Re: [pfSense Support] Happy Birthday Chris
Happy Birthday, Chris! Bao -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
Re: [pfSense Support] Kingston SSD filesystem corruption
On Tue, Aug 9, 2011 at 9:33 AM, Tim Dickson wrote: > > About a year ago, I switched to running the full pfSense 2.0 (beta > something at the time) on a Kingston SS100S2/8G embedded SSD. > > I installed the 30G version in 12 systems, all of which failed within 6 > months. I moved to Intel 320s and/or WD Greens (depending on budget of the > site) so we'll see how they hold up. > I also had the 64G version running Untangle systems which failed as well... > in short I would not recommend the Kingston SSDs at all... it's been a major > pain having to swap them all out of live systems. > SSD is just flash memory. You will need to mount the filesystem with sync and noatime. -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
[pfSense Support] Can't connect to cvs.bsdinstaller.org
Hello, We are trying to build the pfSense 2.0. However, the process hangs around the following message: >>> Fetching BSDInstaller using CVSUP... It seems that cvs.bsdinstaller.org keeps timeout. The work-around is to patch the builder_common.sh to use GIT instead of CVSUP. Is there a change in building the bsdinstaller? Thanks. Bao -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Hi Seth, On Mon, Mar 7, 2011 at 12:05 AM, Seth Mos wrote: > Op 6-3-2011 23:26, Bao Ha schreef: > > Hi Bart, >> >> Thanks for the note. >> >> According to the forum, it should not be a problem. :-( >> > > It is not. I have had three systems with corrupted flash memory: two with the Kingston 4GB Elite Pro, one with a 4GB flash drive. > > > When we first got the reports of corrupted CFs, we just overnighted new >> ones. Then, those died shortly, within a week or two. We replaced a >> complete system: systemboard, memory and CF. >> > > Why are you shipping cheap CF cards without wear levelling? > We used to offer a choice of CF or DOM.The DOM has industrial-strength wear-leveling. It was also better since in the early days, our systemboards choked on DMA with faster CF cards. Nobody wants DOM! I did not rule out that Kingston's quality may have dropped significantly. If that is the case, I'll switch to a different brand name. I have run a full install on a Lexar 1GB CF for over 4 years before the CF > card died. > > I've also run into the "CF without wear levelling" issue. Get a proper CF > card. > We have been shipping more than a thousand systems with Kingston CF since 2006 with no corrupted flash memory. What ever killed the two Kingston Elite pro 4GB CFs within two weeks will also kill a DOM or industrial CF, maybe not in weeks or months, but probably within a year. Bao > Regards, > Seth > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Hi Bart, Thanks for the note. According to the forum, it should not be a problem. :-( Unfortunately, mounting RW without NOATIME will pounce on the compact flash everytime a READ is made. It will kill the CF sooner or later. When we first got the reports of corrupted CFs, we just overnighted new ones. Then, those died shortly, within a week or two. We replaced a complete system: systemboard, memory and CF. I am loosing my hair and sleeps, thinking one of our most reliable systems being shipped since 2006 is having compatibility issues with pfSense 2.0. I am hoping that this is the real cause. And I can stop a flood of support issues. Bao On Sun, Mar 6, 2011 at 2:12 PM, Bart Grefte wrote: > Someone already made a bugreport http://redmine.pfsense.org/issues/1279 > ;) > > > > > ---------- > > *Van:* Bao Ha [mailto:b...@hacom.net] > *Verzonden:* zondag 6 maart 2011 23:06 > *Aan:* customersupp...@pfsense.org > *CC:* support@pfsense.com > *Onderwerp:* [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem > > > > Something happened in BETA5 and it was carried into RC1, up to today > snapshot: 20110306-0859. > > The file system in nanobsd version is now mounted fully RW, see the > following "mount" command: > > ... > > [2.0-RC1][admin@pfHacom.localdomain]/root(1): mount > > /dev/ufs/pfsense0 on / (ufs, local) > > > devfs on /dev (devfs, local) > > > /dev/md0 on /tmp (ufs, local) > > > /dev/md1 on /var (ufs, local) > > > /dev/ufs/cf on /cf (ufs, local) > > > devfs on /var/dhcpd/dev (devfs, local) > > ... > > > > I believe they are supposed to be mounted read-only or at least RW with > NOATIME. > > > > We have had at least two systems running pfSense 2.0 BETA5 and RC1 RMAed > back with suspected hardware problems, causing corruption of compact flash > memory. We think the "root" cause of this problem is due to the filesystems > mounted fully RW in the compact flash. > > > > We plan to distribute the following temporary fix to our custmers who want > to run pfSense 2.0: > > ... > > [2.0-RC1][admin@pfHacom.localdomain]/root(1): cat > /usr/local/etc/rc.d/hacom.sh > > #!