PfSense i7-4510U + 2x Intel 82574 + 2x Intel i350 (miniPCIE) Mini-ITX Build
-
I was still getting the Watchdog Queue Timeout on the em0 driver, until I got an error stating that the kernel hit the Maximum Fragment Entries in the firewall.
I tweaked the Firewall Maximum Fragment Entries, Firewall Maximum Table Entries, and Firewall Maximum States in System->Advanced->Firewall & NAT to larger values and I haven't had a freeze yet!
-
Hi,
What was the cost of the PC & what sort of wattage is being used?
THanks,
Rich -
Hi,
What was the cost of the PC & what sort of wattage is being used?
THanks,
RichNot sure about the wattage, but can test. It if it's really that important.
The machine with the switch was 350 uad
-
Hi Paint,
could you please run the simple OpenVPN benchmark referenced here:
https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743 (Reply #9 message)Executing the command on my router with a Celeron N3150 I get
27.41 real 25.62 user 1.77 sys(3200 / 27.41) = 117 Mbps OpenVPN performance (estimate)
This value perfectly fits to the result of a real speed test.
I recently got an upgrade to 250/100 connection and I'm considering buying a mini PC as your own if it were able to sustain this speed through the OpenVPN connection.
Thanks!
Here is the output:
[2.3.1-RELEASE][root@pfSense.lan]/root: openvpn --genkey --secret /tmp/secret [2.3.1-RELEASE][root@pfSense.lan]/root: time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc 10.682u 0.677s 0:11.36 99.9% 742+177k 0+0io 1pf+0w [2.3.1-RELEASE][root@pfSense.lan]/root:
(3200 / 11.36) = 281.7 Mbps OpenVPN performance (estimate)
wow, I'm a little surprised, I would have thought an i7-4500U would be able to do more than ~300mbps over vpn.
I'm assuming this is without AES-NI? I'd be very curious to know the throughput when it's finally here as part of OpenVPN 2.4 (https://forum.pfsense.org/index.php?topic=109539.0)
-
Hi Paint,
could you please run the simple OpenVPN benchmark referenced here:
https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743 (Reply #9 message)Executing the command on my router with a Celeron N3150 I get
27.41 real 25.62 user 1.77 sys(3200 / 27.41) = 117 Mbps OpenVPN performance (estimate)
This value perfectly fits to the result of a real speed test.
I recently got an upgrade to 250/100 connection and I'm considering buying a mini PC as your own if it were able to sustain this speed through the OpenVPN connection.
Thanks!
Here is the output:
[2.3.1-RELEASE][root@pfSense.lan]/root: openvpn --genkey --secret /tmp/secret [2.3.1-RELEASE][root@pfSense.lan]/root: time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc 10.682u 0.677s 0:11.36 99.9% 742+177k 0+0io 1pf+0w [2.3.1-RELEASE][root@pfSense.lan]/root:
(3200 / 11.36) = 281.7 Mbps OpenVPN performance (estimate)
wow, I'm a little surprised, I would have thought an i7-4500U would be able to do more than ~300mbps over vpn.
I'm assuming this is without AES-NI? I'd be very curious to know the throughput when it's finally here as part of OpenVPN 2.4 (https://forum.pfsense.org/index.php?topic=109539.0)
That test is relatively theoretical.
The processor does support AES-NI. I have made some additional tweaks and plan on adding an additional ethernet port via a Jetway i350 intel chipset minipci board.
I will run some more in depth tests tomorrow.
-
Hi Paint,
could you please run the simple OpenVPN benchmark referenced here:
https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743 (Reply #9 message)Executing the command on my router with a Celeron N3150 I get
27.41 real 25.62 user 1.77 sys(3200 / 27.41) = 117 Mbps OpenVPN performance (estimate)
This value perfectly fits to the result of a real speed test.
I recently got an upgrade to 250/100 connection and I'm considering buying a mini PC as your own if it were able to sustain this speed through the OpenVPN connection.
Thanks!
Here is the output:
[2.3.1-RELEASE][root@pfSense.lan]/root: openvpn --genkey --secret /tmp/secret [2.3.1-RELEASE][root@pfSense.lan]/root: time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc 10.682u 0.677s 0:11.36 99.9% 742+177k 0+0io 1pf+0w [2.3.1-RELEASE][root@pfSense.lan]/root:
(3200 / 11.36) = 281.7 Mbps OpenVPN performance (estimate)
wow, I'm a little surprised, I would have thought an i7-4500U would be able to do more than ~300mbps over vpn.
