pfSense 2.0 since release update and appreciation thread

[AMD_Gamer]

I was just wondering how everyone's pfSense 2.0 has been holding up? mine has been rock solid. I restarted it once 14 days ago doing some work on my network and it has been up since, now over 14 days. I have downloaded tons of stuff, played the crap out of BF3 along with my normal internet activities and have not had a single problem. My OpenVPN has been working great also.

pfSense 2.0 is definitely a solid product.

 

[Chibo]

Trying to enable my supposedly supported wifi card still results in fucking kernel panics that require the quickness of god to edit the config files after the router boots to save it. 1.2.3-release has had a year+ uptime for me before, hopefully I can get this thing there but the wifi issue and it having quirks in counting traffic for the rrd graphs makes me really want to switch to another solution but so far none are a better overall option.

 

[Brak710]

I wish the traffic shaping wizard was better. 1.3.2's was much more accurate when making the default queues.

 

[The Spyder]

Very happy with the updated OpenVPN and solid build.

 

[jadams]

36 days - http://i.imgur.com/k2NkU.png

That small streak will be coming to an end soon enough though.

After the inplace upgrade from RC to final, it broke some junk..... again. Doing a reinstall as soon as I get the mini pcie to ethernet adapter and repurprosing an Acer Aspire Revo for the job instead.

 

[jadams]

we should turn this thread into a tips and tricks. We need a dedicated thread for pfsense/untangle tips and tricks.

 

[NetJunkie]

FYI, if you run pfSense 2.0 under VMware and see high CPU load it's probably a bug in the device polling on the NICs. Hit that with vSphere 5 and had someone else confirm it. Was showing really high CPU use under load...

I've since switched back to Untangle because of the other features it offers but pfSense is much lighter weight.

 

[Origin_Unknown]

mine appears to be working ok here

 

[Cino]

Been very happy with 2.0. I've been using 2.0 beta for some time now with no issues.. Using 2.1 which seems to be as good but its to0 early to tell since there is going to me a major change to the binaries soon(freebsd 9)

 

[Chibo]

Where did you get the 2.1 beta iso? This WiFi issue is seriously pissing me off and I was hoping support might be better with FreeBSD 9 under the hood.

 

[CEpeep]

We're still on 1.2.x, but we'll be moving to 2.0 with the transition to ESXi 5.0 later this year. Lab install has been doing well so far, but it doesn't see much traffic.

 

[jadams]

Where did you get the 2.1 beta iso? This WiFi issue is seriously pissing me off and I was hoping support might be better with FreeBSD 9 under the hood.

I'd be interested in toying with it too. But 2.0 is too new for me to really want to give 2.1 any big amount of time.

 

[RESTfulADI]

Running 2.0 under ESXi 5 for a week now and no issues. I haven't see the NIC issue NetJunkie mentioned but my connection isn't that fast.

 

[mickeykool]

Is there a company that already sell a small setup box w/ pfsense on it? I've gone through few routers over the years and I just want a reliable one.

 

[CEpeep]

Is there a company that already sell a small setup box w/ pfsense on it? I've gone through few routers over the years and I just want a reliable one.

Not AFAIK, but you can build one for < $100 with a cheap mITX board.

 

[jadams]

Not AFAIK, but you can build one for < $100 with a cheap mITX board.

Id like to see a part list that comes to under a hundred bucks.

 

[jadams]

.

Only 97k max states? Get some more ram in that thing!

 

[NetJunkie]

Running 2.0 under ESXi 5 for a week now and no issues. I haven't see the NIC issue NetJunkie mentioned but my connection isn't that fast.

Pushing 50Mb with a lot of connections would peg two CPU cores...but it wasn't real load. Inside pfSense the load was a lot less. Flip the device polling back and forth on a reboot and it would drop way down.

 

[YeOldeStonecat]

Raise the bar a bit.....I'd not get excited with an uptime of just 14 days.

414 days....and still going strong...now you've almost got something
714 days...now you're talking. Up time of edge critical devices such as routers should be in years.

 

[jadams]

Raise the bar a bit.....I'd not get excited with an uptime of just 14 days.

414 days....and still going strong...now you've almost got something
714 days...now you're talking. Up time of edge critical devices such as routers should be in years.

Yea I'd say. The power at the office is a little too spuratic. With mothernature throwing us hurricanes, earthquakes, and now a damn october snow storm in the north east we've had too many long term power outages. Power finally went out in the snowstorm this weekend, but before that the router was around 220 days last i checked (shortly after I installed it and set the final config)

I play with the stuff here at home too much to worry about uptime streaks.

 

[NetJunkie]

Yeah..my home lab stuff isn't going to hit 400 days of uptime by any stretch. Even in a VM with no downtime maintenance....

 

[Red Squirrel]

I'm still on 1.2.3, but plan to upgrade some time. My only complaint is snort was very bad for false positives, and even if I whitelisted an IP it would still block it, so I had to turn that part off, but otherwise it's been solid. Going to go to 2.0 eventually. Now that I have a monitor, keyboard and mouse where my server rack is, it wont be that hard to do. The server sits funny on it's rails and it always makes me nervous to move it. I don't think it's the right rails for it.

