. I do appreciate all that you have been contributing to the community. 
yeah np. just did it while it was still fresh in my mind how to do it
Code: Select all
Oct 18 15:27:23 kernel calcru: runtime went backwards from 80 usec to 48 usec for pid 12 (intr)
Oct 18 15:27:23 kernel calcru: runtime went backwards from 13724059 usec to 8110152 usec for pid 12 (intr)
Oct 18 15:27:23 kernel calcru: runtime went backwards from 822462 usec to 502252 usec for pid 12 (intr)matguy Dec 31, 2012,
Virtual Machine Specific info:
Time issues that manifest in all sorts of different error messages are common on just about all virtual machine hosting environments due to how most OS's track time via processor ticks. As a side effect of virtualization, a virtual machine simply doesn't get every processor tick (otherwise you'd have full cores or more devoted to each VM.) So, you get time drift, which is handled usually by some sort of application/tool/service that runs within the virtual machine, in VMWare virtual machines you run the VMWare tools (or some equivalent, often open source, version for less supported OS's), that periodically pulls time back to the reality reported by the VM host (which, itself may be set and time maintained via NTP.)
My theory on what's happening to you:
When you have 2 or more time sources competing and re-setting time like that, you can easily get a situation where one may over-shoot the other as they'll rarely be in perfect sync (or some other latency may introduce some variations.) I can't tell you what is best for your situation, but, assuming you're not otherwise relying on pfSense for some kind of time sync on your network, I would probably set ESXi via NTP and let the VM-tools keep the pfSense OS in sync, not use NTP in pfSense itself. VMWare will set the Virtual BIOS time via it's local host time (which may be set via NTP) so that your pfSense OS will get time from BIOS on boot, then VMWare tools should keep the OS up to date from there.
https://forum.netgate.com/topic/51494/r ... ackwards/3Supermule Banned Jan 1, 2013,
Yes, but if you use your AD based on VMtools in your guest OS, thats the right way to do it.
Let VM handle the NTP and not your guest OS.
Thats why I think it would be better if it could be turned of in PFsense if it detects vmtools package….
Code: Select all
time.nist.gov pool.ntp.org time.google.comhttps://www.reddit.com/r/PFSENSE/commen ... t_of_sync/[–]diyoot
I have following pools added in my ntp settings and it seems to work fine.
time.nist.gov
pool.ntp.org
time.google.com
zorro_66 Apr 27, 2016,
What does this message mean :-[ :-[
Apr 26 19:31:46 pfsensefirewall.localdomain nginx: 2016/04/26 19:31:46 [error] 24577#0: send() failed (54: Connection reset by peer)
phil.davis Apr 27, 2016,
Something on the other end sent a reset (RST).
e.g. this explanation: http://stackoverflow.com/questions/1434 ... -peer-mean
So the "something" did not go away completely (unplugged, powered off…) - it actually sent an RST (and went away).
cmb Apr 27, 2016,
What Phil said. Specifically, something that was communicating with the web GUI's web server. Likely normal and safe to disregard.
which is the latest recommended qotom to get? at a good budget price that is capable of vpn and suricata for 100-600 mbps broaband? I don't think i need an I7 do i?peelos wrote: ↑Fri Jun 12, 2020 4:28 am I once had an issue where log files filled the SSD but that was a user error, was quickly resolved and otherwise it has been extremely stable and has not crashed once in the 2 years it's been running 24/7 with thousands of torrent connections running through it.
Passive cooling, fanless and silent with temperature currently at 51 degrees centigrade.
Overall I have been very pleased with it.
The last hardware specs for reference: http://www.qotom.net/product/28.html - purchased on aliexpress from the official qotom store.
[–]drbiggly
3 points 12 days ago
I ordered a Qotom quad-NIC (Intel) about three years ago. I can't remember which processor is in it, but it's below the i3 (maybe one of the Celerons?) 8GB RAM and a 32GB SSD. No wireless.
