Re: [pfSense] pfsense h/w

[Josh Reynolds]

It's not your "fault", it's "my fault". I made an apparently poor 
assumption that the info might be useful to people on this list in a 
small-blurb format. Useful or not, it caused extra background noise.


I'd perfer to let this /offtopic end, if you will.

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 03:07 PM, Ryan Coleman wrote:

I did ask the reply to be off-list…



On Oct 24, 2014, at 17:57, Josh Reynolds > wrote:


"You said it, man. Nobody fucks with the Jesus."

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 02:54 PM, Jim Thompson wrote:

Josh,


First, did you not read the part where I said, "(At least not until 
we make pfSense available on Ubiquiti platforms.)” ??


Note that I’ve *always* said that pfSense software on the ERL will 
occur *after* (emphasis: **AFTER**) the regular 2.2 release.


WAIT, BACK UP. DID YOU READ THE */_AFTER_/* PART?  I just want to be 
clear.


A-F-T-E-R

Now, since you asked,

There is currently an upstream problem with the (MIPS) toolchain. 
 Once we have that sorted, the effort will resume.  We’re also in a 
(much) deeper
relationship with Cavium now, so there is a possibility that we can 
put some of the acceleration bits in with time.


Frankly, there is an internal build of pfSense software for the 
Beaglebone Black, too.  Not that we’re planning on selling BBB 
(though Netgate
will be selling same) with pfSense software pre-loaded, but it does 
allow us to work out the kinks in the process to support 
architectures other

than i386 and amd64.

But this is all still very back-burner compared to the effort to get 
pfSense 2.2 to a RELEASEd status.


The lizard has spoken.

Jim

On Oct 24, 2014, at 5:37 PM, Josh Reynolds > wrote:


Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?

Your own post:
"When what I'm trying to do is make pfSense available on an inexpensive
platform.  It should perform better than an Alix, even without the
private-SDK stunts.

Jim"

from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 10:14 AM, Jim Thompson wrote:


This list is not about Ubiquiti.   (At least not until we make 
pfSense available on Ubiquiti platforms.)


Please take the discussion elsewhere.

jim


On Oct 24, 2014, at 12:38 PM, Josh Reynolds > wrote:


I am the CIO of a WISP who uses their products, and does a lot of 
alpha/beta testing for them and other vendors... I may be a 
little biased.


The M series gear is pretty good kit for point to point or point 
to multi point applications. AirFiber is great for ~10 mile or 
less shots, with bandwidth a little over 765Mbps full duplex on 
short range shots with the AF24. The new UniFi products are 
looking good, basically localor remote "cloud" managed routers, 
switches, access points, and phones, with plans to fold the 
unifi-video line directly in, as well as the mFi sensor line into 
the same interface. The camera hardware is getting better, but 
the native camera feature set needs work... I can't seem to get 
it pounded into peoples heads that RTSP and cookieless jpg 
snapshots should be native on the cameras themselves.


1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd 
still like to see more work done on the HA front- I need more 
than VRRP. The QoS engine and firewall engines could both stand 
to be rebuilt, and might be in the fairly near future. The 
standard 8 port edgerouter and edgerouter pro models are pretty 
nice. I'm excited to see how the "carrier" and other future 
models turn out.


There-- that's a quick writeup that should be useful for people 
on this list.








Did Thompson molt yet?

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 05:53 AM, Ryan Coleman wrote:

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well 
as high capacity wifi) and I'd be curious to get some pros/cons 
from those who know... so please email me off list (so as not to 
offend the other Thompson on the list... he might molt on me 
anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of 
Brocade when I wrote that.  I could also use UBNT's competitor, 
MikroTik, as a good example of how to build decent products the 
wrong way, but Brocade was my target here. You're a paragon of 
open-source stewardship in comparison!




_

Re: [pfSense] pfsense h/w

[Ryan Coleman]

I did ask the reply to be off-list… 



> On Oct 24, 2014, at 17:57, Josh Reynolds  wrote:
> 
> "You said it, man. Nobody fucks with the Jesus."
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
> 02:54 PM, Jim Thompson wrote:
>> Josh,
>> 
>> 
>> First, did you not read the part where I said, "(At least not until we make 
>> pfSense available on Ubiquiti platforms.)” ??
>> 
>> Note that I’ve *always* said that pfSense software on the ERL will occur 
>> *after* (emphasis: **AFTER**) the regular 2.2 release.
>> 
>> WAIT, BACK UP. DID YOU READ THE AFTER PART?  I just want to be clear.
>> 
>> A-F-T-E-R
>> 
>> Now, since you asked,
>> 
>> There is currently an upstream problem with the (MIPS) toolchain.  Once we 
>> have that sorted, the effort will resume.  We’re also in a (much) deeper
>> relationship with Cavium now, so there is a possibility that we can put some 
>> of the acceleration bits in with time.
>> 
>> Frankly, there is an internal build of pfSense software for the Beaglebone 
>> Black, too.  Not that we’re planning on selling BBB (though Netgate
>> will be selling same) with pfSense software pre-loaded, but it does allow us 
>> to work out the kinks in the process to support architectures other
>> than i386 and amd64.
>> 
>> But this is all still very back-burner compared to the effort to get pfSense 
>> 2.2 to a RELEASEd status.
>> 
>> The lizard has spoken.
>> 
>> Jim
>> 
>>> On Oct 24, 2014, at 5:37 PM, Josh Reynolds >> > wrote:
>>> 
>>> Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?
>>> 
>>> Your own post:
>>> "When what I'm trying to do is make pfSense available on an inexpensive
>>> platform.  It should perform better than an Alix, even without the
>>> private-SDK stunts.
>>> 
>>> Jim"
>>> 
>>> from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html 
>>> 
>>> Josh Reynolds, Chief Information Officer
>>> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
>>> 10:14 AM, Jim Thompson wrote:
 
 This list is not about Ubiquiti.   (At least not until we make pfSense 
 available on Ubiquiti platforms.)
 
 Please take the discussion elsewhere.
 
 jim
 
 
> On Oct 24, 2014, at 12:38 PM, Josh Reynolds  > wrote:
> 
> I am the CIO of a WISP who uses their products, and does a lot of 
> alpha/beta testing for them and other vendors... I may be a little biased.
> 
> The M series gear is pretty good kit for point to point or point to multi 
> point applications. AirFiber is great for ~10 mile or less shots, with 
> bandwidth a little over 765Mbps full duplex on short range shots with the 
> AF24. The new UniFi products are looking good, basically local or remote 
> "cloud" managed routers, switches, access points, and phones, with plans 
> to fold the unifi-video line directly in, as well as the mFi sensor line 
> into the same interface. The camera hardware is getting better, but the 
> native camera feature set needs work... I can't seem to get it pounded 
> into peoples heads that RTSP and cookieless jpg snapshots should be 
> native on the cameras themselves.
> 
> 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still 
> like to see more work done on the HA front - I need more than VRRP. The 
> QoS engine and firewall engines could both stand to be rebuilt, and might 
> be in the fairly near future. The standard 8 port edgerouter and 
> edgerouter pro models are pretty nice. I'm excited to see how the 
> "carrier" and other future models turn out.
> 
> There -- that's a quick writeup that should be useful for people on this 
> list.
> 
> 
> 
> 
> 
> 
> 
> Did Thompson molt yet?
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
> 05:53 AM, Ryan Coleman wrote:
>> I presume UBNT is Ubiquiti? 
>> 
>> I'm probably going to start testing their hardware for other 
>> applications (I work in the video surveillance industry as well as high 
>> capacity wifi) and I'd be curious to get some pros/cons from those who 
>> know... so please email me off list (so as not to offend the other 
>> Thompson on the list... he might molt on me anyway). 
>> 
>> Sliante! 
>> 
>> 
>> On 10/24/2014 4:03 AM, Adam Thompson wrote: 
>>> [One public correction, nothing to do with Godwin's law!  -Adam] 
>>> 
>>> On 14-10-23 08:36 PM, Jim Thompson wrote: 
> Not that UBNT is a paragon of openness, either, 
 “either”? Wow. Strike 2. 
>>> That wasn't a dig at you or ESF or NG - I was thinking of Brocade when 
>>> I wrote that.  I could also use UB

Re: [pfSense] pfsense h/w

[Josh Reynolds]

"You said it, man. Nobody fucks with the Jesus."

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 02:54 PM, Jim Thompson wrote:

Josh,


First, did you not read the part where I said, "(At least not until we 
make pfSense available on Ubiquiti platforms.)” ??


Note that I’ve *always* said that pfSense software on the ERL will 
occur *after* (emphasis: **AFTER**) the regular 2.2 release.


WAIT, BACK UP. DID YOU READ THE */_AFTER_/* PART?  I just want to be 
clear.


A-F-T-E-R

Now, since you asked,

There is currently an upstream problem with the (MIPS) toolchain. 
 Once we have that sorted, the effort will resume.  We’re also in a 
(much) deeper
relationship with Cavium now, so there is a possibility that we can 
put some of the acceleration bits in with time.


