pfSense stops working after some time: no buffer space available

fabiolanza

@fishbone222 thanks for your thoughts. I have a mini-itx motherboard with 1 PCIe 16x slot that I am using to connect a NVIDIA Quadro card for hardware transcoding in Plex on my Windows Server VM. Since my motherboard has only 1 network port I had to use the USB adapter to expand. It seems a floppy thing but in reality, it's not and FreeBSD is fully compatible with it. The passthrough works correctly and it's like the card was directly attached to the operating system. I have a ZyXEL firewall appliance but I got tired of the OS and limitations, and decided to use my hypervisor environment to move to pfSense. So far this is the only issue.

bmeeks

@fabiolanza said in pfSense stops working after some time: no buffer space available:

@fishbone222 thanks for your thoughts. I have a mini-itx motherboard with 1 PCIe 16x slot that I am using to connect a NVIDIA Quadro card for hardware transcoding in Plex on my Windows Server VM. Since my motherboard has only 1 network port I had to use the USB adapter to expand. It seems a floppy thing but in reality, it's not and FreeBSD is fully compatible with it. The passthrough works correctly and it's like the card was directly attached to the operating system. I have a ZyXEL firewall appliance but I got tired of the OS and limitations, and decided to use my hypervisor environment to move to pfSense. So far this is the only issue.

USB NICs are, in general, quite lousy. This is especially true when trying to use them in most UNIX/Linux/BSD setups. So your basic root issue is the use of USB NICs. You state that is your only option for your current hardware platform, so you might just be stuck working around the USB NIC problem by doing the reboot now and then. You can attempt some of the tweaks in the document you linked, but honestly I would not have high hopes of full success with the USB NICs.

NollipfSense

@fabiolanza I found this USB 3 NIC that uses Intel chipset and would purchase for another project not related to pfSense, but it was sold out however, I thought to share.

https://www.ebay.com/itm/Syncwire-USB-3-0-to-Ethernet-Adapter-1000-Mbps-RJ45-LAN-Gigabit-Network-Adapter/113718959682?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2060353.m1438.l2649

fabiolanza

@NollipfSense Hi I saw somewhere that these use Realtek chipsets. I searched on Syncwire website but did not find the page for this product. Would you have a datasheet to share? Thanks for the answer by the way.

fabiolanza

@bmeeks thanks for the feedback. Dou you mean USB NICs in general or it's more related to the ASIX AX88179 chipset? I did not find an Intel one.

Gertjan

Really ??

edit : and who is 10.10.10.1 ?

Don't tell my you have pfBlockerNG also installed.

fabiolanza

@Gertjan I have a transit link architecture setup. 10.10.10.2 is the firewall and 10.10.10.1 is my L3 switch.

DaddyGo

@fabiolanza
Sorry again!:

I really didn't want to have a say in your ideas, but somehow you have to start pfSense....(and also learning about it)

is there possibly a mini-PCie socket on this miniITX MOBO?
http://www.commell.com.tw/Product/Peripheral/PCI%20Express%20mini%20card/MPX-350.htm

I've been working with pfSense for a long time (also in a VM environment), but so far I wouldn't dare to start a USB NIC installation

a good piece of advice, don't rigidly stick to what FreeBSD supports, listen to the advice of more experienced colleagues,
(I also wrote that, for example for Realtek is also have driver under FreeBSD, but not even recommended by anyone!)

Plus, I know Asix chips well (these chips cannot be used in this environment), I use it in simple portable MODBUS controllers under Windows, that's all it knows, it's not the basis of a firewall interface (ethernet controller):

fabiolanza

I just would like to mention that after the mbuf cluster adjustment that I did, the previous network issue that I had is no longer there. However, I introduced another error, in which any HTTP download would get interrupted after about 50MB. I can resume, but it would still fail over and over until completion of the download. I got sick of this and re-enabled my firewall appliance that is not nearly as nice as the pfSense. I guess I will have to buy one of the chinese pfSense appliances.

DaddyGo

Chinese stuff is not a good idea, you will make a similar mistake!

https://www.netgate.com/solutions/pfsense/sg-1100.html
https://www.pcengines.ch/apu4d4.htm

fabiolanza

@DaddyGo I understand. This is my motherboard: https://www.asrock.com/mb/AMD/X570%20Phantom%20Gaming-ITXTB3/index.asp. I am using the one 1 PCIe for the GPU. Since this mobo has a Thunderbolt 3 I was thinking about using a Thunderbolt PCIe expansion chassis and then installing a PCIe network card. Any thoughts?

fabiolanza

@DaddyGo I am in Italy and there is not a lot of resellers here. I'd go for the https://www.netgate.com/solutions/pfsense/sg-3100.html because I have a 1Gbps WAN link, but can't find where to buy it. It's a pitty Netgate products are not on Amazon.it.

DaddyGo

I live here not far from you and there are many opportunities to get good hardware

DaddyGo

https://www.netgate.com/partners/locator.html#italy

For a 1 Gig ISP you will need: https://www.netgate.com/solutions/pfsense/sg-3100.html

DaddyGo

@fabiolanza
I understand. This is my motherboard: https://www.asrock.com/mb/AMD/X570 Phantom Gaming-ITXTB3/index.asp. I am using the one 1 PCIe for the GPU. Since this mobo has a Thunderbolt 3 I was thinking about using a Thunderbolt PCIe expansion chassis and then installing a PCIe network card. Any thoughts?

Try to think about dedicated hardware, when you building a firewall and consider the needs of your own system.
These miniITX things are good too, but not my favorites.
Consider consumption, as a firewall operates 24 hours a day. (SOHO)
Don't want to run other things on the "iron" where pfSense is running!

Thunderbolt is not a good starting point either

edit: From the fact that you are going to put a PCIe NIC in an external adapter, even the OP system has to handle Thunderbolt.
This is the same as the USB issue.

fabiolanza

@DaddyGo Thanks for al the thoughts. I will keep using my appliance until I save enough money to buy the Netgate official hardware.

DaddyGo

That's a good idea! (Temporarily )
Get the GPU out of the miniITX and buy an Intel I350-T4 NIC, you'll have great fun in pfSense. THX
https://www.bargainhardware.co.uk/intel-i350-t4-quad-port-rj45-1gbps-low-profile-pcie-x4-nic

fabiolanza

@DaddyGo said in pfSense stops working after some time: no buffer space available:

That's a good idea! (Temporarily )
Get the GPU out of the miniITX and buy an Intel I350-T4 NIC, you'll have great fun in pfSense. THX
https://www.bargainhardware.co.uk/intel-i350-t4-quad-port-rj45-1gbps-low-profile-pcie-x4-nic

Problem is that I would not have the video at all, I am running on a Ryzen so no integrated GPU. On the other hand, I thought about using that Thunderbolt expansion to move the GPU there, and free the PCIe socket to the card you mentioned.

DaddyGo

I haven't reviewed the description of this miniITX, is there a serial port on the motherboard?

Don't forget to install pfSense through the console as well, thus not a requirement VGA or any VIDEO driver

NollipfSense

@fabiolanza I contacted the seller/company that confirmed the chipset was Intel made. I am waiting for them to list more so I can purchase.