Re: [pfSense] Interface options for pfsense
On Mon 21 Apr 2014 22:46:57 NZST +1200, Christoph Hanle wrote: Are there any USB Ethernet adapters that actually work with pfsense? Reliably? I am looking for reports from those who have tried, not the freebsd supported HW list - that list is too long and not really trustworthy (I have a USB wifi adapter which runs for 10min then makes pfsense kernel panic). Tested with 2.0.3 and stable in production usage: Digitus 3015 (RTL 8150 chipset) and Digitus-10050 (MCS7832 chipset). Obtained one which says RTL8152 under Linux (works off the shelf): Bus 010 Device 003: ID 0bda:8152 Realtek Semiconductor Corp. On pfsense 2.1.3 dmesg says ugen1.2: Realtek at usbus1 But even after adding if_rue_load=YES to /boot/loader.conf.local and rebooting with the adapter plugged in nothing much in dmesg gives any hint of the presence of another interface. -- RTL8152 no good with pfsense 2.1.3. I can't find RTL8150 any more. Does anyone have an Ethernet USB adapter working under pfsense 2.1? Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Tue, Apr 22, 2014 at 1:02 PM, Jim Thompson j...@netgate.com wrote: You’ll need to define “affordable”. You’ll also need to state if you’re looking for PCI, PCI-x or PCIe cards. Only sensible definition I can see is: cost of business disruption from current device failing cost of putting in new device known to be reliable If that equation is false, then keep your current device in place, as that will save you money (and time). ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
I have had very good success with this d-Link switch for VLANS combined with Intel NUC's for running pfSense: http://www.newegg.com/Product/Product.aspx?Item=N82E16833127450 - Ulrik -Oprindelig meddelelse- Fra: List [mailto:list-boun...@lists.pfsense.org] På vegne af Chris Bagnall Sendt: 21. april 2014 03:14 Til: list@lists.pfsense.org Emne: Re: [pfSense] Interface options for pfsense The GS108T-200 is the one with a web-based config tool Worth adding that you can pick up the HP 1700-8 for less than £60 these days, now that it's been superceded by the 1810-x series switches. Fairly intuitive web interface and talks SNMP too. Admittedly not gigabit, but as a multi-WAN VLAN switch, it's ideal. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Tue 22 Apr 2014 00:04:47 NZST +1200, Vick Khera wrote: Now freebsd dieing on the hme driver effectively turns those cards into scrap and I'm stuck. What are alternatives now? Just curious, if you insert a small hub/switch between your printer and the NIC does that fix it? No it won't. One of the hmeX ports is connected to my LAN switch. Pulling that briefly blows up the pfsense box. A sufficient condition to kill the pfsense system is for an interface to briefly lose physical connection (or for the connected device to be turned off). The same results from pfsense's web gui restarting interfaces, e.g. from changing dhcp server settings. IOW pfsense 2.1 with hme driver is totally unusable. I am kind of forced to replace the hardware now. Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Tue, Apr 22, 2014 at 4:52 AM, Volker Kuhlmann hid...@paradise.net.nz wrote: A sufficient condition to kill the pfsense system is for an interface to briefly lose physical connection (or for the connected device to be turned off). The same results from pfsense's web gui restarting interfaces, e.g. from changing dhcp server settings. I disagree that is a sufficient condition, unless you restrict this statement to hme interfaces. On em interfaces, it survives pulled wires, flapping upstream routers, etc. In fact, the CARP failover works pretty well in these conditions. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
Am 22.04.2014 14:19, schrieb Vick Khera: I disagree that is a sufficient condition, unless you restrict this statement to hme interfaces. From his previous posts, I think it's pretty obvious that that is what he meant. :-) -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Apr 22, 2014, at 10:39, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: In fact, I'd be petty disappointed, too, if a newer pfSense release stopped working on my hardware and it the whole issue appeared out of the blue (== no hwe driver no longer supported or similar notice in the release notes). Your potential disappointment is noted. It's not like we disabled the hme driver. We have no ability to test it, since we don't have one of these cards. Nor are we likely to invest in one. I can think of a half dozen reasons that could cause the card to run on 2.0.3, and not run on 2.1. Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Apr 20, 2014, at 5:32 PM, Volker Kuhlmann list0...