I have gigabit fiber at home and it routes it reliably as fast as the ISP will allow (up to about 950Mbps.)Snowpeaks14
The i3 is be fine. The i7 will future proof you, easily handle higher speeds as they become available for longer than the i3.[–]Frnott
The i3 should handle gigabit fine. If OP were to get faster internet, they would need fasters NICs anyway.
https://www.reddit.com/r/homelab/commen ... d_for_vpn/Drumdevil86
Neat little box, however;
I ran pfsense off a J1900 for about a year. It looked like the holy grail with it's 10W TDP and 4 cores. But the CPU is slow, and definitely not built for this. They might replace a basic consumer router, plus some lightweight enterprise and VPN capabilities, but that's about it.If you start using say pfblocker to block malicious links, IP's and even advertisements, performance will quickly degrade to the point you start losing WAN connectivity.
I replaced mine with an older Optiplex 390, i5 2500 CPU and 2 server NIC's. Happy ever since.gimgunwoo
I bought a similar box like that from aliexpress, endedup not able to use it because of heat. When booting it's about 35-40c, but reaches 60+c when idling without a fan. It eventually shut itself down. I reapplied better thermal paste and that didn't really help at all. It cost almost $200CAD for that. Some probably got good experiences with them but I am not one of them.
I got a SFF thinkcentre, will use it for ESXi or proxmox to virtualize pfsense.
Will a Celeron 3865u route at gigabit?
Rrajl Dec 6, 2017
I have found a number of boxes on AliExpress like this one:
https://www.aliexpress.com/item/Eglobal ... 44734.html
I know that the more expensive Core i3-7100u will be able to handle gigabit routing. But I am curious if the cheaper Celeron 3865u would also be able to route at gigabit speeds. For reference, the specifications for the Celeron are:
https://ark.intel.com/products/96507/In ... e-1_80-GHz
Thanks for any feedback you can provide.
rajl Dec 7, 2017, 2:35 AM
Thanks for the input. I have one follow up question:
How much "other stuff" (e.g., squid, Suricata/Snort, PFBlocker, OpenVPN, etc.) can I have running and still be able to route traffic at gigabit speeds with that celeron pocessor?
Thanksnewabc Dec 7, 2017,
@rajl:
I don't think the celeron 3865u can do so many stuffs and not lower your speed. An i3-7100u box from Minisys or i5-5250u from Qotom will be better. Of cause, if you consider desktop cpu i3-7100 or 4 core i3-8100 will be much better.
https://www.reddit.com/r/PFSENSE/commen ... o_pfsense/saw_bra_guy_at_gym
Hi /u/emolinare
- This is a wonderful tutorial. I tried this with my Lenovo M93P which had just one ethernet port and a TP Link 8 Port POE switch. It works fantastic. I have Spectrum's 400Mbps plan. With hard wired speed test, I got 350down and 120up.
I even activated Suricata, pfBlockerNG when the above speeds are witnessed. One complain that I have is latency issue. The latency is really really high. I know the reason. Because WAN & LAN has to go through one port and there will be bottlenecking. I just wanted to share my 2cents with people who might be wondering about the speeds. Keep in mind this setup has been removed now because I wanted to add more VLANs via my PFSENSE to my security cameras and I didn't know how. So I just let it pass. Thanks again.[–]durianbusuk
For most people at home, this is a very practical solution. Anyone thinking of getting a PC with a single nic from somewhere like aliexpress can do much better getting a used dell optiplex 9020m which is the smallest of the optiplex units. 4th gen i5 processors and typically comes with 4-8gb of ram and if you're lucky, an SSD. The NIC is an intel one too. The processor will beat anything qotom or minisys sells in aliexpress.
You may notice in aliexpress, anything with more than 1 nic, and with 'pfsense' in the item name gets a +$200 bump in price. This post is such a breath of fresh air for those cash strapped individuals like me.
BugKiller
I purchased an Intel I350 T4 V2 BLK for my R210ii. Works 100%.
I run pfSense bare metal now, but I have run a pfSense VM on a dell R710 with ESXi with the same network adapter and with no issues.