/bin/sh > > > > > > # hacom.sh - BCH 3/6/2011 > > > # Temprorary fix to mount the filesystem Read-Only to avoid destroying > flash memory > > > > > PLATFORM=`/bin/cat /etc/platform` > > > > > > if [ "$PLATFORM" = "nanobsd" ]; then > > > /sbin/mount -u -oro /; /sbin/mount -u -onoatime /cf > > > fi > > > ... > > > > Appreciate if someone look into this problem. > > > > I have also CCed this message to support@pfsense.com to notify others > currently using pfSense 2.0 RC1 nanobsd version of the danger to flash > memory. > > > > Thanks. > > Bao > > -- > Best Regards. > Bao C. Ha > Hacom - Embedded Systems and Appliances > http://www.hacom.net > voice: (714) 564-9932 > -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
[pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Something happened in BETA5 and it was carried into RC1, up to today snapshot: 20110306-0859. The file system in nanobsd version is now mounted fully RW, see the following "mount" command: ... [2.0-RC1][admin@pfHacom.localdomain]/root(1): mount /dev/ufs/pfsense0 on / (ufs, local) devfs on /dev (devfs, local) /dev/md0 on /tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/cf on /cf (ufs, local) devfs on /var/dhcpd/dev (devfs, local) ... I believe they are supposed to be mounted read-only or at least RW with NOATIME. We have had at least two systems running pfSense 2.0 BETA5 and RC1 RMAed back with suspected hardware problems, causing corruption of compact flash memory. We think the "root" cause of this problem is due to the filesystems mounted fully RW in the compact flash. We plan to distribute the following temporary fix to our custmers who want to run pfSense 2.0: ... [2.0-RC1][admin@pfHacom.localdomain]/root(1): cat /usr/local/etc/rc.d/hacom.sh #!/bin/sh # hacom.sh - BCH 3/6/2011 # Temprorary fix to mount the filesystem Read-Only to avoid destroying flash memory PLATFORM=`/bin/cat /etc/platform` if [ "$PLATFORM" = "nanobsd" ]; then /sbin/mount -u -oro /; /sbin/mount -u -onoatime /cf fi ... Appreciate if someone look into this problem. I have also CCed this message to support@pfsense.com to notify others currently using pfSense 2.0 RC1 nanobsd version of the danger to flash memory. Thanks. Bao -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On Fri, Dec 17, 2010 at 7:52 AM, mehma sarja wrote: > On a test system running on an Atom D323(?) - removed the cover and > unplugged the psu fan. Good so far. The IR gun shows a psu temp of around > 97 deg F and stable. There are two small case fans - one of them has a plug > on the MB that is now unplugged. The other fan wires should be snipped > eventually. And to make matters interesting, the video chip has a fan on the > heatsink. Now get this, with the fan disabled and nothing pluged into the > vga port, he temp shoots up within seconds from 84 deg F to 127 deg F. So, > that fan got re-enabled. It's most likely that the Atom system is using the 945GC chipset, of which the TDP is 22W. I believe the hostest Atom is the D525, of which the TDP is about 14W and less than the 945GC Northbridge. Find those that use the newer NM10, used to be called Tiger Point. Its TDP is about 2W. Then, you can run fanless with the right heatsink and case combination. -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Embedded hardware recommendation - Fan-less and many NIC ports
On Thu, Dec 16, 2010 at 7:19 PM, Bruce B wrote: ... > P.S. If this an Atom board/Intel CPU, how come there are 6 NIC ports on > them? Have you guys pried open one of these? It depends on the chipset. An ICH9M has 6 x PCIe ( x1) plus a Gigabit controller. So you can have 6 x Gigabit Ethernet plus a PCIe x1 (or mini-pcie). -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Fwd: Pfsense questions.