Frankly, there is an internal build of pfSense software for the 
Beaglebone Black, too.  Not that we’re planning on selling BBB (though 
Netgate
will be selling same) with pfSense software pre-loaded, but it does 
allow us to work out the kinks in the process to support architectures 
other

than i386 and amd64.

But this is all still very back-burner compared to the effort to get 
pfSense 2.2 to a RELEASEd status.


The lizard has spoken.

Jim

On Oct 24, 2014, at 5:37 PM, Josh Reynolds > wrote:


Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?

Your own post:
"When what I'm trying to do is make pfSense available on an inexpensive
platform.  It should perform better than an Alix, even without the
private-SDK stunts.

Jim"

from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 10:14 AM, Jim Thompson wrote:


This list is not about Ubiquiti.   (At least not until we make 
pfSense available on Ubiquiti platforms.)


Please take the discussion elsewhere.

jim


On Oct 24, 2014, at 12:38 PM, Josh Reynolds > wrote:


I am the CIO of a WISP who uses their products, and does a lot of 
alpha/beta testing for them and other vendors... I may be a little 
biased.


The M series gear is pretty good kit for point to point or point to 
multi point applications. AirFiber is great for ~10 mile or less 
shots, with bandwidth a little over 765Mbps full duplex on short 
range shots with the AF24. The new UniFi products are looking good, 
basically localor remote "cloud" managed routers, switches, access 
points, and phones, with plans to fold the unifi-video line 
directly in, as well as the mFi sensor line into the same 
interface. The camera hardware is getting better, but the native 
camera feature set needs work... I can't seem to get it pounded 
into peoples heads that RTSP and cookieless jpg snapshots should be 
native on the cameras themselves.


1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd 
still like to see more work done on the HA front- I need more than 
VRRP. The QoS engine and firewall engines could both stand to be 
rebuilt, and might be in the fairly near future. The standard 8 
port edgerouter and edgerouter pro models are pretty nice. I'm 
excited to see how the "carrier" and other future models turn out.


There-- that's a quick writeup that should be useful for people on 
this list.








Did Thompson molt yet?

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 05:53 AM, Ryan Coleman wrote:

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well as 
high capacity wifi) and I'd be curious to get some pros/cons from 
those who know... so please email me off list (so as not to offend 
the other Thompson on the list... he might molt on me anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade 
when I wrote that. I could also use UBNT's competitor, MikroTik, 
as a good example of how to build decent products the wrong way, 
but Brocade was my target here.  You're a paragon of open-source 
stewardship in comparison!




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.

Re: [pfSense] pfsense h/w

[Jim Thompson]

Josh,


First, did you not read the part where I said, "(At least not until we make 
pfSense available on Ubiquiti platforms.)” ??

Note that I’ve *always* said that pfSense software on the ERL will occur 
*after* (emphasis: **AFTER**) the regular 2.2 release.

WAIT, BACK UP. DID YOU READ THE AFTER PART?  I just want to be clear.

A-F-T-E-R

Now, since you asked,

There is currently an upstream problem with the (MIPS) toolchain.  Once we have 
that sorted, the effort will resume.  We’re also in a (much) deeper
relationship with Cavium now, so there is a possibility that we can put some of 
the acceleration bits in with time.

Frankly, there is an internal build of pfSense software for the Beaglebone 
Black, too.  Not that we’re planning on selling BBB (though Netgate
will be selling same) with pfSense software pre-loaded, but it does allow us to 
work out the kinks in the process to support architectures other
than i386 and amd64.

But this is all still very back-burner compared to the effort to get pfSense 
2.2 to a RELEASEd status.

The lizard has spoken.

Jim

> On Oct 24, 2014, at 5:37 PM, Josh Reynolds  wrote:
> 
> Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?
> 
> Your own post:
> "When what I'm trying to do is make pfSense available on an inexpensive
> platform.  It should perform better than an Alix, even without the
> private-SDK stunts.
> 
> Jim"
> 
> from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html 
> 
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
> 10:14 AM, Jim Thompson wrote:
>> 
>> This list is not about Ubiquiti.   (At least not until we make pfSense 
>> available on Ubiquiti platforms.)
>> 
>> Please take the discussion elsewhere.
>> 
>> jim
>> 
>> 
>>> On Oct 24, 2014, at 12:38 PM, Josh Reynolds >> > wrote:
>>> 
>>> I am the CIO of a WISP who uses their products, and does a lot of 
>>> alpha/beta testing for them and other vendors... I may be a little biased.
>>> 
>>> The M series gear is pretty good kit for point to point or point to multi 
>>> point applications. AirFiber is great for ~10 mile or less shots, with 
>>> bandwidth a little over 765Mbps full duplex on short range shots with the 
>>> AF24. The new UniFi products are looking good, basically local or remote 
>>> "cloud" managed routers, switches, access points, and phones, with plans to 
>>> fold the unifi-video line directly in, as well as the mFi sensor line into 
>>> the same interface. The camera hardware is getting better, but the native 
>>> camera feature set needs work... I can't seem to get it pounded into 
>>> peoples heads that RTSP and cookieless jpg snapshots should be native on 
>>> the cameras themselves.
>>> 
>>> 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still 
>>> like to see more work done on the HA front - I need more than VRRP. The QoS 
>>> engine and firewall engines could both stand to be rebuilt, and might be in 
>>> the fairly near future. The standard 8 port edgerouter and edgerouter pro 
>>> models are pretty nice. I'm excited to see how the "carrier" and other 
>>> future models turn out.
>>> 
>>> There -- that's a quick writeup that should be useful for people on this 
>>> list.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Did Thompson molt yet?
>>> Josh Reynolds, Chief Information Officer
>>> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
>>> 05:53 AM, Ryan Coleman wrote:
 I presume UBNT is Ubiquiti? 
 
 I'm probably going to start testing their hardware for other applications 
 (I work in the video surveillance industry as well as high capacity wifi) 
 and I'd be curious to get some pros/cons from those who know... so please 
 email me off list (so as not to offend the other Thompson on the list... 
 he might molt on me anyway). 
 
 Sliante! 
 
 
 On 10/24/2014 4:03 AM, Adam Thompson wrote: 
> [One public correction, nothing to do with Godwin's law!  -Adam] 
> 
> On 14-10-23 08:36 PM, Jim Thompson wrote: 
>>> Not that UBNT is a paragon of openness, either, 
>> “either”? Wow. Strike 2. 
> That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I 
> wrote that.  I could also use UBNT's competitor, MikroTik, as a good 
> example of how to build decent products the wrong way, but Brocade was my 
> target here.  You're a paragon of open-source stewardship in comparison! 
> 
 
 ___ 
 List mailing list 
 List@lists.pfsense.org  
 https://lists.pfsense.org/mailman/listinfo/list 
 
>>> 
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org 

Re: [pfSense] pfsense h/w

[Josh Reynolds]

Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?

Your own post:
"When what I'm trying to do is make pfSense available on an inexpensive
platform.  It should perform better than an Alix, even without the
private-SDK stunts.

Jim"

from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 10:14 AM, Jim Thompson wrote:


This list is not about Ubiquiti.   (At least not until we make pfSense 
available on Ubiquiti platforms.)


Please take the discussion elsewhere.

jim


On Oct 24, 2014, at 12:38 PM, Josh Reynolds > wrote:


I am the CIO of a WISP who uses their products, and does a lot of 
alpha/beta testing for them and other vendors... I may be a little 
biased.


The M series gear is pretty good kit for point to point or point to 
multi point applications. AirFiber is great for ~10 mile or less 
shots, with bandwidth a little over 765Mbps full duplex on short 
range shots with the AF24. The new UniFi products are looking good, 
basically localor remote "cloud" managed routers, switches, access 
points, and phones, with plans to fold the unifi-video line directly 
in, as well as the mFi sensor line into the same interface. The 
camera hardware is getting better, but the native camera feature set 
needs work... I can't seem to get it pounded into peoples heads that 
RTSP and cookieless jpg snapshots should be native on the cameras 
themselves.


1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd 
still like to see more work done on the HA front- I need more than 
VRRP. The QoS engine and firewall engines could both stand to be 
rebuilt, and might be in the fairly near future. The standard 8 port 
edgerouter and edgerouter pro models are pretty nice. I'm excited to 
see how the "carrier" and other future models turn out.


There-- that's a quick writeup that should be useful for people on 
this list.








Did Thompson molt yet?

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 05:53 AM, Ryan Coleman wrote:

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well as 
high capacity wifi) and I'd be curious to get some pros/cons from 
those who know... so please email me off list (so as not to offend 
the other Thompson on the list... he might molt on me anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade 
when I wrote that.  I could also use UBNT's competitor, MikroTik, 
as a good example of how to build decent products the wrong way, 
but Brocade was my target here.  You're a paragon of open-source 
stewardship in comparison!




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Jim Thompson]

This list is not about Ubiquiti.   (At least not until we make pfSense 
available on Ubiquiti platforms.)