@paradise.net.nz wrote: I've been running pfsense for many years (and been very happy with it) on scrapped PCs with a Sun 4-port Ethernet PCI card because I need 5 Ethernet ports. Now freebsd dieing on the hme driver effectively turns those cards into scrap and I'm stuck. What are alternatives now? Are there any other 4-port cards that are supported by pfsense in practice (not just in theory), that are also affordable? You’ll need to define “affordable”. You’ll also need to state if you’re looking for PCI, PCI-x or PCIe cards. The power consumption (and box volume) of scrapped PCs is not optimal, and I've been looking at moving to a small single-board. Soekris was always underpowered and overpriced IMHO, and PCEngines underpowered, until they released the exciting APU series recently. They all only have 3 Ethernet ports though, which is the stopper here. What mPCIe Ethernet cards are supported by pfsense that people can recommend? We’ve run some experiments with various Intel-based cards in a NUC (we’re building a rack mount for them). They work, but it’s not an inexpensive solution. Are there any USB Ethernet adapters that actually work with pfsense? Reliably? I am looking for reports from those who have tried, not the freebsd supported HW list - that list is too long and not really trustworthy (I have a USB wifi adapter which runs for 10min then makes pfsense kernel panic). WiFi isn’t recommended until at least pfSense 2.2, if then. The frequently recommended option of using VLANs may look good for larger commercial networks, but just buying a VLAN capable switch costs more than a suitable pfsense box and brings the power budget of the combination to the same level as a scrapped PC - with the latter winning hands down on cost. You can pick up the 8 port HP switches (e.g. 1810-8G aka J9802A) for less than $100 these days. No fan, so noise-free. 8W maximum. Real SNMP implementation, supports 802.1q, jumbo packets, etc. When we lived in Hawaii, (expensive power), I used to run a 24-port version of this (1810-24G aka J9803A). Still no fan, 24 10/100/1000 ports, of these can support SFP. Current price is less than $200 on newegg, and probably way more switch than you need. These days my “home lab” (the test lab at work) has a dedicated room, dedicated AC, several racks, and is connected via redundant 10Gbps links, with a backup fiber link at 100Mbps, so my home network is just an APU, a 16-port dumb switch, and a couple 802.11 APs. If I decided to upgrade the Grande connection to 1Gbps or, when Google fiber arrives, I’ll probably replace all that with an SDN (OpenFlow) setup. Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Apr 22, 2014, at 12:27 PM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Am 22.04.2014 18:29, schrieb Jim Thompson: It's not like we disabled the hme driver. Nobody accused you of intentionally disabling it. Manure happens. :-) Relax. We have no ability to test it, since we don't have one of these cards. Nor are we likely to invest in one. Over in the Interface yoyo thread, Message-ID 5355875d.9050...@athompso.net, Adam Thompson wrote: If any of the devs want to test this hardware, I have at least one just sitting on the shelf I can ship to you. (I thought I had 3 or 4 of them, maybe they're still sitting in the E450s that are also sitting on the shelf. Well, actually on the ground, but only because I don't have any shelves that can hold *those*.) If Adam is willing to donate his spare card to you dev folks, and maybe Volker buys a Gold Membership (in case he doesn't have one already), would that significantly increase the chances of having a working hme driver in a future release? :-) That would require finding a PC with a PCI slot, and time. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Wed 23 Apr 2014 05:02:59 NZST +1200, Jim Thompson wrote: Are there any USB Ethernet adapters that actually work with pfsense? Reliably? I am looking for reports from those who have tried, not the freebsd supported HW list - that list is too long and not really trustworthy (I have a USB wifi adapter which runs for 10min then makes pfsense kernel panic). WiFi isn't recommended until at least pfSense 2.2, if then. OK, thanks Jim, good to know. Do you mean this to apply to USB wifi only? There are cheap mPCIe atheros-based wifi cards for the PCEngine APU board. Are they known to be reliable? You can pick up the 8 port HP switches (e.g. 1810-8G aka J9802A) for less than $100 these days. No fan, so noise-free. 8W maximum. Yes, thank you for mentioning that - I had seen that yesterday and their power specs had escaped me when I looked at them previously (some of those similar models do guzzle it). That's my plan B, but I really don't like to use VLANs when I can avoid the clutter and complexity (more bugs, more time spent). A pfsense box with more ports is much easier. Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Apr 22, 2014, at 3:42 PM, Volker Kuhlmann hid...