Hi Chris, We have the following technical issues from Neil Cassarchis. They bought two (2) of our 1u server loaded with pfSense 1.2.3 and trying to establish OpenVPN connections between them. Could you address their problems? Should I log in to the portal first and create a support ticket? Neil's phone number is 416.409.7472. Thanks for all the helps. Bao -- Forwarded message -- From: Neil Cassarchis Date: Tue, Aug 17, 2010 at 7:54 AM Subject: Pfsense questions. To: b...@hacom.net Bao, Here is a list of outstanding issues and questions. 1. We have openvpn site to site tunnels. I have added the tunx interfaces and disabled the auto gen vpn rules. When we add the filter rules for the openvpn connection but they do not work. I can capture traffic on the tunx interface so I know I am working with the correct interface. The version is: 1.2.3-RELEASE built on Mon Jan 4 10:07:56 PST 2010 I am wandering if we are hitting a bug or such. 2. In our carp set up openvpn configuration are not synced over like ipsec. Is this normal? 3. If we can't filter on the openvpn, how can we route multiple subnets via a single ipsec tunnel? or what is the work around? Can we create a tunnel with 0.0.0.0 networks to a site and use rules and routing to control access? Thanks for your help. Soon as we are confortable with the stability for the CARP setup, I will be ordering some more of the 1U's for our downtown location. You can reach me at 416.409.7472 if you need to. Thanks again. Neil Cassarchis Casitron Limited www.casitron.com Phone: 905.713.6614 Fax: 905.713.9891 -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 564-9932 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] multi-wan, multi-lan security
Just want to throw another data point into this confusing discussion. The low-end Cisco ASA 5505 requires VLAN configuration since it is just a switch. The Cisco ASA 5510 has four Ethernet ports. If you need more, just use VLAN. Perhaps, Cisco is expecting a firewalled network to use managed switches. Is it best practice? Why is there a resistance to VLAN in the pfSense community? I had somebody asked about at least ten port pfSense router with ability adding more as needed. He wants to provide Internet to a building but wants each tenant to be on a separate network. I asked why doesn't he just use a managed switch and trunk everybody to the router? I sold a Cisco Catalyst 3500XL with 48 Fast Ethernet ports for $35 a couple of months ago on eBay. I don't think cost is the issue. Bao On Thu, Aug 5, 2010 at 10:08 AM, Adam Thompson wrote: > Comments from another perspective on the must/should question: > > Best practice says to physically segregate networks by trust level and by > impact of error or breach. > > Somewhat self-evidently, this is to mitigate the impact of a) errors, and > b) security breaches. Of the two, errors (i.e. human errors) are by far > the more common problem. > > If you have a separate NIC for each network coming in to your firewall, > the cables are well-identified, the ports are well-identified, and the > other endpoint of those cables is also well-identified, it's much harder > to accidentally expose high-trust traffic to a low-trust network. > Specifically, it's far likelier that someone will notice that the cable > they're holding has an "AT&T" tag on it but the port they're about to plug > it into has a "PacBell" label over it. > > When you use a switch and VLANs to segregate traffic, you have to worry > about things like: in a pathological power situation (lightning strike, > UPS blows up, whatever) if the switch is suddenly reset to factory > defaults - and I've seen this happen - what will happen? Every port gets > reset to VLAN 1 with no filtering, and all your traffic is suddenly being > propagated to every network segment. > > Maybe you're thinking "big deal", but now consider the fairly-typical WAN > situation where you're running routing protocols across WAN links, say > RIPv2 without authentication (because you trust all the networks involved, > right? It's a point-to-point link, right?). Your network topology > suddenly collapses and takes [fixing or unplugging]+2hrs to reconverge. > > Or the situation I once found: two smallish WAN providers both (stupidly) > left STP turned on at the edge... when they were suddenly bridged together > (by accident, I made a typo when setting up the VLANs) I managed to take > down most of both providers' networks, and typical of STP both were down > for +5 minutes. Obviously I > wasn't happy, and when we all figured out what had happened they weren't > very happy with me, either. > > As to security breaches, it is extremely difficult to a) know about the > switch, b) target the switch, and c) hack the switch, but it's > *infinitely* harder to hack a piece of Cat5 cable than a switch! > > Having said all that, many of the firewall modules/blades you