Please take the discussion elsewhere.

jim


> On Oct 24, 2014, at 12:38 PM, Josh Reynolds  wrote:
> 
> I am the CIO of a WISP who uses their products, and does a lot of alpha/beta 
> testing for them and other vendors... I may be a little biased.
> 
> The M series gear is pretty good kit for point to point or point to multi 
> point applications. AirFiber is great for ~10 mile or less shots, with 
> bandwidth a little over 765Mbps full duplex on short range shots with the 
> AF24. The new UniFi products are looking good, basically local or remote 
> "cloud" managed routers, switches, access points, and phones, with plans to 
> fold the unifi-video line directly in, as well as the mFi sensor line into 
> the same interface. The camera hardware is getting better, but the native 
> camera feature set needs work... I can't seem to get it pounded into peoples 
> heads that RTSP and cookieless jpg snapshots should be native on the cameras 
> themselves.
> 
> 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still like 
> to see more work done on the HA front - I need more than VRRP. The QoS engine 
> and firewall engines could both stand to be rebuilt, and might be in the 
> fairly near future. The standard 8 port edgerouter and edgerouter pro models 
> are pretty nice. I'm excited to see how the "carrier" and other future models 
> turn out.
> 
> There -- that's a quick writeup that should be useful for people on this list.
> 
> 
> 
> 
> 
> 
> 
> Did Thompson molt yet?
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
> 05:53 AM, Ryan Coleman wrote:
>> I presume UBNT is Ubiquiti? 
>> 
>> I'm probably going to start testing their hardware for other applications (I 
>> work in the video surveillance industry as well as high capacity wifi) and 
>> I'd be curious to get some pros/cons from those who know... so please email 
>> me off list (so as not to offend the other Thompson on the list... he might 
>> molt on me anyway). 
>> 
>> Sliante! 
>> 
>> 
>> On 10/24/2014 4:03 AM, Adam Thompson wrote: 
>>> [One public correction, nothing to do with Godwin's law!  -Adam] 
>>> 
>>> On 14-10-23 08:36 PM, Jim Thompson wrote: 
> Not that UBNT is a paragon of openness, either, 
 “either”? Wow. Strike 2. 
>>> That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I 
>>> wrote that.  I could also use UBNT's competitor, MikroTik, as a good 
>>> example of how to build decent products the wrong way, but Brocade was my 
>>> target here.  You're a paragon of open-source stewardship in comparison! 
>>> 
>> 
>> ___ 
>> List mailing list 
>> List@lists.pfsense.org  
>> https://lists.pfsense.org/mailman/listinfo/list 
>> 
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Josh Reynolds]

I am the CIO of a WISP who uses their products, and does a lot of 
alpha/beta testing for them and other vendors... I may be a little biased.


The M series gear is pretty good kit for point to point or point to 
multi point applications. AirFiber is great for ~10 mile or less shots, 
with bandwidth a little over 765Mbps full duplex on short range shots 
with the AF24. The new UniFi products are looking good, basically 
localor remote "cloud" managed routers, switches, access points, and 
phones, with plans to fold the unifi-video line directly in, as well as 
the mFi sensor line into the same interface. The camera hardware is 
getting better, but the native camera feature set needs work... I can't 
seem to get it pounded into peoples heads that RTSP and cookieless jpg 
snapshots should be native on the cameras themselves.


1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still 
like to see more work done on the HA front- I need more than VRRP. The 
QoS engine and firewall engines could both stand to be rebuilt, and 
might be in the fairly near future. The standard 8 port edgerouter and 
edgerouter pro models are pretty nice. I'm excited to see how the 
"carrier" and other future models turn out.


There-- that's a quick writeup that should be useful for people on this 
list.








Did Thompson molt yet?

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 05:53 AM, Ryan Coleman wrote:

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well as 
high capacity wifi) and I'd be curious to get some pros/cons from 
those who know... so please email me off list (so as not to offend the 
other Thompson on the list... he might molt on me anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade 
when I wrote that.  I could also use UBNT's competitor, MikroTik, as 
a good example of how to build decent products the wrong way, but 
Brocade was my target here.  You're a paragon of open-source 
stewardship in comparison!




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Ryan Coleman]

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well as high 
capacity wifi) and I'd be curious to get some pros/cons from those who 
know... so please email me off list (so as not to offend the other 
Thompson on the list... he might molt on me anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade when 
I wrote that.  I could also use UBNT's competitor, MikroTik, as a good 
example of how to build decent products the wrong way, but Brocade was 
my target here.  You're a paragon of open-source stewardship in 
comparison!




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Adam Thompson]

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I 
wrote that.  I could also use UBNT's competitor, MikroTik, as a good 
example of how to build decent products the wrong way, but Brocade was 
my target here.  You're a paragon of open-source stewardship in comparison!


--
-Adam Thompson
 athom...@athompso.net

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Josh Reynolds]

I'm very intrigued as to what happened with UBNThere, as Robert, Stig, 
and An-Cheng's phone numbers are all in my contact list.


I've called them out on concerns over their gpl tarball and (fairly 
recent) lack of SDK as well, but then again, I've also called out 
MikroTik... which they've ignored.


Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/23/2014 05:36 PM, Jim Thompson wrote:

On Oct 23, 2014, at 7:48 PM, Adam Thompson  wrote:

[Hmm... half of this doesn't need to be on-list.  Sorry if I'm polluting. -Adam]


On 14-10-23 05:57 PM, Jim Thompson wrote:

I get that Jim rubs a lot of people the wrong way (myself included),

Darn, you’d think that sharing a last name would count for something...

Sorry, no.  ;-)
Kind of in the same way Theo de Raadt rubs people the wrong way.

Wow.   You just compared me to Theo.

I’m done.

Anyone want to buy a firewall company?

It’s either that, or I invoke Godwin’s law.  (Or its corollary, “Thompson’s 
Law”:   That the thread is over once someone compares one of the participants 
to Mr. de Raadt.)

(It’s left to you to decide who gets the eponymous glory.)


Mostly just idiots & newbies take offense.  And it's mostly driven, I think, by 
having your lifetime supply of tolerance for people who speak first and think 
second be long-since exhausted.  So as long as you don't start saying incorrect or 
technically-invalid things, your audience sticks around.  See closing comments, 
below.


I think some people are waiting for “the other shoe to drop”.  For us to take 
the pfSense project in a direction similar to what happened with Vyatta.

Yeah... it's a possibility.  OTOH, I'll point out that UBNT essentially forked Vyatta 
(and renamed it "EdgeOS", IIRC) when Brocade started to close it all up.  Not 
that UBNT is a paragon of openness, either,

“either”?  Wow.  Strike 2.   You probably don’t want to know that Jamie and I 
nearly bought Ubiquiti from Mr. Pera, or that we let the company live when he 
owed us a pile of cash.

I’m not going into details, but Ubiquiti did violate Vyatta’s license, got 
called on it, and had to reverse direction for a bit.


but that's the benefit of the appropriate license - everyone can feel free to 
copy (or fork!) pfSense from any of the multitude of places it lives online 
right now, and feel free to burn it to archival WORM media Just In Case 
Something Bad Happens To The Project.

As Jim pointed out, however, when you resurrect it (and somehow replace all the 
infrastructure and developers in one fell swoop, *ahem*), you can't call your 
new project pfSense.  You can have an FAQ entry explaining how it used to be 
pfSense, you can even leave the GIT, or SVN, or even SCCS repository up as-is 
with the pfSense name throughout it, but as soon as you create a derivative 
work: new project.


... pfSense is going closed source,

Technically, this could happen, but realistically, someone will probably fork 
it.  And that project will likely die out or remove itself from public 
participation, as these things tend to do.
For that matter, remember that pfSense is (sort of) a fork of m0n0wall from a 
decade ago in the first place.  For different reasons, but nonetheless.

As if I didn’t know, had forgotten, or wish people would forget.

Just in-case you have forgotten, Netgate originally shipped m0n0wall on WRAP 
boards, then cut-over to pfSense quite early after the fork.


  and Jim Thompson is actually a blood thirsty, extra-terrestrial, 
shapeshifting reptile.

Well, that explains a few things!  

It explains everything, actually.


Finally, I think there is still a segment of the community who views me with 
distrust because I put a license agreement and contributor agreement in front 
of access to the source code for the pfSense project.   We didn’t articulate 
the reasons for doing this very well, and the execution when we did it wasn’t … 
optimal.

I wasn't affected by that, and - AFAIK - neither were most of the people who 
whine and cadge about a commercial entity being involved.

I don't recall what the license used to be, but clearly the current one is a 
custom license that doesn't even attempt to follow the UCB/BSD license.  As 
long as ESF covered all their legal bases properly, they can do whatever the 
f*** they want with the license. I can see how old contributors might not like 
the new CLA, though. And I don't know of any project that has ever pivoted on a 
license change this way ... optimally.

There is an agreement that allows access to the pfsense-tools repo.  As 
pre-requisite to that agreement, a contributor agreement must be in-place.  
Once you have the code, you’ll find the license in the individual files to be 
the same as it always was (mostly BSD 3 clause, but there are a smattering of 
other files.)   Doesn’t matter, you already agreed to the other license, that’s 
the hack.