@paradise.net.nz wrote: On Wed 23 Apr 2014 05:02:59 NZST +1200, Jim Thompson wrote: Are there any USB Ethernet adapters that actually work with pfsense? Reliably? I am looking for reports from those who have tried, not the freebsd supported HW list - that list is too long and not really trustworthy (I have a USB wifi adapter which runs for 10min then makes pfsense kernel panic). WiFi isn't recommended until at least pfSense 2.2, if then. OK, thanks Jim, good to know. Do you mean this to apply to USB wifi only? No. There are cheap mPCIe atheros-based wifi cards for the PCEngine APU board. Are they known to be reliable? Yes, I know. We sell thousands of them every month, but not for use in pfSense. Maybe with 2.2 the situation will improve. You can pick up the 8 port HP switches (e.g. 1810-8G aka J9802A) for less than $100 these days. No fan, so noise-free. 8W maximum. Yes, thank you for mentioning that - I had seen that yesterday and their power specs had escaped me when I looked at them previously (some of those similar models do guzzle it). That's my plan B, but I really don't like to use VLANs when I can avoid the clutter and complexity (more bugs, more time spent). A pfsense box with more ports is much easier. You asked. BTW, VLANs end up as less clutter, not more. jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On April 22, 2014 4:58:14 PM CDT, Jim Thompson j...@smallworks.com wrote: On Apr 22, 2014, at 3:42 PM, Volker Kuhlmann hid...@paradise.net.nz wrote: On Wed 23 Apr 2014 05:02:59 NZST +1200, Jim Thompson wrote: Are there any USB Ethernet adapters that actually work with pfsense? Reliably? I am looking for reports from those who have tried, not the freebsd supported HW list - that list is too long and not really trustworthy (I have a USB wifi adapter which runs for 10min then makes pfsense kernel panic). WiFi isn't recommended until at least pfSense 2.2, if then. OK, thanks Jim, good to know. Do you mean this to apply to USB wifi only? No. There are cheap mPCIe atheros-based wifi cards for the PCEngine APU board. Are they known to be reliable? Yes, I know. We sell thousands of them every month, but not for use in pfSense. Maybe with 2.2 the situation will improve. You can pick up the 8 port HP switches (e.g. 1810-8G aka J9802A) for less than $100 these days. No fan, so noise-free. 8W maximum. Yes, thank you for mentioning that - I had seen that yesterday and their power specs had escaped me when I looked at them previously (some of those similar models do guzzle it). That's my plan B, but I really don't like to use VLANs when I can avoid the clutter and complexity (more bugs, more time spent). A pfsense box with more ports is much easier. You asked. BTW, VLANs end up as less clutter, not more. jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list Using VLANs when combined with LACP is also (literally, mathematically) infinitely more resilient to many common types of physical failure, and gives you the added bonus of being able to exceed the speed of a single link in many cases. -Adam -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Tue, Apr 22, 2014 at 12:27 PM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: If Adam is willing to donate his spare card to you dev folks, and maybe Volker buys a Gold Membership (in case he doesn't have one already), would that significantly increase the chances of having a working hme driver in a future release? :-) It's just not practical. Kernel developers are expensive, in order for it to make any sense for us to put one of our developers' time towards it, it'd require more money than a brand new Intel quad port gig NIC would cost that'll work right out of the box. On ebay you can find a slew of used quad port gigabit Intel cards for under $100 USD for PCI-e and under $50 for PCI-X, including shipping. You could buy a stock pile of those cheaper than fixing a driver issue. The economics of fixing a driver issue on a 16 year old NIC just aren't there unless you can find a driver developer who's willing to do all the work for free, or you have a significant number of them in production where it becomes financially viable. There may be hope in reporting it upstream and hoping for the best, but don't hold your breath. It may also already be fixed in FreeBSD 10.x, so trying 2.2 snapshots first would be worthwhile. That'd be a requirement anyway before anyone upstream would pay any attention. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Sun, Apr 20, 2014 at 6:32 PM, Volker Kuhlmann list0...