can buy for > chassis-based routers and switches (Cisco 3600 ISR, Catalyst 1, > Juniper [something], etc.) require you to configure their ports entirely > using VLANs anyway. > > So it's hardly a universal "must", certainly not in the technical sense - > it's a very, very strong "should" that you should only disregard if a) > you're overconfident of your own abilities, b) you have no truly private > data, c) you don't care too much about pissing off your WAN providers (or > you know they won't even notice!), and d) you don't have enough space to > mount one or two more switches in the server closet. > > Note also that you might be tempted to use 802.1q-over-802.3ad > (VLAN-over-LAG), which does work... but also generally speaking turns off > a lot of the hardware acceleration your NIC can do for you. Many NICs > (certainly any half-decent one!) can still do IP offload with 802.1q (VLAN > tagging), but I haven't run into any that can still do IP offload with > 802.3ad (link aggregation, aka "bonding", or "etherchannel"). Bundling > links together (LAG) actually slowed my router down instead of speeding it > up. > > Another aspect is that if you're going to run your router in a blade > chassis, say, (virtualized or not) you really won't have much choice but > to use VLANs for everything - most blade chassis don't give you dedicated > physical Ethernet ports, certainly not more than two on any I've seen. > Most of 'em have an embedded NIC (or two, or four...) that plug straight > into a backplane and are only exposed via a switch module. > > (I am also noticing that pfSense 1.2.3 does not have good performance (for > me, at least) forwarding traffic between "virtual switches" on a VMWare > ESXi 4 host connected to the switch through a 4x V-in-LAG trunk. I > haven't had time t
Re: [pfSense Support] 1.2.3-release rebooting
Hi Charles, Can you set up a syslog server? It will allow better capturing of the error messages. Another option is just to replace the cpu fan. It costs around $5 in Southern California. FreeBSD does not like VIA's implementation of ACPI. So, we cannot really get any useful information about the system healths. The readings in the BIOS can be suspected. They are just measuring the voltage levels, not really the fan speeds. It depends on the quality of the cpu fan. Some fans degrade rapidly over time, they might require more voltage to maintain its performance. You may see the 5500rpm redaing because the systemboard still feeds 5V to a fan, while it may actually be lower. Bao On Thu, Apr 15, 2010 at 12:23 PM, Charles Goldsmith wrote: > Unfortunately it's not under warranty anymore. I'll continue to monitor it. > > It was a cheap system, a bit cheaper than a Soekris or the like, > that's why I went with it. > > Thanks > > On Thu, Apr 15, 2010 at 2:17 PM, Bao Ha wrote: >> Hi Charles, >> >> Padlock does not have an issue that we know of! We have sold hundreds >> of VIA C7 systems with Padlock running pfSense. If it was a problem, >> we would have asked Chris B. to fix it. >> >> You can always compile your own kernel without including the Padlock >> module. Unless you are using Padlock, like running IPSec VPN, I doubt >> that it would interfere. >> >> I still suspect it is a hardware problem. Is it still under warranty? >> Can you RMA it back? A hardware vendor would be in a better position >> to monitor and to detect something like this. >> >> Bao >> >> On Thu, Apr 15, 2010 at 11:39 AM, Charles Goldsmith >> wrote: >>> # dmesg | grep Padlock >>> VIA Padlock Features=0x3fcc >>> >>> It is not fanless, that is the only moving part I have in the box, and >>> I have the bios enabled to monitor the fan. It was running at about >>> 5500 rpm last night when I checked it. >>> >>> Since Padlock has known issues, is there anything that can be done? >>> >>> Thanks >>> Charles >>> >>> On Thu, Apr 15, 2010 at 11:55 AM, Bao Ha wrote: >>>> To check for Padlock, just look at the FreeBSD boot up messages. >>>> >>>> #dmesg | grep "Padlock" >>>> >>>> Are you running the 1.5Ghz VIA C7 fanless? If it takes sometimes to >>>> crash, it could be a heat problem. I would check the CPU fan and >>>> ventilation of the enclosure. >>>> >>>> On Thu, Apr 15, 2010 at 9:49 AM, Charles Goldsmith >>>> wrote: >>>>> Just an update on this issue, my firewall was up for 48 hours before I >>>>> rebooted it to check for padlock, it doesn't seem that it is an option >>>>> in my bios. It was rebooting about every 36 hours, but that seems to >>>>> be inconsistent. >>>>> >>>>> I'm still just waiting for it to crash/reboot again to further >>>>> diagnose the problem. >>>>> >>>>> Thanks for all of the help >>>>> Charles >>>>> >>>>> On Tue, Apr 13, 2010 at 11:50 PM, duncan hall wrote: >>>>>> Morgan Reed wrote: >>>>>>> >>>>>>> On Wed, Apr 14, 2010 at 14:47, Charles Goldsmith >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> What's padlock? >>>>>>>> >>>>>>> >>>>>>> On die crypto coprocessor >>>>>>> >>>>>>> - >>>>>>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>>>>>> For additional commands, e-mail: support-h...@pfsense.com >>>>>>> >>>>>>> Commercial support available - https://portal.pfsense.org >>>>>>> >>>>>>> >>>>>> >>>>>> http://www.via.com.tw/en/initiatives/padlock/hardware.jsp >>>>>> >>>>>> - >>>>>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>>>>> For additional commands, e-mail: support-h...@pfsense.com >>>>>> >>>>>> Commercial support available - https://portal.pfsense.org >>>>>> >>>>>> >>>>> >>>>> -