I'm assuming this is without AES-NI? I'd be very curious to know the throughput when it's finally here as part of OpenVPN 2.4 (https://forum.pfsense.org/index.php?topic=109539.0)
I ran this test again with my CPU set to MAX (hw.acpi.cpu.cx_lowest="Cmax") and AES-NI CPU-based Acceleration. I also have SNORT + Barnyard2 running with pfBlockerNG.
Here is a full list of my services: avahi, dhcpd, dnsbl, dpinger, miniupnpd, ntopng, ntpd, openvpn, radvd, snort, sshd, and unbound[2.3.2-DEVELOPMENT][root@pfSense.lan]/root: openvpn --genkey --secret /tmp/secret [2.3.2-DEVELOPMENT][root@pfSense.lan]/root: time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc 10.106u 0.558s 0:10.67 99.8% 743+178k 0+0io 0pf+0w
(3200 / 10.67) = 299.9 Mbps OpenVPN performance (estimate)
-
I tested my OpenVPN connection through work with iperf:
Server:
iperf.exe -s -u -p 5123 -i 5 -w 64K -P 100
Client:
iperf.exe -c 192.168.1.50 -u -p 5123 -b 5000m -i 5 -t 120 -w 64K -P 100
I was able to get the following averages:
| Bandwidth | Jitter |
| 787.89 Mbits/sec | 0.078 ms | -
Hi,
I saw you have pfBlockerNG, IPv6, unbound running, Do you use DNSBL? if so, Do you have any issue that unbound isn't restarted properly with IPv6/DNSBL running each time pfSense IPv6 WAN IP got renewed (in fact, the IP isn't changed at all)? see also: https://forum.pfsense.org/index.php?topic=113193.0
-
Hi,
I saw you have pfBlockerNG, IPv6, unbound running, Do you use DNSBL? if so, Do you have any issue that unbound isn't restarted properly with IPv6/DNSBL running each time pfSense IPv6 WAN IP got renewed (in fact, the IP isn't changed at all)? see also: https://forum.pfsense.org/index.php?topic=113193.0
Yes, i am also running DNSBL.
I haven't noticed any unbound restarts on WAN dhcp renewals. FiOS hadn't switched to DHCPv6, so I am only using DHCPv4 for my WAN and a 6to4 HE. Net Tunnel GIF
-
Hi,
I saw you have pfBlockerNG, IPv6, unbound running, Do you use DNSBL? if so, Do you have any issue that unbound isn't restarted properly with IPv6/DNSBL running each time pfSense IPv6 WAN IP got renewed (in fact, the IP isn't changed at all)? see also: https://forum.pfsense.org/index.php?topic=113193.0
I actually experienced this issue last night! I will post in the thread you mentioned about the issue. thank you!
-
I am still getting the Watchdog Queue Timeout on the em0 driver once in a while so I decided to upgrade my ethernet to the Intel i350 chipset.
Jetway is the only company producing a Mini-PCI card that has this server based Intel Ethernet chipset - ADMPEIDLB - http://www.jetwaycomputer.com/spec/expansion/ADMPEIDLB.pdf
I was able to speak to someone in their California headquarters (her name was Angel) and purchased this board for $75 shipped! It arrives on Thursday, so I will let everyone know updated Ethernet performance figures.
-
recently fixed my serial console by adding the following to my /boot/loader.conf.local:
comconsole_port="0x2F8" hint.uart.0.flags="0x0" hint.uart.1.flags="0x10"
as well as the following settings in the GUI:
-
I added a Jetway Mini-PCIe Intel i350 ADMPEIDLB 2x Gigabit adapter to this machine.
The em(4) freebsd driver used with the on-board 2x Intel 82574 adapters would cause watchdog timeouts every 2-3 days.The Intel i350 ADMPEIDLB 2x Gigabit adapter uses the igb driver, which is much more stable.
I ran some iperf tests from my HTPC - which also has a 4x i350 Intel Ethernet adapter in it - and my laptop (wireless AC) at the same time. I was able to fully saturate both adapters to gigabit speeds while also maintaining my 150/150 outbound WAN. For my setup, this adapter works perfectly!I ordered the ADMPEIDLB board for $75 + s/h directly from Jetway. They have 3 more in stock, I believe (talk to Angel on the phone, tell them Josh sent you if you want one).
http://www.jetwayipc.com/content/?ADMPEIDLB_3450.htmlI updated my thread with my loader.conf.local and sysctl.conf settings: https://forum.pfsense.org/index.php?topic=113610.msg637025#msg637025
To install the board, I removed one of the 6 UART COM ports that this machine originally came with. I was able to route the wires through that hole and Velcro the board (without the PCI bracket) to the side of the machine. Looks pretty good for a home built machine, if you ask me!