 today and report back. Much appreciated

Yes, thanks. I went back to my backup before the changes, redid it from the start again and this time it worked. ☺

In your place I'd drop some Ticket to the support guys: https://go.netgate.com

-Rico

Yes I know, AES-128-CBC was the maximum Speed for my SG-3100.

-Rico

Good to know. Thank you so much. I am gonna pursue the matter on the other thread. As for what I wanted to know initially, you answered me beautifully. All the best.

@luckman212 said in SG-5100 package contents mystery:

BiWIN C6308

Hi guys,

Were any of you successful in eventually finding a M.2 SSD that would work with the SG-5100?

@sean-allen said in SG-3100 Slow Throughput:

@rico Interesting. You'd sacrifice 80-90% of the links speed to get the flexibility OpenVPN offers? That really says something...like I'm going to hate it if I try IPSec.

It may appear to be 80-90% because 100Mb of 1000Mb but in reality IPSEC on the 3100 is only going to do @300. So yea, you’re giving up 66% in speed but only compared 300Mb. In my use, primarily mobile, I like OpenVPN for it “stay connectedness” vs IPSEC which can be less resilient to connection changes. OpenVPN vs IPSEC security I will let others speak on.

Pretty sure the crypto chip in the sg-3100 will allow it to work with 2.5. Thought I read on here that was one of the reasons they included it, besides the cpu not supporting aes-ni.

I just looked at my 2 sg3100 both in IDF rooms at their locations and 1 is running 51C and the other is at 55C.

product lifecycle

Hi and thanks for responding.

I think the solution lies with the following device, which may have been discontinued. They were running upwards of $500 a pop but I managed to pick up 2 of them, which I have used successfully for a number of other serial terminals.

https://www.raritan.com/products/kvm-serial/accessories/dominion-serial-access-modules

I think it would just be a simple matter of cutting off one end of a USB mini cable and crimping a CAT-5 connector to it, wired in the correct order, but I've had to put this project on the backburner. I also exchanged my XG-7100 for an SG-5100, but both devices have a USB Mini console port (my old FW-7551 had a CAT-5 jack for console so it was a no-brainer with the DSAM).

I will be needing to drop the SG-5100 into place within the next month or so and I will be sure to post my results. Feel free to follow up if you beat me to the punch!