I just didn't like the extra "complexity" and taking out my internet when I wanted to do updates my single ESXi host.
Note: Normal hygiene applies. i.e Update server BIOS, Update adapter firmware, etc.
https://www.reddit.com/r/PFSENSE/commen ... _which_is/seaQueue
If you want the option to use SR-IOV VF passthrough (virtually split the card in hardware, hand hardware virtualized copies to your VMs) you want an Intel I350-T4.*see below
If you don't care about SR-IOV you probably want an Intel I340-T4. They're relatively cheap at $15-25 for an HP NC365T and much more power efficient than the Pro/1000 VT. The Pro/1000 VT also goes by HP part number NC364T but in almost all cases you're better off spending the extra $5 for the I340.
If you're interested in 10Gb hardware you could also look at the Intel X520 or the Chelsio T420, they'll both run you around $60 on eBay.
* (Note: Be careful ordering I350 based cards on eBay, there are a large number of counterfeit cards for sale by Chinese vendors. They work, but have unknown reliability.
lots of lands mines if not careful.
is this it? ...
and it has aes-niIntel Core i3 5005U
Released January, 2015
2 GHzDual core
Power Consumption
TDP 15W
Annual home energy cost 3.61 $/year
Performance per watt 50.34 pt/W
Typical power consumption 12.19Whttp://cpuboss.com/cpu/Intel-Core-i3-5005ULAN Chipset
4 x Intel I211-AT Gigabit LAN
i'm trying to troubleshoot, see if tinkering with virtual switch in virtual station and virtual switch management will fix the issues i'm noticing in pfsense logs for PPPOE and DHCP.Hi Moogle,
Our 2nd line reply the Qfinder utility show incorrect IP address issue already fixed in the new version of firmware 4.4.2.1333 & Qfinder utility V6.9.1.0603, please wait we release the new version of firmware or later to fix this issue.
When you create a new virtual switch with "software-defined switch mode" this option to bundle NAS LAN adapter 1, you also need to set pfSense LAN adapter 1 into this software defined switch in pfSense VM OS network settings,
About pfSense with NAS virtual switch issues(PPPoE & DHCP), please create a new ticket in our QNAP Customer Portal.
3. Please test if create a new virtual switch with "software-defined switch mode" this option to bundle NAS LAN adapter 1 & pfSense VM OS adapter 1, the pfSense whether has show the same PPPoE error message again(need to delete existing virtual switch first)?
Tried to do the "software-definited swide mode) to bundle nas lan adapter 1 and pfsense vm os adapter 1. No such thing was possible. the only option was bind it to lan adapter 1 only thats it (there was no selection for the pfsense vm os adapter 1.
viewtopic.php?f=199&t=129504&p=594500&h ... vm#p594500razormoon wrote: ↑Sun Jan 29, 2017 2:41 am
I've had the NAS hang on beta. Upon restarting there was an issue with port 4 (pfSense WAN, isolated net) where the static IP reverted to factory default.
Shutting down the VMs and restart again fixed it.
I have restarted the NAS on occasion while the VMs were left running. I have found no evidence of corruption. However, looking at pfSense you can see that it does work on it's system clock
when the NAS comes back on. Leaving it as such seems to be ok (though I restart the VM due to mild OCD). The Windows Server does the same thing and loses time. I've had to create a custom time schedule to have the time feature sync constantly every 15 mins on it.
As far as the virtual switch thing, I am not sure.
What I have done is set all of them to static on the NAS, MTU 9000, pfSense as gateway and DNS server as Windows Server IP (or PIA VPN servers if not joined to domain).
It 'hiccups' on startup (before Virtualization Station) and complains about DNS/DHCP services, but smoothes over once pfSense VM comes back on.
viewtopic.php?f=199&t=128291&p=584283&h ... vm#p584362Trexx wrote: ↑Sat Dec 17, 2016 12:48 am Just as a point of reference, ALL Virtualization technologies have time drift. See the following article from VMware https://kb.vmware.com/selfservice/micro ... nalId=1318 as an example.
