You can today start testing with PFSense 2.4 snapshots located here ==> PFSense 2.4

Here originally ran PFSense on a too big of a SATA drive then went to a 32Gb SSD.

I did also run it in embedded mode which works fine if you do not utilize a bunch of plugins with logging enabled.

Yesterday here had a wierd glitch. All of my internal static IP configured devices quit working and only the DHCP and configured DHCP devices worked. Never saw anything like this. (it affected both Linux and Windows boxes).

After goofing around with settings (an hour or so) reset the box and started from scratch (nice learning experience). I do have a hot spare backup box which is running on an Atom D525 which does work OK if needed.

From what I am reading, the entire config is stored in an exportable xml file, which could be used as a restore point on top of a fresh install as needed.

From recollection the backup file has always been an XML file. I have used it to restore configuration using the GUI and the command line. The BSD command line is a bit different than the Linux command line. Only though have played with PHP testing for the NTP server stuff. This involved installing patches to fix some of the NTP-PPS issues.

I do not know what happened with my stuff yesterday and didn't want to restore the backup I had. Easy to configure though....started with the hardware stuff like the NTP server and the UPS and failover WAN. Might look at the XML file for my non block lists as right now PFBlocker is blocking too much and I had made a list of sites I didn't want blocked. (well that and decided to enable IP6 stuff). The PFBlocker updates are easy. Don't forget to register with Snort for your oink codes.

It is much easier these days then a few years ago.

BTW James very nice QOTOM micro pc router!

Networking...

In preparation for the forthcoming firewall appliance, I decided to replace my hodge podge of switches to Unify. Went with AP as well.

In our office, I have the cable modem (Charter @ 60mbps) connected to a Netgear router/AP/switch.

In turn the Netgear is connected to a Unify 8x60w POE switch. Connected to this switch are our HS3 and photo processing computers, NAS, Z-Net and an Ethernet connection to the wall plate. I decided on POE because I can setup and diagnose cameras inside in a comfortable environment.

The wall plate is connected to a home run, builder installed, Legrand can. It has cable, phone and Ethernet in it. In this can I put a 16x150w Unify POE+ switch. This Closet switch supplies connectivity to the originally installed Ethernet wall plates as well as recently installed runs to the garage - OpenSprinkler, 3 cameras and a downlink to the third Unify switch, an 8x150w POE+ switch. These two switches are POE+ because they power a few of the newer ptz IR cameras that require more wattage.

This 3rd switch is for additional installed cameras and future expansion.

Now you may be asking yourselves why am I describing our setup? Well, all went well until I connected the in-wall down link from the office switch to the closet switch. No beuno.

As I sat there scratching my head (remember that it was previously working), I decided to recrimp the closet switch end and punch down to a new keystone jack. It turns out that the green and orange pairs weren't connected properly. But, I previously had 100mbps using older unmanaged switches.

The point of all of this is that what I thought was 100mbps was really only in the 20-30mbps range - and this run goes to the office internet cable modem, the most important run!

Now that I have true 1000mbps FDX, I can't believe the speeds between devices! Dish Tv for example is an in wall run to the closet, then to the office and to the router where it is wirelessly connected to Joeys.

The suggestion to learn about and install the Unify AP and related equipment also increased our wireless throughput on both bands. Nearly 40mbps on 2.4 and a full 60+ on the 5 Ghz band.

This is not an advertisement for Unify equipment but I have to say that I am extremely pleased with the outcome. A network that I knew needed improvements but didn't really know where to start looking.

I thought I would share my trials and tribulations in the hopes that it may help someone else.

On my iPad:

Thank you Michael!!

Very quick wireless!!!!

Found two more nITX based 4 port firewall appliance motherboards yesterday.

1 - based on the Intel-Atom-x5-E3930
2 - based on the dual and quad core Denverton chipset.

#1 and #2 are already being manufactured.

and was shown an article on Serve the Home website. (personally featured my 8 drive NAS build on the forum a few years back). It was all about the small footprint 8 drive NAS case back then and featuring FreeNAS at the time.

QuickAssist Driver for FreeBSD is Here and pfSense Support Coming

By Rohit Kumar -
July 15, 2017

This week we have something that STH readers will be excited about. Before I started writing for STH, I was a reader and had been longing for QuickAssist support ever since STH’s first Rangeley article over three and a half years ago. It was clear from the get-go that Rangeley was going to be the preeminent firewall appliance platform of its day. The scope of products that were impacted by the Intel Atom C2000 series bug showed us it was indeed. For my personal firewalls, I use pfSense on that Rangeley platform so I have been waiting to use QuickAssist with my hardware for almost an entire product generation.

New Hardware and QuickAssist Incoming to pfSense (Finally)

pfSense (and a few other firewalls) are based on FreeBSD. FreeBSD tends to lag driver support behind mainstream Linux but it is popular for embedded security appliances. While STH is the only site to have done QuickAssist benchmarks for OpenSSL and IPSec VPNs pre-Skylake, we expect more platforms to use it now that the new Intel Xeon Scalable Processor Family is out. With the Xeon Scalable platforms, the “Lewisburg” PCH has QuickAssist options of up to 100Gbps, or 2.5x faster than the previous generation add-in cards we tested (40Gbps.) We now have more and better hardware for QAT, but we were still devoid of a viable FreeBSD QAT driver from Intel. That has changed.