The license is non-transferable, but if you build and release a version 

Re: [pfSense] pfsense h/w

[Jim Thompson]

> On Oct 23, 2014, at 7:48 PM, Adam Thompson  wrote:
> 
> [Hmm... half of this doesn't need to be on-list.  Sorry if I'm polluting. 
> -Adam]
> 
> 
> On 14-10-23 05:57 PM, Jim Thompson wrote:
>>> I get that Jim rubs a lot of people the wrong way (myself included),
>> Darn, you’d think that sharing a last name would count for something...
> Sorry, no.  ;-)
> Kind of in the same way Theo de Raadt rubs people the wrong way.

Wow.   You just compared me to Theo.

I’m done.

Anyone want to buy a firewall company?

It’s either that, or I invoke Godwin’s law.  (Or its corollary, “Thompson’s 
Law”:   That the thread is over once someone compares one of the participants 
to Mr. de Raadt.)

(It’s left to you to decide who gets the eponymous glory.)

> Mostly just idiots & newbies take offense.  And it's mostly driven, I think, 
> by having your lifetime supply of tolerance for people who speak first and 
> think second be long-since exhausted.  So as long as you don't start saying 
> incorrect or technically-invalid things, your audience sticks around.  See 
> closing comments, below.
> 
>> I think some people are waiting for “the other shoe to drop”.  For us to 
>> take the pfSense project in a direction similar to what happened with Vyatta.
> Yeah... it's a possibility.  OTOH, I'll point out that UBNT essentially 
> forked Vyatta (and renamed it "EdgeOS", IIRC) when Brocade started to close 
> it all up.  Not that UBNT is a paragon of openness, either,

“either”?  Wow.  Strike 2.   You probably don’t want to know that Jamie and I 
nearly bought Ubiquiti from Mr. Pera, or that we let the company live when he 
owed us a pile of cash.

I’m not going into details, but Ubiquiti did violate Vyatta’s license, got 
called on it, and had to reverse direction for a bit.

> but that's the benefit of the appropriate license - everyone can feel free to 
> copy (or fork!) pfSense from any of the multitude of places it lives online 
> right now, and feel free to burn it to archival WORM media Just In Case 
> Something Bad Happens To The Project.
> 
> As Jim pointed out, however, when you resurrect it (and somehow replace all 
> the infrastructure and developers in one fell swoop, *ahem*), you can't call 
> your new project pfSense.  You can have an FAQ entry explaining how it used 
> to be pfSense, you can even leave the GIT, or SVN, or even SCCS repository up 
> as-is with the pfSense name throughout it, but as soon as you create a 
> derivative work: new project.
> 
>> ... pfSense is going closed source,
> Technically, this could happen, but realistically, someone will probably fork 
> it.  And that project will likely die out or remove itself from public 
> participation, as these things tend to do.
> For that matter, remember that pfSense is (sort of) a fork of m0n0wall from a 
> decade ago in the first place.  For different reasons, but nonetheless.

As if I didn’t know, had forgotten, or wish people would forget.   

Just in-case you have forgotten, Netgate originally shipped m0n0wall on WRAP 
boards, then cut-over to pfSense quite early after the fork.

>>  and Jim Thompson is actually a blood thirsty, extra-terrestrial, 
>> shapeshifting reptile.
> Well, that explains a few things!  

It explains everything, actually.

>> Finally, I think there is still a segment of the community who views me with 
>> distrust because I put a license agreement and contributor agreement in 
>> front of access to the source code for the pfSense project.   We didn’t 
>> articulate the reasons for doing this very well, and the execution when we 
>> did it wasn’t … optimal.
> I wasn't affected by that, and - AFAIK - neither were most of the people who 
> whine and cadge about a commercial entity being involved.
> 
> I don't recall what the license used to be, but clearly the current one is a 
> custom license that doesn't even attempt to follow the UCB/BSD license.  As 
> long as ESF covered all their legal bases properly, they can do whatever the 
> f*** they want with the license. I can see how old contributors might not 
> like the new CLA, though. And I don't know of any project that has ever 
> pivoted on a license change this way ... optimally.

There is an agreement that allows access to the pfsense-tools repo.  As 
pre-requisite to that agreement, a contributor agreement must be in-place.  
Once you have the code, you’ll find the license in the individual files to be 
the same as it always was (mostly BSD 3 clause, but there are a smattering of 
other files.)   Doesn’t matter, you already agreed to the other license, that’s 
the hack.

The license is non-transferable, but if you build and release a version 
otherwise in compliance with the license, you must license your version under 
substantially similar terms.

>> Ugh…  were you around for the 2.1.5 release with the “Gold” menu 
>> front-and-center (and the resultant shitstorm)?
> Long before that, yes, but I think I managed to skip the affected versions by 
> accident, so I forgo

Re: [pfSense] pfsense h/w

[Adam Thompson]

[Hmm... half of this doesn't need to be on-list.  Sorry if I'm 
polluting. -Adam]



On 14-10-23 05:57 PM, Jim Thompson wrote:

I get that Jim rubs a lot of people the wrong way (myself included),

Darn, you’d think that sharing a last name would count for something...

Sorry, no.  ;-)
Kind of in the same way Theo de Raadt rubs people the wrong way. Mostly 
just idiots & newbies take offense.  And it's mostly driven, I think, by 
having your lifetime supply of tolerance for people who speak first and 
think second be long-since exhausted.  So as long as you don't start 
saying incorrect or technically-invalid things, your audience sticks 
around.  See closing comments, below.



I think some people are waiting for “the other shoe to drop”.  For us to take 
the pfSense project in a direction similar to what happened with Vyatta.
Yeah... it's a possibility.  OTOH, I'll point out that UBNT essentially 
forked Vyatta (and renamed it "EdgeOS", IIRC) when Brocade started to 
close it all up.  Not that UBNT is a paragon of openness, either, but 
that's the benefit of the appropriate license - everyone can feel free 
to copy (or fork!) pfSense from any of the multitude of places it lives 
online right now, and feel free to burn it to archival WORM media Just 
In Case Something Bad Happens To The Project.


As Jim pointed out, however, when you resurrect it (and somehow replace 
all the infrastructure and developers in one fell swoop, *ahem*), you 
can't call your new project pfSense.  You can have an FAQ entry 
explaining how it used to be pfSense, you can even leave the GIT, or 
SVN, or even SCCS repository up as-is with the pfSense name throughout 
it, but as soon as you create a derivative work: new project.



... pfSense is going closed source,
Technically, this could happen, but realistically, someone will probably 
fork it.  And that project will likely die out or remove itself from 
public participation, as these things tend to do.
For that matter, remember that pfSense is (sort of) a fork of m0n0wall 
from a decade ago in the first place.  For different reasons, but 
nonetheless.



  and Jim Thompson is actually a blood thirsty, extra-terrestrial, 
shapeshifting reptile.

Well, that explains a few things!  


Finally, I think there is still a segment of the community who views me with 
distrust because I put a license agreement and contributor agreement in front 
of access to the source code for the pfSense project.   We didn’t articulate 
the reasons for doing this very well, and the execution when we did it wasn’t … 
optimal.
I wasn't affected by that, and - AFAIK - neither were most of the people 
who whine and cadge about a commercial entity being involved.


I don't recall what the license used to be, but clearly the current one 
is a custom license that doesn't even attempt to follow the UCB/BSD 
license.  As long as ESF covered all their legal bases properly, they 
can do whatever the f*** they want with the license. I can see how old 
contributors might not like the new CLA, though. And I don't know of any 
project that has ever pivoted on a license change this way ... optimally.



Ugh…  were you around for the 2.1.5 release with the “Gold” menu 
front-and-center (and the resultant shitstorm)?
Long before that, yes, but I think I managed to skip the affected 
versions by accident, so I forgot all about it / never saw it myself.  
Since I've already renewed my gold subscription once by now, clearly I 
wasn't one of the shit-flingers in the shitstorm.  I like getting paid 
for my work, too!



(Or wonder in silence what it must be like to work in the same place as Jim 
Thompson.)
Can't be any worse than my last corporate job.  In fact, would probably 
be *much* better...  I don't have to like you to respect you or work 
with/for you.


--
-Adam Thompson
 athom...@athompso.net

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Adrian Wenzel]

- Original Message -
> From: "Jim Thompson" 
> 
> > On Oct 23, 2014, at 4:42 PM, Adam Thompson 
> > wrote:
> > 
> > On 14-10-23 04:29 PM, Chris L wrote:
> >> I’m not asking what the changes are - I’m asking if these boxes
> >> require a special version of pfSense for maximum performance.
> > I can't answer that with 100% certainty, but I believe the
> > packaging is tweaked slightly.  Whether you call that a "special
> > version" or not is up to you...  AFAIK the kernel is the same, and
> > the pfSense layered code is the same.  Netgate may add *more*
> > stuff on top of that, I'm not sure - I don't even own one right
> > now.
> 
> The kernel is the same.  All the patches are in the tree, and all the
> code except for what is described next is also in the tree.
> 
> We currently add the ‘tuning’ (or other other platforms such as the
> APU, the bits necessary to be able to successfully load and reboot
> the system), and,
> as of version 2.1.5, the Amazon VPC wizard is in the “Netgate” build,
> which is loaded on everything sold via both store.pfsense.com and
> store.negate.com.
> We can do this because we’re the trademark holder (technically we’re
> licensed by the holder, but the point is minutia.)