Make sure that you have installed the VirtIO tools in Windows 10, either through VS or manually. See here for latest stable ISO.
IF you are heavily pushing the NAS while your Windows 10 VM is running, that will make the issue worse as the NAS and VM are competing for CPU cycles, which will make the time drift worse (and the VM seem sluggish). So don't run Plex transcoding while the VM is running as an example.
9. Select the mode.
Click Basic Mode to create a bridged network
Click Advanced Mode to specify a network configuration.
PPPoE using VLAN setup
===Hi everyone.
I'm new to pfsense and I just got a sg-1100 box to replace my ISP low-end router.
I have a FTTH connection. The fiber goes into the ONT box which connects through an ethernet cable to the ISP router.
I got all the settings needed from the ISP, I disconnected the ISP router and plugged the above mentioned ethernet cable into the WAN port of the sg-1100.
I created a VLAN tagged 24 and assigned it to the WAN interface (as my ISP uses this VLAN setting for data). I ensured all the settings are correct and the username and password for ppp are correct.
However I keep seeing this error in the logs:
https://forum.netgate.com/topic/148741/ ... an-setup/2gabric098 Dec 9, 2019, 5:56 AM
Hi Steve,
thanks for the reply.
I'm fairly sure the VLAN is needed to be created in the router as I've access to the ISP router config and it shows VLAN24 configured.
I am assuming all the config I get from the ISP router are correct (user/password VLANID ,MTU...) so I can only think that I'm doing something wrong in setting up the VLAN and assigning it to the WAN interface (which is very possible as this is the first time I use pfSense).
I've screenshotted step by step what I'm doing. Maybe you can figure out what I'm doing wrong.
I start from a factory default settings. I create a WAN connection as PPPeE adding username and password as the ISP modem.
After that I create a VLAN with tagged 24:
Then I assign the newly created VLAN to WAN:
I edit the PPP settings assigning it to the VLAN interface:
And finally I configure the switch as you mentioned above:
Unfortunately, this setup seems not to be working, I keep getting the same error in the logs as the one I posted at the very beginning of the post.
Unfortunately my ISP doesn't offer any support in configuring 3rd party routers so I'm kind of stuck at the moment.
Thanks again,
Gab
hm... not sure if that really is the problem, or whether pfsense misconfiguration my side. i'll keep trying until i give upHi Moogle,
As I explain in previous reply, in our QTS network & virtual switch current design and topology, the virtual switch cannot support a VLAN tag packet, it also means we don't support pfsense configure a VLAN and pass to NAS LAN port 1 & 2, therefore, the pfSesne system logs list PPPoE link down message may NAS virtual switch didn't support pass VLAN tag packet caused.
If you need the NAS virtual switch support VLAN tag function, I can inform our product team about this feature request.
but if after following exact steps and still doesn't work, then it probably is due to the lack of vlan tag capability for the virtual switches which is causing this issue? at least that is what helpdesk say is the problem for why i am getting this error.https://www.facebook.com/notes/noor-aml ... 716993320/PfSense 2.3.2 with TM Unifi Installation & Configuration
by NOOR AMLI SAID·
NOVEMBER 8, 2016
This article will guide you through the basic installations on how to install and configure pfSense version 2.3.2 in a home network with working HyppTV on TM UNIFI
My Hardware
Pentium 4 2.8Ghz Processor, 2GB RAM, 80GB of HDD, CD-ROM
2 PCI Ethernet cards + 1 onboard ethernet port, and a pfsense ISO file available from http://nyifiles.pfsense.org/mirror/down ... 386.iso.gz
Internet Connection i'm using.
TM UNIFI Advanced 30mb with HyppTV active. We'll setup VLAN 500 for PPPoE and VLAN 600 for HyppTV
Setup Summary
Onboard Ethernet (rl2) - LAN - 192.168.1.1/24. Connect to your home network
PCI Ethernet NIC1 (rl0)- WAN - VLAN500 & VLAN600. Connect your TM BTU here
PCI Ethernect NIC2 (rl1) - IPTV - Connect your HyppTV set top box here
pfSense Installation
1- Download the image from pfSense download page. Here i am using i386 platform.