@paradise.net.nzwrote: I've been running pfsense for many years (and been very happy with it) on scrapped PCs with a Sun 4-port Ethernet PCI card because I need 5 Ethernet ports. Now freebsd dieing on the hme driver effectively turns those cards into scrap and I'm stuck. What are alternatives now? Are there any other 4-port cards that are supported by pfsense in practice (not just in theory), that are also affordable? I have had success with Intel PRO/1000 based 4-port PCI-X cards. Most old 32-bit PCI motherboards will take a PCI-X card using only half of the card's connectors, which means that all four ports will max out at around 1.5-2 Gigabits across all four ports (due to the limited PCI bandwidth). However, your old Sun machine likely couldn't push 4 Gigabits anyway, so it doesn't really matter. The specific cards that I have been using are Intel PRO/1000 MT 2-port and GT 4-port (which use the 'em' driver), all purchased on eBay and installed in Dell Optiplex GX260 and Optiplex GX280 machines. HTH, Moshe ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On 21.04.2014 00:32 Volker Kuhlmann wrote: Now freebsd dieing on the hme driver effectively turns those cards into scrap and I'm stuck. What are alternatives now? Are there any other 4-port cards that are supported by pfsense in practice (not just in theory), that are also affordable? Intel and Broadcom Server NICs. Depends on the PCI expansion slots available on your motherboard. I have not found any replacement for the SUN cards for 32 bit PCI. Are there any USB Ethernet adapters that actually work with pfsense? Reliably? I am looking for reports from those who have tried, not the freebsd supported HW list - that list is too long and not really trustworthy (I have a USB wifi adapter which runs for 10min then makes pfsense kernel panic). Tested with 2.0.3 and stable in production usage: Digitus 3015 (RTL 8150 chipset) and Digitus-10050 (MCS7832 chipset). The frequently recommended option of using VLANs may look good for larger commercial networks, but just buying a VLAN capable switch costs more than a suitable pfsense box and brings the power budget of the combination to the same level as a scrapped PC - with the latter winning hands down on cost. TP-Link, eg. TP-LINK TL-SG321 bye Christoph ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On 21 Apr 2014 at 10:32, Volker Kuhlmann wrote: I've been running pfsense for many years (and been very happy with it) on scrapped PCs with a Sun 4-port Ethernet PCI card because I need 5 Ethernet ports. This was discussed on the list last year. [pfSense] 4 port ethernet card -- STARTECH ST1000SPEX42 -- any good https://lists.pfsense.org/pipermail/list/2013-June/004291.html You'd want to check the FreeBSD 9 HCL for an answer, but... According to the specs, that card uses 4 x Realtek RTL8111E and a PLX PEX8608. The PEX8608 is a standard PCIe switch, which should appear as a generic pcibb(4) device. However, there are conflicting reports on whether the RTL8111E works in all circumstances. Search the forum for more details, but I would not assume this card will work. Also take a look at http://www.glitchwrks.com/2012/08/03/Quad-Port-PCI-Ethernet-Roundup/ for more information on quad-port cards in pfsense. -Adam That GlitchWrks page is a bit dated, but it lists many 4-port cards available in 2012 and discusses them WRT pfSense: Quad Port Gigabit PCI Ethernet Card Roundup Topic: Evaluating quad port gigabit Ethernet cards for use in a pfSense box Date: 03 Aug 2012 -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-895-3270 / 1-520-290-5038 Security Blog: http://geoapps.com/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
Am 21.04.2014 00:32, schrieb Volker Kuhlmann: The frequently recommended option of using VLANs may look good for larger commercial networks, but just buying a VLAN capable switch costs more than a suitable pfsense box and brings the power budget of the combination to the same level as a scrapped PC - with the latter winning hands down on cost. Um, no. While they're a PITA to configure (you need a Windows PC with Adobe Air), Netgear's GS105E are dirt cheap, fanless, 5-Port-1-Gig-VLAN-capable switches. Sales price here in Germany is below 30 EUR including VAT. I heard the 8-port model GS108E is actually easier to configure (Web GUI instead of Adobe-Air-based proprietary tool), but I can't claim personal experience with that, so don't take my word for it, but ask someone who actually configured it. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Mon 21 Apr 2014 10:51:13 NZST +1200, Stefan Baur wrote: Thanks muchly for the tip, Stefan! There is no 'doze in the house and on no account will I add a Billy-dependency to my infrastructure. Any manufacturer too stupid to make their stuff controllable by open source software can sell elsewhere. Period. The GS108T-200 is the one with a web-based config tool http://www.netgear.com/business/products/switches/smart/GS108Tv2.aspx#tab-techspecs ? (Not easy to find on their website - searching only finds their useless software.) Max 12W power consumption looks good. Not ideal though, because VLANs are more complex and error prone, American propriatory network equipment doesn't seem like a good choice any more, and that model appears to be no longer for sale where I live. I'll keep it in mind though - thanks. Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