Our Intel Xeon Scalable Processor Family (Skylake-SP) Launch Coverage Central has been the focus of the STH team’s attention this week. There was another important update from Intel that got buried, a publicly available Intel QuickAssist driver for FreeBSD. You can find the driver on 01.org here dated July 12, 2017.

Drivers are great, but we still need support to be enabled in the OS and at the application layer. Patrick forwarded me this tweet from Jim Thompson (lead at Netgate the company behind pfSense):

The Netgate team has been a key company pushing QuickAssist appliances in the market, usually based on Linux. To see that QAT is coming to FreeBSD and that they were working to integrate into “pfSense soon” is more than welcome.

For STH readers, get ready. It appears to be actually and finally happening. QuickAssist on FreeBSD and pfSense

* This is leading to the all in one mini box personal cloud or SOHO cloud server of the future.

Pete
Was messing around with an ISO of PFsense I downloaded from their site.
Is the intent that their is simply no GUI or do I need to download something different perhaps..?
Not that hardcore in my old age -

The text based console display is not for management of pfSense. You point your browser to the LAN IP of pfSense to administrate it.

Very good. As always - thanks for the quick reply!

On your monitor if you have one connected to PFSense you will see a command line GUI.

Your basic settings are there. All of the management stuff is in the GUI. By default remote SSH is off. You can configure this via the GUI such that you can remote SSH to the terminal console.

Default terminal console

[ATTACH]62539[/ATTACH]

Default Web GUI

[ATTACH]62540[/ATTACH]

Configuration in GUI for remote SSH (or local serial console)

[ATTACH]62541[/ATTACH]

In prep for my new Qotom box (arriving Monday) I decided it was time to up the Wifi. I bought a Ubiquiti UAC-AC-PRO which I set up today. Not installed in its final location, but very impressed with it so far. I installed the controller software on an Ubuntu vm on my Synology NAS. Loving my NAS more and more as I add multiple low(ish) duty services all on a single box.

Good news cherryfool!

Tell us about how PFSense runs for you.

Just noticed here on the forum the mention of 2 new Motorola modems that will help with the speeds.

Here purchased the Motorola SB6141 a few years back. Average internet speeds on the SB6141 are at around 95 Mbs. I was getting an SB6190 and reading now about the SB8000. Always used my CC connection for only the Internet. Television here is still DTV (years). Never changed anything and never purchased any packages here. I am curious what folks are doing on the forum relating to the internet connectivity. I have mine mounted inside of my Leviton 42" panel which I have made only for telephone / networking these days. Thinking these are all the same size modems. These are all on Ebay new or used for less than what I see on Amazon these days. I see now that more bonding channels the better. Really too it's not like I need the speed as there are only two of us here and I have no problems with any devices. Uverse is also available here and using cable instead of the old copper. (no redundancy to my cable - comparing it to Verizon FIOS and Comcast coming to the other house).

I do want the best for the buck here whether it is a one time purchase or a monthly recurring cost (and modem will not be leased/rented).

All of the above now is the need versus the want stuff.

1 - Motorola SB6141 8/4 channels - Docis 3.0 ~ < $50.00 * old
2 - Motorola / Arris SB 6190 - 32 / 8 channels Docis 3.0 ~ $100.00 * new - see deals on Ebay for less than $50 right now.
3 - Mootrola / Arris SB8000 - 32 / 8 channels Docis 3.1 ~ $200.00 * old
4 - Motorola / Arris SB8200 - 32 / 8 channels Docis 3.1 ~ $200.00 * new

[ATTACH]62548[/ATTACH]

Pete,

So I've got our network ready for the firewall appliance. Any idea on time frame?

That DOCSIS 3.1 keeps calling to me. Near gigabit downlink bandwidth, 42Mbps uplink bandwidth. Aaaaaarrrggggghhhhhhh (Homer Simpson groan)
I would need to update my UAP-AC-LITE then too.


Sent from my iPhone using Tapatalk

So I've got our network ready for the firewall appliance. Any idea on time frame?

Shifted mode now to a friend/peer living in the pacific rim that deals directly with MFGs on a search for a nITX board with 4 Network ports / 1 serial port.

He has been sending boards / spec pictures to me. I am trying to get the best deal for the buck here as mentioned. My personal goal for this endeavor is the use of a nITX motherboard with a minimum of 4 ports and to install this device inside of my 42" Leviton media can. This will complete the new media can project. Very slow as I replaced much of the cat5e with cat6 to the patch panels here. (originally two 24 port mini patch panels (leviton).

My current set up is using a BCM mITX board with 2 on board NICs and 4 extra NICs (all Gb and all Intel) X 2 is a small media server style case and this is in the server room / rack section.


Meanwhile here have a duplicate hot spare BCM motherboard based box which I am turning in to a test PFSense box for the tutorial stuff.



Been going very slow with the PFSense tutorial on DIYing installation of PFSense above.

The only hardware adds here have been NTP server and UPS. I understand these are optional. Just stuff that I did a while ago.

Next are the plugins like PFBlocker, Squid, et al.