Switching from IPFire to pfSense..............

dtruesdale

Have been using IPFire for some time, now I am switching to pfSense since has the tools I require for certs and a few other things.

I have noticed a few things that I am not sure what is causing the issue.

The first is when streaming in services I get hiccups that never happened with IPFire running on the same hardware. Video will get that blocky and high contrast color pixels.

The second is from time to time the gateway drops. Under IPFire never had this happen unless the actual modem was offline. When it happens dpinger goes to a non response and can not be restarted until I take the Wan down then up. Also getting this:

Mar 25 15:03:46 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr 24.169.105.46 identifier "GW_WAN "

There are quite a few in the log. Now since seeing this I have set the MTU to 1500 and MSS to 1460 on the WAN. Have not seen it yet since setting that.

This is the hardware for the CPU:

CPU Type AMD A6-1450 APU with Radeon(TM) HD Graphics
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
4GB of ram
60GB ssd and a 120GB ssd
The NIC's are trendnet usb 3.0 1GB.

Any suggestions or ideas ? All input is appreciated.

Grimson

@dtruesdale said in Switching from IPFire to pfSense..............:

The NIC's are trendnet usb 3.0 1GB.

Good luck, you'll need as much luck as possible with USB NICs.

Or get some PCIe Intel NICs for a much better experience.

dtruesdale

@Grimson Have had zero issues with them with IPFire. they work with the linux with no need to add drivers to the kernel.

Grimson

@dtruesdale said in Switching from IPFire to pfSense..............:

@Grimson Have had zero issues with them with IPFire. they work with the linux with no need to add drivers to the kernel.

pfSense is based on FreeBSD, not Linux.

dtruesdale

@Grimson I understand that, I was just pointing out they are in Linux so more than likely in FreeBSD.

KOM

Since Linux is not FreeBSD, you cannot just make that assumption. Check the FreeBSD hardware compatibility guide. If those NICs work for you then great, but the users here don't have a lot of nice things to say about USB NICs under FreeBSD.

Grimson

@dtruesdale said in Switching from IPFire to pfSense..............:

@Grimson I understand that, I was just pointing out they are in Linux so more than likely in FreeBSD.

You do need to understand that FreeBSD and Linux have as much in common as Windows and MacOS. Just because there are Linux drivers doesn't mean there are FreeBSD drivers, and even if there are the quality of them can be a lot different.

But feel free to make your own experiences, just don't come here crying later on.

dtruesdale

I appreciate the positive trolling here. Thanks maybe I need to find another replacement. Here 30 secs and already get the Arch vibe.......

KOM

Do whatever you think you need to do. We're just warning you about USB NICs under FreeBSD.

Rico

Running any Firewall with USB NICs is worst practice. ;-)

-Rico

dtruesdale

@KOM thank you for the information and I just made one change and it made a huge difference. this unit has 1 on board nic that is gigabit.

This is the unit https://www.amazon.com/gp/product/B076H4F2NK/ref=ppx_yo_dt_b_asin_title_o01_s00?ie=UTF8&psc=1
That is why usb nics on the usb 3.0 ports. By moving WAN to the onboard performance for wan has become stable and consistent.

If this solves my gateway issue I will be fine.

dtruesdale

@Rico none of these units are in a corp environment. Nothing wrong with USB nics other than learning experience. Also would never use anything less than USB 3.0 on USB3.0 ports. Just another path.

stephenw10

Some USB NICs perform.. satisfactorily. You will find people who have been using USB NICs with no problems but they are, unfortunately, outweighed massively by people reporting bad experiences. It's just not worth it for most people.
Some USB NICs are truly awful and it can be hard to know what you're getting when you buy.

Suffice to say they have a justifiably bad rep in FreeBSD/pfSense and you will not regret using the on-board NIC instead.

Steve

dtruesdale

@stephenw10 So far the on board has performed without issue. The usb nics on the internal are performing without issue. With that issue resolved I can now move on to the other things at hand. Setup certs for everything and setup site to site vpn. Will be having IPFire boxes connecting back to the pfSense box. Just have to work out my differences in how to do it since I know IPFire backwards and forwards. Now to learn pfSense.

KOM

Check out the Netgate Youtube channel. Tons of how-to videos on every major topic.

Rico

...and https://docs.netgate.com/pfsense/en/latest/book/index.html

-Rico