We all know the "$100 to fix your car, $10 for the hammer, $90 for knowing 
where to tap" joke.  Our time as experts in a discipline is of great value.  
That's time we didn't spend with our kids, or with our spouse, or pet, or doing 
something we love besides technical tinkering.  Part of the wonders of the 
"open source" world is that experts share the results of their time with 
everyone, because it feels great to share.

Sometimes those projects become something more than a basement fantasy, and 
there just isn't enough free time for the not-so-independently-wealthy to 
squeeze into the opening their hobby made in the market and succeed.  This is 
where you end up sticking your feet in two pools... the open and the corporate. 
 The thing about the corporate is that it can't succeed without some 
protection.  I have nothing but respect for the direction pfSense is going.

> 
> That’s it.
> 
> >> If it’s just sysctl values then it’s not possible to keep it
> >> secret.  sysctl -a, sysctl -a, diff
> > Granted... my point stands, it's not the secrecy, it's the time
> > taken to match the values to the hardware.  No two systems
> > (models) are identical.
> 
> It’s sysctl values.   It’s not “secret” if you dig it out, and no
> steps were taken to prevent same.  If you buy the tools and have the
> knowledge, you ‘tune’ the ECU in a car or truck
> for more power and/or better milage, too.   Some enterprising
> individuals sell pre-tuned computers, or a new ‘chip’ with the
> changes made to the various lookup tables (MAP .vs RPM,
> TPS, etc.) though the factory tends to look askance at these in the
> same way that we look askance at individuals who come to us with “I
> bought my own Supermicro, and didn’t pay your markup, give me your
> bits.”

I think we all have the opportunity to show off pfSense on their hardware, our 
hardware, and everyone wins.  It's all about choosing the best tool for the 
job, and your customer / uncle / friend is going to pat you on the back, not 
Netgate/ESF et al.  The advantage of getting the support and financial backing 
of the corporate side might require you to mind your wording, but I challenge 
anyone to take a product to market without any protections and succeed... I'd 
love to be proven wrong, because that would mean ushering in a new era in 
commerce.


> 
> >> If it’s a custom kernel, etc, then I have to take waiting for
> >> netgate to issue patches into consideration.  Now and in the
> >> future.
> > Perhaps you've forgotten that Netgate/ESF is the pfSense project
> > *sponsor* and that all/most (?) of the core developers work for
> > Netgate/ESF?
> 
> There are package developers outside Netgate/ESF, but everyone at the
> core works for Netgate (technically Rubicon Communications) or ESF.
>   We’re likely to consolidate this
> in the coming weeks, too.
> 
> In many ways you can think of Netgate as the “home of pfSense”.
> 
> > I don't think you'll be waiting very long.  I wouldn't be at all
> > surprised if the Netgate build gets updated first, in fact.
> 
> Point in fact, the “Netgate build" typically occurs after the, (for
> lack of a better term) “community build” occurs.
> 
> > And I do *not* mean that they deliberately wait before releasing
> > patches for the generic pfSense build, I just mean that I would
> > expect the Netgate update to be available +/- 15 minutes compared
> > to the generic pfSense update.
> 
> We try to release in parallel.   There is a testing phase of both
> that proceeds in parallel, *after* the build is done.
> 
> > I get that Jim rubs a lot of people the wrong way (myself
> > included),
> 
> Darn, you’d think that sharing a last name would count for
> something...

Sticking out your neck exposes it to the (figurative) hatchet.  I 

Re: [pfSense] pfsense h/w

[Jim Thompson]

> On Oct 23, 2014, at 4:42 PM, Adam Thompson  wrote:
> 
> On 14-10-23 04:29 PM, Chris L wrote:
>> I’m not asking what the changes are - I’m asking if these boxes require a 
>> special version of pfSense for maximum performance.
> I can't answer that with 100% certainty, but I believe the packaging is 
> tweaked slightly.  Whether you call that a "special version" or not is up to 
> you...  AFAIK the kernel is the same, and the pfSense layered code is the 
> same.  Netgate may add *more* stuff on top of that, I'm not sure - I don't 
> even own one right now.

The kernel is the same.  All the patches are in the tree, and all the code 
except for what is described next is also in the tree.

We currently add the ‘tuning’ (or other other platforms such as the APU, the 
bits necessary to be able to successfully load and reboot the system), and,
as of version 2.1.5, the Amazon VPC wizard is in the “Netgate” build, which is 
loaded on everything sold via both store.pfsense.com and store.negate.com.
We can do this because we’re the trademark holder (technically we’re licensed 
by the holder, but the point is minutia.)

That’s it.

>> If it’s just sysctl values then it’s not possible to keep it secret.  sysctl 
>> -a, sysctl -a, diff
> Granted... my point stands, it's not the secrecy, it's the time taken to 
> match the values to the hardware.  No two systems (models) are identical.

It’s sysctl values.   It’s not “secret” if you dig it out, and no steps were 
taken to prevent same.  If you buy the tools and have the knowledge, you ‘tune’ 
the ECU in a car or truck
for more power and/or better milage, too.   Some enterprising individuals sell 
pre-tuned computers, or a new ‘chip’ with the changes made to the various 
lookup tables (MAP .vs RPM,
TPS, etc.) though the factory tends to look askance at these in the same way 
that we look askance at individuals who come to us with “I bought my own 
Supermicro, and didn’t pay your markup, give me your bits.”

>> If it’s a custom kernel, etc, then I have to take waiting for netgate to 
>> issue patches into consideration.  Now and in the future.
> Perhaps you've forgotten that Netgate/ESF is the pfSense project *sponsor* 
> and that all/most (?) of the core developers work for Netgate/ESF?

There are package developers outside Netgate/ESF, but everyone at the core 
works for Netgate (technically Rubicon Communications) or ESF.   We’re likely 
to consolidate this
in the coming weeks, too.

In many ways you can think of Netgate as the “home of pfSense”.

> I don't think you'll be waiting very long.  I wouldn't be at all surprised if 
> the Netgate build gets updated first, in fact.

Point in fact, the “Netgate build" typically occurs after the, (for lack of a 
better term) “community build” occurs.

> And I do *not* mean that they deliberately wait before releasing patches for 
> the generic pfSense build, I just mean that I would expect the Netgate update 
> to be available +/- 15 minutes compared to the generic pfSense update.

We try to release in parallel.   There is a testing phase of both that proceeds 
in parallel, *after* the build is done.

> I get that Jim rubs a lot of people the wrong way (myself included),

Darn, you’d think that sharing a last name would count for something...

> but I don't understand the vitriol and/or suspicion directed at Netgate, 
> which, after all, is who's paying to keep pfSense free.

I think some people are waiting for “the other shoe to drop”.  For us to take 
the pfSense project in a direction similar to what happened with Vyatta. This 
is not happening, but everyone seems to love chatting up conspiracy theories.   
Fluoride in the water and chemtrails overhead are evidence of government 
mind-control experiments, Paul Mccartney died in 1966, 9/11 was a “false flag” 
operation, pfSense is going closed source, and Jim Thompson is actually a blood 
thirsty, extra-terrestrial, shapeshifting reptile.  (Paging Alex Jones to the 
white, courtesy router.  Alex Jones to the white courtesy router, please.)

I also think that some people are upset that the trademark is enforced, and 
they can no longer build their own version of “pfSense” (software), or sell 
hardware branded with “pfSense”.

Finally, I think there is still a segment of the community who views me with 
distrust because I put a license agreement and contributor agreement in front 
of access to the source code for the pfSense project.   We didn’t articulate 
the reasons for doing this very well, and the execution when we did it wasn’t … 
optimal.   But the source code is still open.  All the contributor agreement 
does is cover the ‘rules’ in play if you send us a contribution to the source 
code (a “patch” or “pull request”), and all the license agreement really does 
is put the rules in-play that cover a fork.  (attribution, can’t call it 
“pfSense”, can’t relicense, etc.)

Nobody lost anything, but I will always and forevermore be the ahole for taking 
the steps.  I’ve lear

Re: [pfSense] pfsense h/w

[Adam Thompson]

On 14-10-23 04:29 PM, Chris L wrote:

I’m not asking what the changes are - I’m asking if these boxes require a 
special version of pfSense for maximum performance.
I can't answer that with 100% certainty, but I believe the packaging is 
tweaked slightly.  Whether you call that a "special version" or not is 
up to you...  AFAIK the kernel is the same, and the pfSense layered code 
is the same.  Netgate may add *more* stuff on top of that, I'm not sure 
- I don't even own one right now.



If it’s just sysctl values then it’s not possible to keep it secret.  sysctl 
-a, sysctl -a, diff
Granted... my point stands, it's not the secrecy, it's the time taken to 
match the values to the hardware.  No two systems (models) are identical.



If it’s a custom kernel, etc, then I have to take waiting for netgate to issue 
patches into consideration.  Now and in the future.
Perhaps you've forgotten that Netgate/ESF is the pfSense project 
*sponsor* and that all/most (?) of the core developers work for 
Netgate/ESF?  I don't think you'll be waiting very long.  I wouldn't be 
at all surprised if the Netgate build gets updated first, in fact.  And 
I do *not* mean that they deliberately wait before releasing patches for 
the generic pfSense build, I just mean that I would expect the Netgate 
update to be available +/- 15 minutes compared to the generic pfSense 
update.



