Re: [pfSense] SG-1000 and VPN

Meant to include this: https://github.com/freebsd/freebsd/commits/master?author=loos-br On Thursday, January 26, 2017, Jim Thompson wrote: > > Adam, > > Given the 21Mbps figure I quoted, 100x (2.1Gbps) would be an unrealistic > expectation. > > Based on the discussion here:

Re: [pfSense] SG-1000 and VPN

Adam, Given the 21Mbps figure I quoted, 100x (2.1Gbps) would be an unrealistic expectation. Based on the discussion here: https://groups.google.com/forum/m/#!msg/beagleboard/ZFrCs9ZHCP4/aCNFejgXpxYJ perhaps 3-4x at 1500 (1420) byte frame sizes, and (as a guess), closer to 3, given the PPs rates

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

It does not. The c2758 SoC is interesting. 8 cores, and the on-die i354 is essentially a block with 4 i350s on it. These have 8 queues for each of rx and tx, so 16 each, for a total of 64 queues. On the c2xxx series (and other) boxes we ship, we increase certain tunables, because we know what

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

It should autotune by default based on memory iirc. On Wed, Jan 25, 2017, 23:27 Peder Rovelstad wrote: > FWiW - My nano (4 NICs, 1GB, Community), PuTTY says: > > kern.ipc.nmbufs: 131925 > kern.ipc.nmbclusters: 20612 > > but nothing explicitly set on the tunables page,

Re: [pfSense] SG-1000 and VPN

Jim, Asking you to speculate here... Assuming someone *is* working on drivers for the chip's crypto capabilities, when that finally happens, do you have any notion of how much faster IPsec will get? Are we talking 2x or 100x? -Adam On January 25, 2017 7:45:49 PM CST, Jim Thompson

Re: [pfSense] SG-1000 and VPN

Steve, It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because there is no driver for the crypto core (yet). OpenVPN is slightly slower (19 Mbps). It's always strange to see your name on the list. The president of ADI shares your name, so I tend to pay a lot more attention

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

FWiW - My nano (4 NICs, 1GB, Community), PuTTY says: kern.ipc.nmbufs: 131925 kern.ipc.nmbclusters: 20612 but nothing explicitly set on the tunables page, just whatever's built in. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Karl Fife Sent:

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

This is a good theory, because RRD data from 2.2.6 suggests that the difference in utilization between the versions is slight, and that we had 'barely' exhausted our system default allocation. Is there a difference between nano and full with respect to the installer explicitly setting

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On 01/25/2017 01:10 PM, Karl Fife wrote: > The piece that's still missing for me is that there must have been some > change in default system setting for FreeBSD, or some other change > between versions, because the system booted fine with pfSense v 2.2.6 Aside from what has already been

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

This is valuable input. Thank you to you and Peter. We had to add the tunables rows where they did not exist before. Perhaps if this had been a brand new virgin installation, the installer would have made suitable tunables estimates, based on the hardware, and inserted them into a new

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

That's very interesting. This datapoint sort of suggests that the opposite would have happened. e.g. "woulda worked" in 2.3.2, "wouldnta worked" in 2.2.6 It may also be relevant that we're running NanoBSD on this board. We are planning to stay with Nano until the ZFS-based file system

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

Karl fife. Take a look at a config backup. I assume you at some point set them manually? On Wed, Jan 25, 2017, 21:42 Peder Rovelstad wrote: > There were changes in the defaults from FreeBSD 9 to 10. > > https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning > > Could

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

There were changes in the defaults from FreeBSD 9 to 10. https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning Could that be it? Old config overwriting new defaults? -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Karl Fife Sent: Wednesday, January

[pfSense] SNMP & Carp

Hi, I'm aware of this link [ https://forum.pfsense.org/index.php?topic=45973.0 ] that says that carp interfaces can be monitored like any other interface, however it seems like perhaps that's changed in more recent versions. When I snmp walk the interfaces in a 2.3.2p1 installation, I only

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Wed, Jan 25, 2017 at 1:10 PM, Karl Fife wrote: > pfsense 2.2.6 was running without issue on our Supermicro A1SRi-2758F > rangeley board (Intel Atom C2758) > Are you sure you didn't hard-code them before in the system tunables section under 2.2? On my C2758 system (exact

Re: [pfSense] PFsense 2.3.2-P1 dies

This server has been running for years under 2.2 with no issues. As soon as I upgraded to 2.3.2-P1 it dies when the logs reach 500k The first thing to stop is the OpenVPN service, once that dies the web console dies. The console is fine and there are no messages. You can gain shell access and

[pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

pfsense 2.2.6 was running without issue on our Supermicro A1SRi-2758F rangeley board (Intel Atom C2758) When we upgraded to 2.3.2, the new system failed to boot due to having insufficient RAM allocated to network memory buffers. We had to interrupt the boot process increase the value of

Re: [pfSense] PFsense 2.3.2-P1 dies

On Jan 25, 2017 8:21 AM, "Steve Yates" wrote: That's interesting, we had a drive that kept dropping out and we couldn't figure out why as all tests passed. We replaced the drive and then found the "Hard disk standby time" setting was set. Turned that off and it's been fine.

Re: [pfSense] PFsense 2.3.2-P1 dies

That's interesting, we had a drive that kept dropping out and we couldn't figure out why as all tests passed. We replaced the drive and then found the "Hard disk standby time" setting was set. Turned that off and it's been fine. That setting has been my suspicion... At the time the console

Re: [pfSense] SG-1000 and VPN

That's what I'm trying to ask, if the SG-1000 would work for that. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao Sent: Tuesday, January 24, 2017 11:41 PM To: pfSense Support and Discussion Mailing List

Re: [pfSense] PFsense 2.3.2-P1 dies

On Wed, Jan 25, 2017 at 4:09 AM, Roy Hocknull wrote: > Hi, > > Its a rackmount PC with 59G of free space. Its been fine up until the > update to 2.3.2-p1 > > Xeon dual core with 2Gb RAM. > > Thanks, > > Roy Hocknull > r...@royandjoanne.co.uk > > > On 25 January 2017 at

Re: [pfSense] PFsense 2.3.2-P1 dies

Hi, Its a rackmount PC with 59G of free space. Its been fine up until the update to 2.3.2-p1 Xeon dual core with 2Gb RAM. Thanks, Roy Hocknull r...@royandjoanne.co.uk On 25 January 2017 at 05:33, WebDawg wrote: > On Fri, Jan 13, 2017 at 7:06 AM, Roy Hocknull