2- unzip downloaded gz file using 7zip then burn the ISO image on to CD using imgburn.
3- Now reboot target machine and set BIOS boot option to boot CDROM first.
4- Once boot into CD, select 1 to "Boot Multi User" then press Enter
5- Then press "I" to launch the installer
6- on Configure Console, choose "Accept these Settings"
7- on Select Task, choose "Custom Install"
8- Select disk to install pfSense
9- Choose This Disk
10- Then choose "Use this Geometry" and Format this disk.
11- Partition Disk then choose "Accept and Create"
12- Yes, partition ada0
13- Accept and Install Bootblocks
14- Choose the partition on top for Bootblock. Let it finish partition.
15- on Select Subpartition. Choose "Accept and Create"
16- Install Kernel menu, choose "Standard Kernel"
17- Reboot your machine
pfSense Configuration
1- Once boot up, on "Assign Interfaces" menu choose "y" on "Should VLANs be set up now?"
2- Our first PCI NIC (rl0) will be used as WAN, so type rl0 here
3- Enter VLAN tag : 500
4- Then select rl0 again and Enter VLAN tag :600
5- Press enter to proceed.
6- Enter WAN interface name: rl0
7- Enter LAN interface name: rl2
8- Enter Optional 1 interface name: rl1
9- Press Enter to proceed. Choose 'y' to proceed
VLAN Setup for TM UNIFI
By default IP address is set to 192.168.1.1, username:admin, password:pfsense
10- Login to your pfSense using another laptop. Set laptop IP address to be in 192.168.1.0 range
11- using web browser, type http://192.168.1.1 to access to pfSense login page.
12- Click into Interfaces / then VLANs. Make sure the setup is as below
13- Parent Interface: rl0
14- VLAN Tag : 500
15- then click Save
16- Then another VLAN
17- Parent Interface: rl0
18- VLAN Tag : 600
Interface Assignments PPPoE
20- Browse to Interface / Interface Assignments
20- From "available network ports" choose rl0_vlan500. Then click add
21- On "General Configuration" Tick Enable interface, and set IPv4 Configuration type to PPPoE
22- On PPPoE Configuration put in your TM UNIFI account username and password. Please contact TM Support Center for these details.
23- Then Click Save.
Interface Assignments HyppTV
24- Browse to Interface / Interface Assignments
25- Edit OPT1 Interface, change description to IPTV. Then click Save
26- From "available network ports" choose VLAN 600 in rl0
27- Click Add
28- Then browse to Interfaces / Bridges / Edit
29- Member Interfaces. Choose IPTV and VLAN600. Change description to IPTV-Bridge
30- Click Save
Firewall Setup
Now plug everything accordingly rl0-to TM Unifi BTU, rl1- to HyppTV Set top Box and rl2- to your home network switch
31- Browse to Firewall / Rules / LAN.
32- Make sure LAN Action=Pass, Protocol=Any
33- Browse to Firewall / Rules / IPTV
34- Set to IPTV Action=Pass, Protocol=Any
35- Set on IPTV Extra Options / Advanced Options. Tick Allow IP Options to pass.
36- Browse to Firewall / Rules / PPPoE
37- Set to PPPoE Action=Pass, Protocol=Any
38- Browse to Firewall / Rules / VLAN600
39- Set to VLAN600 Action=Pass, Protocol=Any
40- Set on VLAN600 Extra Options / Advanced Options. Tick Allow IP Options to pass.
41- Click save.
Enjoy PfSense with TM Unifi
Code: Select all
Retrieving speedtest.net configuration...
Testing from XXX
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by [6.61 km]: 9.584 ms
Testing download speed................................................................................
Download: 809.49 Mbit/s
Testing upload speed......................................................................................................
Upload: 89.50 Mbit/s