I get that Jim rubs a lot of people the wrong way (myself included), but 
I don't understand the vitriol and/or suspicion directed at Netgate, 
which, after all, is who's paying to keep pfSense free.


Jim: maybe the Netgate/ESF branding needs to get splashed all over 
pfSense, to drive home the point?  It may be unclear to newbies what the 
relationship between Netgate, ESF, and pfSense is.  Even I'm a little 
bit vague on the finer points.


--
-Adam Thompson
 athom...@athompso.net

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Chris L]

On Oct 23, 2014, at 1:13 PM, Adam Thompson  wrote:

> On 14-10-23 03:06 PM, Chris L wrote:
>>> We don't release the tuning info, and, incredibly, a couple people a month 
>>> write in demanding it.
>> Does this mean there’s a special, hardware-specific version of pfSense (or a 
>> package or ?) or is the tuning in the hardware itself?
> 
> AFAIK it's the same software (plus or minus some logo and CSS changes? not 
> 100% sure...), but with different sysctl values precisely (in theory) matched 
> to the hardware it's running on.  I would imagine they also ensure all the 
> BIOS settings are set appropriately, IRQs are distributed appropriately, etc.
> 
> If you spent a few weeks testing the crap out of your own system, you'd be 
> able to figure out the precise values that maximized throughput for your 
> hardware, too.
> Note that the precise values that work for any particular piece of hardware 
> are unlikely to be precisely ideal for any other particular piece of 
> hardware... so even copying exactly what Netgate provides on *their* system 
> onto yours doesn't guarantee optimal performance.
> 
> Besides, given what Jim just said, do you really think he's going to answer 
> your question? ;-)
> The value-add is technically in the labour, but the "secret sauce" is knowing 
> precisely where to direct that labour to maximize the value to his paying 
> customers.
> The rest of us get enough value from the software as it is.
> 

I’m not asking what the changes are - I’m asking if these boxes require a 
special version of pfSense for maximum performance.

I am considering some C2758s and I’m curious.  I have another APU4 on its way 
to me as we speak.

If it’s just sysctl values then it’s not possible to keep it secret.  sysctl 
-a, sysctl -a, diff

If it’s a custom kernel, etc, then I have to take waiting for netgate to issue 
patches into consideration.  Now and in the future.


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Adam Thompson]

On 14-10-23 03:06 PM, Chris L wrote:

We don't release the tuning info, and, incredibly, a couple people a month 
write in demanding it.

Does this mean there’s a special, hardware-specific version of pfSense (or a 
package or ?) or is the tuning in the hardware itself?


AFAIK it's the same software (plus or minus some logo and CSS changes? 
not 100% sure...), but with different sysctl values precisely (in 
theory) matched to the hardware it's running on.  I would imagine they 
also ensure all the BIOS settings are set appropriately, IRQs are 
distributed appropriately, etc.


If you spent a few weeks testing the crap out of your own system, you'd 
be able to figure out the precise values that maximized throughput for 
your hardware, too.
Note that the precise values that work for any particular piece of 
hardware are unlikely to be precisely ideal for any other particular 
piece of hardware... so even copying exactly what Netgate provides on 
*their* system onto yours doesn't guarantee optimal performance.


Besides, given what Jim just said, do you really think he's going to 
answer your question? ;-)
The value-add is technically in the labour, but the "secret sauce" is 
knowing precisely where to direct that labour to maximize the value to 
his paying customers.

The rest of us get enough value from the software as it is.

--
-Adam Thompson
 athom...@athompso.net

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Chris L]

On Oct 23, 2014, at 9:06 AM, Jim Thompson  wrote:

> We don't release the tuning info, and, incredibly, a couple people a month 
> write in demanding it.

Does this mean there’s a special, hardware-specific version of pfSense (or a 
package or ?) or is the tuning in the hardware itself?
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Jim Thompson]

Adam,

(Three people rushed to my office, saying, “Here we go again!”)

There is a metaphor I like to use to explain the situation, it is roughly this:

Can you buy a bottle of Coca-Cola, and then sell or give it to someone 
else?
Yes you can.  Without getting too deep into the legalities, you have 
certain rights in the first sale.

Can you buy a bottle of Coca-Cola, open it, change the contents 
(anything here from adding salt,
or distilled water, to adding battery acid), recap the bottle and offer 
someone the result as “a bottle of Coke”?

No you can not, and nearly everyone understands ‘Why not”.

Similarity:  Can you distribute the pfSense software that you received from us, 
*as you received it from us*?   Yes you can.
Can you put the pfSense software you received from us, and, without altering 
it, put it on the hardware platform of your choosing, and sell the result?
Yes, but here trademark comes into play.   You can sell the result as, e.g.  
“My firewall with pfSense software.”   You can’t sell it as a “pfSense 
firewall”.

The first (“with pfSense software”) states a fact.  The second uses the mark 
without a license.

We ask that people using the mark in a fact adhere to several ‘rules’ in order 
to help us preserve the mark.

First, that the mark is only ever used with genuine pfSense software.
Any change to the software means that the “genuine” requirement is 
violated.

Second, that “pfSense” should always be used as an adjective, never as a noun.  
 
Example of allowed use as adjective:  “… with pfSense software” 
Examples of disallowed use as noun:  “… with pfSense”, “powered by 
pfSense”.

Third, we ask that in any country where the pfSense mark is registered, that 
the “circle R” mark be appended to the first use in any view (web page, 
marketing collateral, etc.)
“my firewall with pfSense® software”

A *current* list of countries where the mark is registered follows: United 
States of America, its territories and possessions, Australia, Brazil, Canada, 
China, (every country in the) European Community, India, Israel, Japan, Mexico, 
New Zealand, Norway, Philippines, Singapore, South Korea, Switzerland, Turkey, 
Ukraine, and Vietnam

Others are pending, but not yet issued.

Fourth, we ask that attribution occur at the bottom of the ‘page’ in any use of 
the registered mark.  Our suggested language is:
"pfSense® is a registered trademark of Electrical Sheep Fencing LLC.”

My purpose in all of the above is to engage the community in helping preserve 
the trademarks.  (The registration in IC9 protects the use of the mark on 
hardware, software and similar.  The registration in IC42 protects the use of 
the mark when used with services including support.   Looking at the above, 
“pfSense support” isn’t allowed (other than for ESF and its licensees), but 
“support for pfSense® software” is.)

To address your point, "But, at least here, I'm quite sure I can install 
pfSense on some random hardware and still call it pfSense.”

True, but you can’t call the solution “pfSense”, see above.  

I’m with you in the opinion that fully-supported high-throughput (or even 
“high-value”) solutions are best for the market.

Jim

> On Oct 23, 2014, at 11:39 AM, Adam Thompson  wrote:
> 
> One nit: yes, I can sell something called "pfSense", as that's the 
> freely-downloadable software under a (IIRC) BSD license.
> I can't sell something called "NetGate".
> I can't produce a derivative work and call it pfSense. (This is a gray area, 
> admittedly.)
> But, at least here, I'm quite sure I can install pfSense on some random 
> hardware and still call it pfSense.
> 
> Having said that, if there's a high-throughput hardware option that's fully 
> supported and tested and optimized, I don't know why I would *sell* anything 
> else.
> I'll continue to install pfSense in VMs and on existing repurposed hardware, 
> but that's an entirely different market segment anyway, and all I'm selling 
> is my time.
> 
> -Adam
> 
> On October 23, 2014 11:06:42 AM CDT, Jim Thompson  wrote:
> 
> 
>  On Oct 23, 2014, at 5:18 AM, Zia Nayamuth  wrote:
>  
>  Lots of suggestions on the hardware, but I see nobody mention anything based 
> around the new and much more powerful Avoton platform. The platform is 
> officially supported, and the pfSense store has hardware based on it (looks 
> to be the Supermicro 5018A-FTN4,
> 
> It is. The FW-7551 runs a two core version of the same SoC. 
> 
> The SoC in both is based on Rangeley, which is like Avoton, but more 
> Ethernets and a crypto core named "QuickAssist". 
> 
> We have a line of similar hardware coming out early next year.   You can see 
> the beginnings of same on the Netgate site.  Don't stress about the dev board 
> pricing, it's far higher than production boards / systems will be. 
> 
> This will be the hardware that
> pfSense is tested on, and released for.  Other platforms will continue to 
> wor

Re: [pfSense] pfsense h/w

[Adam Thompson]

One nit: yes, I can sell something called "pfSense", as that's the 
freely-downloadable software under a (IIRC) BSD license.
I can't sell something called "NetGate".
I can't produce a derivative work and call it pfSense.  (This is a gray area, 
admittedly.)
But, at least here, I'm quite sure I can install pfSense on some random 
hardware and still call it pfSense.

Having said that, if there's a high-throughput hardware option that's fully 
supported and tested and optimized, I don't know why I would *sell* anything 
else.
I'll continue to install pfSense in VMs and on existing repurposed hardware, 
but that's an entirely different market segment anyway, and all I'm selling is 
my time.