Re: [pfSense Support] 1.2.3-release rebooting
Hi Charles, Padlock does not have an issue that we know of! We have sold hundreds of VIA C7 systems with Padlock running pfSense. If it was a problem, we would have asked Chris B. to fix it. You can always compile your own kernel without including the Padlock module. Unless you are using Padlock, like running IPSec VPN, I doubt that it would interfere. I still suspect it is a hardware problem. Is it still under warranty? Can you RMA it back? A hardware vendor would be in a better position to monitor and to detect something like this. Bao On Thu, Apr 15, 2010 at 11:39 AM, Charles Goldsmith wrote: > # dmesg | grep Padlock > VIA Padlock Features=0x3fcc > > It is not fanless, that is the only moving part I have in the box, and > I have the bios enabled to monitor the fan. It was running at about > 5500 rpm last night when I checked it. > > Since Padlock has known issues, is there anything that can be done? > > Thanks > Charles > > On Thu, Apr 15, 2010 at 11:55 AM, Bao Ha wrote: >> To check for Padlock, just look at the FreeBSD boot up messages. >> >> #dmesg | grep "Padlock" >> >> Are you running the 1.5Ghz VIA C7 fanless? If it takes sometimes to >> crash, it could be a heat problem. I would check the CPU fan and >> ventilation of the enclosure. >> >> On Thu, Apr 15, 2010 at 9:49 AM, Charles Goldsmith >> wrote: >>> Just an update on this issue, my firewall was up for 48 hours before I >>> rebooted it to check for padlock, it doesn't seem that it is an option >>> in my bios. It was rebooting about every 36 hours, but that seems to >>> be inconsistent. >>> >>> I'm still just waiting for it to crash/reboot again to further >>> diagnose the problem. >>> >>> Thanks for all of the help >>> Charles >>> >>> On Tue, Apr 13, 2010 at 11:50 PM, duncan hall wrote: >>>> Morgan Reed wrote: >>>>> >>>>> On Wed, Apr 14, 2010 at 14:47, Charles Goldsmith >>>>> wrote: >>>>> >>>>>> >>>>>> What's padlock? >>>>>> >>>>> >>>>> On die crypto coprocessor >>>>> >>>>> - >>>>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>>>> For additional commands, e-mail: support-h...@pfsense.com >>>>> >>>>> Commercial support available - https://portal.pfsense.org >>>>> >>>>> >>>> >>>> http://www.via.com.tw/en/initiatives/padlock/hardware.jsp >>>> >>>> - >>>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>>> For additional commands, e-mail: support-h...@pfsense.com >>>> >>>> Commercial support available - https://portal.pfsense.org >>>> >>>> >>> >>> - >>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>> For additional commands, e-mail: support-h...@pfsense.com >>> >>> Commercial support available - https://portal.pfsense.org >>> >>> >> >> >> >> -- >> Best Regards. >> Bao C. Ha >> Hacom OpenBrick Distributor USA http://www.hacom.net >> voice: (714) 564-9932 >> 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38 >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 564-9932 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-release rebooting
To check for Padlock, just look at the FreeBSD boot up messages. #dmesg | grep "Padlock" Are you running the 1.5Ghz VIA C7 fanless? If it takes sometimes to crash, it could be a heat problem. I would check the CPU fan and ventilation of the enclosure. On Thu, Apr 15, 2010 at 9:49 AM, Charles Goldsmith wrote: > Just an update on this issue, my firewall was up for 48 hours before I > rebooted it to check for padlock, it doesn't seem that it is an option > in my bios. It was rebooting about every 36 hours, but that seems to > be inconsistent. > > I'm still just waiting for it to crash/reboot again to further > diagnose the problem. > > Thanks for all of the help > Charles > > On Tue, Apr 13, 2010 at 11:50 PM, duncan hall wrote: >> Morgan Reed wrote: >>> >>> On Wed, Apr 14, 2010 at 14:47, Charles Goldsmith >>> wrote: >>> What's padlock? >>> >>> On die crypto coprocessor >>> >>> - >>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>> For additional commands, e-mail: support-h...@pfsense.com >>> >>> Commercial support available - https://portal.pfsense.org >>> >>> >> >> http://www.via.com.tw/en/initiatives/padlock/hardware.jsp >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 564-9932 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] which image?
