Help with hardware build
-
@teh:
Put stuff together tonight. Looks like I got unlucky with the eBay hardware pull, dmesg is reporting that the NIC is "<intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">" instead of an i340… Any reason I should issue a return other than the power usage?
I saw a few people say that using port one as WAN and the other three ports bridged as WAN was not a good idea. Is that old or is that still the case? I think I have a gigabit switch floating around...</intel(r)>
hmmm, I'm not sure that this is telling you that you have a PRO/1000.
when you run dmesg what driver does it list? if it's "igb" then it's an i340, if it's "em" then it's a PRO/1000.
Also check this output and see what chipset it's using:
pciconf -lv -
hmmm, I'm not sure that this is telling you that you have a PRO/1000.
when you run dmesg what driver does it list? if it's "igb" then it's an i340, if it's "em" then it's a PRO/1000.
Also check this output and see what chipset it's using:
pciconf -lvigb0@pci0:1:0:0: class=0x020000 card=0x12a28086 chip=0x150e8086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = '82580 Gigabit Network Connection' class = network subclass = ethernet -
Yeah looks like an i340 to me, 82580 is the i340 chipset, PRO/1000 is 82571.
https://ark.intel.com/compare/50495,49186It looks like the FreeBSD man page lists the igb driver as PRO/1000, some old dual port NICs, i340, i21x and i35x. The name is "Intel(R) PRO/1000 PCI Express Gigabit Ethernet adapter driver" which is why it shows up like that. But you got an i340!
https://www.freebsd.org/cgi/man.cgi?igb(4) -
Yeah looks like an i340 to me, 82580 is the i340 chipset, PRO/1000 is 82571.
https://ark.intel.com/compare/50495,49186Phew, I was worried!
Any thoughts on bridging all the ports (other than WAN) or should I use a switch?
It looks like the FreeBSD man page lists the igb driver as PRO/1000, some old dual port NICs, i340, i21x and i35x. The name is "Intel(R) PRO/1000 PCI Express Gigabit Ethernet adapter driver" which is why it shows up like that. But you got an i340!
https://www.freebsd.org/cgi/man.cgi?igb(4) -
@teh:
Any thoughts on bridging all the ports (other than WAN) or should I use a switch?
https://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used
It is normally best to avoid such configurations as they can be problematic
I've never tried it so I can't say from experience. Just looking at that document you certainly can do it but may have some issues.
If you have the time time and would prefer to bridge than switch then give it a shot and if it doesn't work out dust off the switch.
-
Congrats!
Maxing out the VPN connection for a little while (Steam downloads and 5k youtube videos are an easy way to do this) with IDS/IPS, packages on/off and posting up your RRD graphs for the time period are very useful!
Also just your general performance in real world day to day usage is valuable for others to know!
There a home brew VPN benchmark on here that seems to be reasonably accurate for some but is by no means definitive. It's still fun to see how different CPUs stack up if nothing else.
https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743
# openvpn --genkey --secret /tmp/secret# time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc# time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc# time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-gcm( 3200 / execution_time_seconds ) = Projected Maximum OpenVPN Performance in Mbps
Ran these benchmarks:
AES-256-CBC : 267.9 Mbps
AES-256-GCM: 282.4 MbpsAES-128-CBC: 270.0 Mbps
AES-128-GCM: 284.9 MbpsZero issues in real world use. Maxing out my line (300 Mbps down) with pfBlockerNG setup uses ~10% CPU.
-
Very nice, Thank you for the feedback!
-
Very nice, Thank you for the feedback!
I am going to play around more and get things setup. But so far so good! I get to do all kinds of fun tinkering and learn, so it has been great.
-
@teh:
Congrats!
Maxing out the VPN connection for a little while (Steam downloads and 5k youtube videos are an easy way to do this) with IDS/IPS, packages on/off and posting up your RRD graphs for the time period are very useful!
Also just your general performance in real world day to day usage is valuable for others to know!
There a home brew VPN benchmark on here that seems to be reasonably accurate for some but is by no means definitive. It's still fun to see how different CPUs stack up if nothing else.
https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743
# openvpn --genkey --secret /tmp/secret# time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc# time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc# time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-gcm( 3200 / execution_time_seconds ) = Projected Maximum OpenVPN Performance in Mbps
Ran these benchmarks:
AES-256-CBC : 267.9 Mbps
AES-256-GCM: 282.4 MbpsAES-128-CBC: 270.0 Mbps
AES-128-GCM: 284.9 MbpsZero issues in real world use. Maxing out my line (300 Mbps down) with pfBlockerNG setup uses ~10% CPU.
I have the same CPU as you, but running on the Asrock J3455-ITX board and pfsense 2.4 :)
Where those 300Mbps running through VPN?
I have 100/100Mbps, but I'm stuck at 0.5Mbps with their standard settings and 75/25mbps with adding fast-io, sndbuf 524288 and rcvbuf 524288 running PIA VPN on pfsense and was wondering if you use the same provider?
(Running their PC client I get 99/98Mbps) so there must be something wrong with my settings, since you can hit 300Mbps.Also how and where do you type in those commands to run the theoretical speed tests?
Thanks
-
Yeah I use PIA VPN, those tests are synthetic and don't necessarily represent real world performance. You can run those commands in SSH.
But the performance you are getting is definitely a configuration issue.
I get 160Mbps real world usage on a J3355 and PIA VPN and the CPU isn't even working hard.
Granted, a J3355 will be faster than a J3455 with OpenVPN but you should still hey WAY faster than .5 Mbps.
Post up your settings and we'll try to get your VPN straightened out.
-
Yeah I use PIA VPN, those tests are synthetic and don't necessarily represent real world performance. You can run those commands in SSH.
But the performance you are getting is definitely a configuration issue.
I get 160Mbps real world usage on a J3355 and PIA VPN and the CPU isn't even working hard.
Granted, a J3355 will be faster than a J3455 with OpenVPN but you should still hey WAY faster than .5 Mbps.
Post up your settings and we'll try to get your VPN straightened out.
Thank you
I made a new post here on pfsense since I didnt want to hijack this thread. https://forum.pfsense.org/index.php?topic=129193.0
I ran the test in SSH:
256 cbc = 11.724s = 272.9Mbps
256 gcm = 11.329s = 282.5Mbps128 cbc = 11.573s = 276.5Mbps
128 gcm = 11.094s = 288,4Mbpspfsense 2.4b
Asrock J3455-ITX
2x4GB HyperX DDR3L 1866MHz
2x16GB SanDisk Ultra Fit