-Adam

On October 23, 2014 11:06:42 AM CDT, Jim Thompson  wrote:
>
>
>> On Oct 23, 2014, at 5:18 AM, Zia Nayamuth 
>wrote:
>> 
>> Lots of suggestions on the hardware, but I see nobody mention
>anything based around the new and much more powerful Avoton platform.
>The platform is officially supported, and the pfSense store has
>hardware based on it (looks to be the Supermicro 5018A-FTN4,
>
>It is. The FW-7551 runs a two core version of the same SoC. 
>
>The SoC in both is based on Rangeley, which is like Avoton, but more
>Ethernets and a crypto core named "QuickAssist". 
>
>We have a line of similar hardware coming out early next year.   You
>can see the beginnings of same on the Netgate site.  Don't stress about
>the dev board pricing, it's far higher than production boards / systems
>will be. 
>
>This will be the hardware that pfSense is tested on, and released for. 
>Other platforms will continue to work, but if you want to run the
>solution that the pfSense team uses, develops for, and tests on, look
>in the store. 
>
>Before someone accuses (because this always comes up), we don't cripple
>other solutions (witness the AES-NI acceleration available to all in
>pfSense version 2.2), but we do polish things we sell.  When we decided
>to sell the C2758 (5018A-FTN4), we made sure all the Ethernets worked
>(this was released in 2.1.1) and did some tuning such that the platform
>worked well using pfSense 2.1.x.
>
>We don't release the tuning info, and, incredibly, a couple people a
>month write in demanding it.
>
>Anyway, the point is, the community is still free to run pfSense
>software on a given platform, but, as was always true, YMMV with
>platforms we don't support. 
>
>Someone asked in the blog if we would be enabling the crypto part on
>the Watchguard he had purchased on eBay. 
>
>The answer is no.  Not only because the hardware is slower than a
>software-only solution on a modern cpu, but also because SafeNet (the
>company that made that part) no longer supports them, nor is the
>technical documentation available.
>
>And then there is the main reason:  We don't have infinite time and
>other resources.
>
>Also, while the end user can change things to enable or even optimize a
>given platform choice, load additional packages, etc., nobody can
>distribute the result and call it "pfSense".  Simple trademark law
>demands same. 
>
>Anyway, the point is, things we don't sell aren't on developers desks,
>and are not in the test rack, and thus, not exercised by the test
>harness. 
>
>Jim
>
>___
>List mailing list
>List@lists.pfsense.org
>https://lists.pfsense.org/mailman/listinfo/list

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Jim Thompson]

> On Oct 23, 2014, at 5:18 AM, Zia Nayamuth  wrote:
> 
> Lots of suggestions on the hardware, but I see nobody mention anything based 
> around the new and much more powerful Avoton platform. The platform is 
> officially supported, and the pfSense store has hardware based on it (looks 
> to be the Supermicro 5018A-FTN4,

It is. The FW-7551 runs a two core version of the same SoC. 

The SoC in both is based on Rangeley, which is like Avoton, but more Ethernets 
and a crypto core named "QuickAssist". 

We have a line of similar hardware coming out early next year.   You can see 
the beginnings of same on the Netgate site.  Don't stress about the dev board 
pricing, it's far higher than production boards / systems will be. 

This will be the hardware that pfSense is tested on, and released for.  Other 
platforms will continue to work, but if you want to run the solution that the 
pfSense team uses, develops for, and tests on, look in the store. 

Before someone accuses (because this always comes up), we don't cripple other 
solutions (witness the AES-NI acceleration available to all in pfSense version 
2.2), but we do polish things we sell.  When we decided to sell the C2758 
(5018A-FTN4), we made sure all the Ethernets worked (this was released in 
2.1.1) and did some tuning such that the platform worked well using pfSense 
2.1.x.

We don't release the tuning info, and, incredibly, a couple people a month 
write in demanding it.

Anyway, the point is, the community is still free to run pfSense software on a 
given platform, but, as was always true, YMMV with platforms we don't support. 

Someone asked in the blog if we would be enabling the crypto part on the 
Watchguard he had purchased on eBay. 

The answer is no.  Not only because the hardware is slower than a software-only 
solution on a modern cpu, but also because SafeNet (the company that made that 
part) no longer supports them, nor is the technical documentation available.

And then there is the main reason:  We don't have infinite time and other 
resources.

Also, while the end user can change things to enable or even optimize a given 
platform choice, load additional packages, etc., nobody can distribute the 
result and call it "pfSense".  Simple trademark law demands same. 

Anyway, the point is, things we don't sell aren't on developers desks, and are 
not in the test rack, and thus, not exercised by the test harness. 

Jim

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Nick Upson]

my aim in using the CF card was to see if there was any functionality I
need missing

I run a mixed environment but I don't have a unix machine with a CF drive

Nick Upson, Telensa Ltd, Senior Operations Network Engineer
direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200

On 23 October 2014 11:13, Chris Bagnall  wrote:

> > I thought there was a very large restriction in packages using CF
> compared to HDD, is that not the case (I'm coming from 1.2.3 so this might
> have changed)
>
> That may well be true - I must confess I’m of the school of thought that a
> firewall/router should do firewalling and routing, and not a lot else, so
> my experience with packages is at best limited :-)
>
> > I did try a CF card, that started to boot but immediatley hung
>
>
> I’ve had that on occasion - nearly always down to an incorrectly (or
> incomplete) written CF card. I don’t know what OS environment you’re used
> to using day-to-day, but in my experience I could never persuade the
> windows physdiskwrite utility to work reliably on Win7. If you’re not using
> a *nix machine to write your CF card, I’d strongly suggest doing so if you
> can.
>
> Kind regards,
>
> Chris
> --
> C.M. Bagnall
> This email is made from 100% recycled electrons
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Zia Nayamuth]

Lots of suggestions on the hardware, but I see nobody mention anything 
based around the new and much more powerful Avoton platform. The 
platform is officially supported, and the pfSense store has hardware 
based on it (looks to be the Supermicro 5018A-FTN4,


The Supermicro 5018A-FTN4 server 
(http://www.supermicro.com/products/system/1U/5018/SYS-5018A-FTN4.cfm) 
is a mostly prebuilt box with 4 gigabit ports. It sells for 504.99 USD 
on amazon 
(http://www.amazon.com/Supermicro-Rackmount-Barebone-Components-SYS-5018A-FTN4/dp/B00G3ED7D4/) 
and ships to Australia, so I assume it ships to the UK as well. It only 
has 4 ports by default, but you can add an Intel i350-T4 NIC (I got one 
for ~150 USD a while ago off ebay myself) to add another 4 gigabit ports.


All up that should still be under 1000 USD which is very competitive 
considering the C2758 is a much more powerful CPU than anything posted 
so far excluding that one Xeon box from osnet.


Personally, I'd also run pfSense virtualized and pass the ports through 
the use of virtual sitches, solely to make the entire thing nice and 
portable across machines (the Avoton is very nice for that, since it has 
the virtualization extensions to run decently fast).


--
Zia Nayamuth

On 23/10/14 20:32, Chris Bagnall wrote:

I'm trying to use a http://www.mini-itx.com/store/~FX5624 which I think is the 
same box as your first link, if you can install onto here easily and frequently 
then it must be me doing something wrong, aaagh

Certainly looks like the same unit. Are you trying to install onto a CF card 
(those units have a CF slot) or are you trying to do a full install onto an SSD 
or HDD?

Most of ours are done using the embedded install using a CF card, as follows:
  - download 32-bit embedded image *with* VGA console
  - use dd on a Linux or Mac system to write it to a suitable CF card 
(instructions on pfSense wiki)
  - insert CF card and boot box
  - configure interfaces from command line in the usual manner

In the several dozen we’ve deployed, I don’t think any of them have been more 
complicated than that. Of the two failures we’ve had in several years, both 
have been down to a dodgy CF card, not the unit itself.

Hope that helps.

Kind regards,

Chris


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Chris Bagnall]

> I thought there was a very large restriction in packages using CF compared to 
> HDD, is that not the case (I'm coming from 1.2.3 so this might have changed)

That may well be true - I must confess I’m of the school of thought that a 
firewall/router should do firewalling and routing, and not a lot else, so my 
experience with packages is at best limited :-)

> I did try a CF card, that started to boot but immediatley hung


I’ve had that on occasion - nearly always down to an incorrectly (or 
incomplete) written CF card. I don’t know what OS environment you’re used to 
using day-to-day, but in my experience I could never persuade the windows 
physdiskwrite utility to work reliably on Win7. If you’re not using a *nix 
machine to write your CF card, I’d strongly suggest doing so if you can.