Been up for 55 days. I can't recall why I had to turn it off, think I was doing electrical or something and took me longer than the UPS could hold.

 

[YeOldeStonecat]

Yea I'd say. The power at the office is a little too spuratic. With mothernature throwing us hurricanes, earthquakes, and now a damn october snow storm in the north east we've had too many long term power outages. Power finally went out in the snowstorm this weekend, but before that the router was around 220 days last i checked (shortly after I installed it and set the final config)

I play with the stuff here at home too much to worry about uptime streaks.

I'm just giggling and poking fun at excitement over double digit uptime being screenshot and post worthy. A Stinksys router can easily do that....raise the bar man...raise the bar.

 

[grimster]

I'm just giggling and poking fun at excitement over double digit uptime being screenshot and post worthy. A Stinksys router can easily do that....raise the bar man...raise the bar.

As people have already said, not everyone has a reliable power source. If a person is on a power grid that goes out every week, how would that be the fault of the router? Ever heard of a car hitting a pole?

 

[jadams]

He's just messing around. Takes a little more than 12 days to get used to his "humor"

 

[grimster]

12 days is how long mine has been running. So far, I am not very impressed, and more pissed off than anything.

 

[Chibo]

Only 97k max states? Get some more ram in that thing!

Only 1GB in it, mobo will take a max of 2GB in one DDR2 SoDIMM. I've never seen the memory or states become full since it's just a home 50mbit connection.

I'm just giggling and poking fun at excitement over double digit uptime being screenshot and post worthy. A Stinksys router can easily do that....raise the bar man...raise the bar.

 

[jadams]

Only 1GB in it, mobo will take a max of 2GB in one DDR2 SoDIMM. I've never seen the memory or states become full since it's just a home 50mbit connection.

Oh no's not 50Mbit! How ever would we survive!

I can fill up 97k between me and the "server" when we're both busy.

 

[Flank3r]

Is the State table manually adjustable? Or does it automatically adjust based on the amount of installed RAM? I'm running something that steadily runs in the hundreds of thousands of connection states and this is the only concern I have before upgrading to 2.0 from 1.2.3. Anyone running 2.0 pitch in?

 

[AMD_Gamer]

12 days is how long mine has been running. So far, I am not very impressed, and more pissed off than anything.

Care to tell us why?

 

[RESTfulADI]

Anyone know how much throughput the Alix board can handle with pfSense? I am testing several firewalls right now (including Astaro, Untangle, Mikrotik), and if I decide to stick with pfSense I may want to have a physical device instead of a VM but it would need to be cheap.

It's a race between Astaro and pfSense right now, as much as I love Astaro's UI and ease of use, the extra features of pfSense are really compelling. IPBlocklist addon, UPnP per host, less resources, to name a few.

 

[Chibo]

I seem to remember hearing somewhere in the area of 70mbit, unless you get into encrypted VPN where it can drop to less than 20mbit.

 

[RESTfulADI]

I seem to remember hearing somewhere in the area of 70mbit, unless you get into encrypted VPN where it can drop to less than 20mbit.

I found this in the advanced options:

glxsb Crypto Acceleration

The AMD Geode LX Security Block will accelerate some cryptographic functions on systems which have the chip. Do not enable this option if you have a Hifn cryptographic acceleration card, as this will take precedence and the Hifn card will not be used. Acceleration should be automatic for IPsec when using Rijndael (AES). OpenVPN should be set for AES-128-CBC.

If you do not have a glxsb chip in your system, this option will have no effect. To unload the module, uncheck this option and then reboot.

Do you know if the 20mbit estimate is with or without this acceleration?

 

[obrith]

Older post but likely relevant: http://forum.pfsense.org/index.php?topic=12766.0

Not sure if his test unit has the features you're looking at, or if it's even a 500mhz model. Only useful as a reference point.

 

[Chibo]

I found this in the advanced options:

Do you know if the 20mbit estimate is with or without this acceleration?

http://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported

Older post but likely relevant: http://forum.pfsense.org/index.php?topic=12766.0

Not sure if his test unit has the features you're looking at, or if it's even a 500mhz model. Only useful as a reference point.

That is the post I was thinking of and it does have the Geode LX800 at 500mhz. Guess I was pretty wrong on the throughput though.

 

[jadams]

Is the State table manually adjustable? Or does it automatically adjust based on the amount of installed RAM? I'm running something that steadily runs in the hundreds of thousands of connection states and this is the only concern I have before upgrading to 2.0 from 1.2.3. Anyone running 2.0 pitch in?

Based on RAM it does automatically set you a state table size. The max it will automatically set is around 120k if I'm not mistaken. However under the advanced setup you can change max state table size to anything you want. Each state uses 1K of RAM. See how much ram you have left after packages and what not and devote the rest to the state table.

 

[Red Squirrel]

Mine can go up to 10000 states, but my ISP limits at like 500, which sucks. Though I have seen it go much higher, so maybe they don't limit it anymore, not sure.

 

[criccio]

My overkill box.

Athlon X2 250 @ 3GHz
4GB DDR2
2x Intel Gigabit PCIe NIC's

 

[Chibo]

This shit is infuriating.

 

[criccio]

Whats wrong with that?