On Tue, Jan 5, 2010 at 9:15 AM, David Newman wrote: > On 1/5/10 9:11 AM, Bao Ha wrote: > > > > On Tue, Jan 5, 2010 at 8:59 AM, Scott Ullrich > <mailto:sullr...@gmail.com>> wrote: > > > > On Tue, Jan 5, 2010 at 11:02 AM, David Newman > > mailto:dnew...@networktest.com>> wrote: > > > Greetings. I'd welcome recommendations for which pfSense image to > > > install on this system, which currently runs OpenBSD: > > > > > > Nexcom 1563 > > > VIA 667-MHz CPU > > > 512 Mbytes RAM > > > 512-Mbyte disk-on-chip (not CF) storage > > > 3 x 100Base-T Ethernet > > > > > > OpenBSD sees the DOC storage as a regular IDE drive. > > > > > > For pfSense, I *think* I want the 512-Mbyte embedded image, but am > > > unsure about what changes, if any, the installation requires. (The > > docs > > > for installing/upgrading the embedded images seem oriented toward > CF > > > cards and I don't know if installing to them differs from disks.) > > > > It depends on if you have VGA or not. If you have VGA you will want > > the Full Installation ISO. If not then you will want the NanoBSD > > image. > > > > > > > > We have the NanoBSD images that support both VGA and serial console on > > our website. > > http://www.hacom.net/catalog/pub/pfsense/ > > > > His problem is the 512MB size of DOC. I don't think there is any > > embedded images built for that small size in current version 1.2.3. > > > > It may not be a bad idea to install the full version of pfSense on DOC. > > Unlike CF, I believe DOC has built-in wear leveling. It would not be a > > problem to use it as a "regular" hard disk. > > Thanks, Bao. There is a 512-Mbyte build of embedded 1.2.3. > > However, I'm unsure what alterations (if any) are needed to install this > on a disk-on-chip system. > > Like Scott was saying, the embedded version is built for serial console system. If you have serial redirection in your bios and don't care about the VGA, it is probably fine to use it. In the past, for our systems, we built the CF images from the full-version of pfSense. I still think installing the full-version on the DOC is a good idea. Just don't choose any swap spaces. It should fit comfortably within 512MB of disk space. The 1GB nanobsd version has two equal 512MB partitions: each with its own pfSense. So, 512MB should be plenty in the near future. -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 564-9932 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38
Re: [pfSense Support] which image?
On Tue, Jan 5, 2010 at 8:59 AM, Scott Ullrich wrote: > On Tue, Jan 5, 2010 at 11:02 AM, David Newman > wrote: > > Greetings. I'd welcome recommendations for which pfSense image to > > install on this system, which currently runs OpenBSD: > > > > Nexcom 1563 > > VIA 667-MHz CPU > > 512 Mbytes RAM > > 512-Mbyte disk-on-chip (not CF) storage > > 3 x 100Base-T Ethernet > > > > OpenBSD sees the DOC storage as a regular IDE drive. > > > > For pfSense, I *think* I want the 512-Mbyte embedded image, but am > > unsure about what changes, if any, the installation requires. (The docs > > for installing/upgrading the embedded images seem oriented toward CF > > cards and I don't know if installing to them differs from disks.) > > It depends on if you have VGA or not. If you have VGA you will want > the Full Installation ISO. If not then you will want the NanoBSD > image. > We have the NanoBSD images that support both VGA and serial console on our website. http://www.hacom.net/catalog/pub/pfsense/ His problem is the 512MB size of DOC. I don't think there is any embedded images built for that small size in current version 1.2.3. It may not be a bad idea to install the full version of pfSense on DOC. Unlike CF, I believe DOC has built-in wear leveling. It would not be a problem to use it as a "regular" hard disk. -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 564-9932 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38