Kind regards,

Chris
-- 
C.M. Bagnall
This email is made from 100% recycled electrons

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Nick Upson]

I'm trying to do a full install onto HDD, but I never get that far, I have
been unable to get the box to boot pfsense from stick or cd so that I can
install onto the HDD

I did try a CF card, that started to boot but immediatley hung

I thought there was a very large restriction in packages using CF compared
to HDD, is that not the case (I'm coming from 1.2.3 so this might have
changed)

Nick Upson, Telensa Ltd, Senior Operations Network Engineer
direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200

On 23 October 2014 10:32, Chris Bagnall  wrote:

> > I'm trying to use a http://www.mini-itx.com/store/~FX5624 which I think
> is the same box as your first link, if you can install onto here easily and
> frequently then it must be me doing something wrong, aaagh
>
> Certainly looks like the same unit. Are you trying to install onto a CF
> card (those units have a CF slot) or are you trying to do a full install
> onto an SSD or HDD?
>
> Most of ours are done using the embedded install using a CF card, as
> follows:
>  - download 32-bit embedded image *with* VGA console
>  - use dd on a Linux or Mac system to write it to a suitable CF card
> (instructions on pfSense wiki)
>  - insert CF card and boot box
>  - configure interfaces from command line in the usual manner
>
> In the several dozen we’ve deployed, I don’t think any of them have been
> more complicated than that. Of the two failures we’ve had in several years,
> both have been down to a dodgy CF card, not the unit itself.
>
> Hope that helps.
>
> Kind regards,
>
> Chris
> --
> C.M. Bagnall
> This email is made from 100% recycled electrons
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Chris Bagnall]

> I'm trying to use a http://www.mini-itx.com/store/~FX5624 which I think is 
> the same box as your first link, if you can install onto here easily and 
> frequently then it must be me doing something wrong, aaagh

Certainly looks like the same unit. Are you trying to install onto a CF card 
(those units have a CF slot) or are you trying to do a full install onto an SSD 
or HDD?

Most of ours are done using the embedded install using a CF card, as follows:
 - download 32-bit embedded image *with* VGA console
 - use dd on a Linux or Mac system to write it to a suitable CF card 
(instructions on pfSense wiki)
 - insert CF card and boot box
 - configure interfaces from command line in the usual manner

In the several dozen we’ve deployed, I don’t think any of them have been more 
complicated than that. Of the two failures we’ve had in several years, both 
have been down to a dodgy CF card, not the unit itself.

Hope that helps.

Kind regards,

Chris
-- 
C.M. Bagnall
This email is made from 100% recycled electrons

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Nick Upson]

Hi Chris

I'm trying to use a http://www.mini-itx.com/store/~FX5624 which I think is
the same box as your first link, if you can install onto here easily and
frequently then it must be me doing something wrong, aaagh

Nick Upson, Telensa Ltd, Senior Operations Network Engineer
direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200

On 23 October 2014 10:17, Chris Bagnall  wrote:

> > I'm suffering in my efforts to install 2.1.5 onto my box, so can I
> change the box?
> > A proven hardware platform, available in the UK with at least 6 physical
> network ports, I can probably justify buying.
> > Suggestions anyone?
>
> We’ve used these:
>
> http://linitx.com/product/fx5624-intel-celeronm-600mhz-6-nic-firewallrouter-platform-2xgigalan-4x10100/12508
>
> and these:
>
> http://linitx.com/product/fx5625-intel-atom-18ghz-8-nic-firewallrouter-platform-8-intel-gigalan/13468
>
> Pretty frequently with pfSense and not had any problems.
>
> Kind regards,
>
> Chris
> --
> C.M. Bagnall
> This email is made from 100% recycled electrons
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Chris Bagnall]

> I'm suffering in my efforts to install 2.1.5 onto my box, so can I change the 
> box?
> A proven hardware platform, available in the UK with at least 6 physical 
> network ports, I can probably justify buying. 
> Suggestions anyone?

We’ve used these:
http://linitx.com/product/fx5624-intel-celeronm-600mhz-6-nic-firewallrouter-platform-2xgigalan-4x10100/12508

and these:
http://linitx.com/product/fx5625-intel-atom-18ghz-8-nic-firewallrouter-platform-8-intel-gigalan/13468

Pretty frequently with pfSense and not had any problems.

Kind regards,

Chris
-- 
C.M. Bagnall
This email is made from 100% recycled electrons

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Jim Thompson]

> On Oct 22, 2014, at 12:10 PM, Chris Buechler  wrote:
> 
> On Wed, Oct 22, 2014 at 11:29 AM, Jim Thompson  wrote:
>> Seems up now.  I’ve let Gregory know that there may have been an issue.
>> 
>> http://www.osnet.eu/en/products/FWA
>> 
> 
> Pretty sure Jim got auto-corrected originally, it's osnet.eu as linked
> there, not onset from the original.

http://www.damnyouautocorrect.com   (warning:  NSFW)



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[gregory.bern...@osnet.eu]

No issue - site was up all day. 

http://www.osnet.eu ≠ http://www.onset.eu 


;-) 

> Le 22 oct. 2014 à 19:10, Chris Buechler  a écrit :
> 
> On Wed, Oct 22, 2014 at 11:29 AM, Jim Thompson  wrote:
>> Seems up now.  I’ve let Gregory know that there may have been an issue.
>> 
>> http://www.osnet.eu/en/products/FWA
>> 
> 
> Pretty sure Jim got auto-corrected originally, it's osnet.eu as linked
> there, not onset from the original.


«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§

Grégory Bernard Directeur
www.osnet.eutel : +33 1 82 52 24 52

«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§

PGP ID --> 0x1BA3C2FD

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Chris Buechler]

On Wed, Oct 22, 2014 at 11:29 AM, Jim Thompson  wrote:
> Seems up now.  I’ve let Gregory know that there may have been an issue.
>
> http://www.osnet.eu/en/products/FWA
>

Pretty sure Jim got auto-corrected originally, it's osnet.eu as linked
there, not onset from the original.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Jim Thompson]

Seems up now.  I’ve let Gregory know that there may have been an issue.

http://www.osnet.eu/en/products/FWA 

> On Oct 22, 2014, at 10:07 AM, Nick Upson  wrote:
> 
> thanks for the suggestion but
> 
> 
> The web page at http://onset.eu/  might be temporarily down 
> or it may have moved permanently to a new web address.
> Error code: ERR_NAME_RESOLUTION_FAILED
> 
> 
> Nick Upson, Telensa Ltd, Senior Operations Network Engineer
> direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200
> 
> On 22 October 2014 16:06, Jim Thompson  > wrote:
> Talk to onset.eu . 
> 
> -- Jim
> 
> On Oct 22, 2014, at 9:32 AM, Nick Upson  > wrote:
> 
>> 
>> I'm suffering in my efforts to install 2.1.5 onto my box, so can I change 
>> the box?
>> 
>> A proven hardware platform, available in the UK with at least 6 physical 
>> network ports, I can probably justify buying. 
>> 
>> Suggestions anyone?
>> 
>> 
>> 
>> Nick Upson, Telensa Ltd, Senior Operations Network Engineer
>> direct +44 (0) 1799 533252 , support 
>> hotline +44 (0) 1799 399200 
>> ___
>> List mailing list
>> List@lists.pfsense.org 
>> https://lists.pfsense.org/mailman/listinfo/list 
>> 
> ___
> List mailing list
> List@lists.pfsense.org 
> https://lists.pfsense.org/mailman/listinfo/list 
> 
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Nick Upson]

I'm asking for suggestions that fit those criteria, except for the
pfsense-proven my present box fits it

Nick Upson, Telensa Ltd, Senior Operations Network Engineer
direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200

On 22 October 2014 16:50, compdoc  wrote:

> > A proven hardware platform, available in the UK with at least 6
> physical network ports, I can probably justify buying
>
>
>
> Not much info. Got an url for that?
>
>
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[compdoc]

> A proven hardware platform, available in the UK with at least 6 physical 
> network ports, I can probably justify buying

 

Not much info. Got an url for that? 

 

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Nick Upson]

thanks for the suggestion but


The web page at *http://onset.eu/ * might be temporarily
down or it may have moved permanently to a new web address.
Error code: ERR_NAME_RESOLUTION_FAILED


Nick Upson, Telensa Ltd, Senior Operations Network Engineer
direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200

On 22 October 2014 16:06, Jim Thompson  wrote:

> Talk to onset.eu.
>
> -- Jim
>
> On Oct 22, 2014, at 9:32 AM, Nick Upson  wrote:
>
>
> I'm suffering in my efforts to install 2.1.5 onto my box, so can I change
> the box?
>
> A proven hardware platform, available in the UK with at least 6 physical
> network ports, I can probably justify buying.
>
> Suggestions anyone?
>
>
>
> Nick Upson, Telensa Ltd, Senior Operations Network Engineer
> direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

[Jim Thompson]

Talk to onset.eu. 

-- Jim

> On Oct 22, 2014, at 9:32 AM, Nick Upson  wrote:
> 
> 
> I'm suffering in my efforts to install 2.1.5 onto my box, so can I change the 
> box?
> 
> A proven hardware platform, available in the UK with at least 6 physical 
> network ports, I can probably justify buying. 
> 
> Suggestions anyone?
> 
> 
> 
> Nick Upson, Telensa Ltd, Senior Operations Network Engineer
> direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] pfsense h/w

[Nick Upson]

I'm suffering in my efforts to install 2.1.5 onto my box, so can I change
the box?

A proven hardware platform, available in the UK with at least 6 physical
network ports, I can probably justify buying.

Suggestions anyone?



Nick Upson, Telensa Ltd, Senior Operations Network Engineer
direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list