headers
Tim Dressel | 1 Nov 2009 03:13
Picon

Re: Re: Hardware upgrade recommendation

PRO 100's have serious problems in BSD7.

I know the PRO 1000 GT's work flawlessly.

On Sat, Oct 31, 2009 at 12:27 PM, Ugo Bellavance <ugob@...> wrote:
> Chris Buechler wrote:
>>
>> On Sat, Oct 31, 2009 at 10:39 AM, Ugo Bellavance <ugob@...> wrote:
>>>
>>> Hi list,
>>>
>>>       We're currently running PfSense 1.2 on a white-box PC, that costed
>>> nothing...  P4 1., 1G RAM, HDD install.  Nics: vr (WAN), fxe (3 vlan
>>> LAN).
>>>  Very robust up to now.
>>>
>>
>> Even the lowest end P4 can push over 200 Mbps with decent NICs.
>> Replacing that mix of NICs with Intel Pro/1000 cards would help,
>> possibly considerably. That's cheaper than replacing the box.
>
> I finally bought an used IBM corporate desktop with an Intel Pro/100 (or
> 1000) onboard.  I'll install it with my other PCI Intel Pro/100 card.
>
>> But I suspect you have some other problem, like using the shaper where
>> it's not designed to be used (only supports two interfaces) and seeing
>> unintended consequences because of that.
>
> I use shaper only on one interface, on one vlan in fact, the vlan of public
> access internet.  It may be something else, but at least I'll be more
(Continue reading)

Permalink | Reply | 6 comments |
headers
Chris Buechler | 1 Nov 2009 03:34
Favicon
Gravatar

Re: Re: Hardware upgrade recommendation

On Sat, Oct 31, 2009 at 10:13 PM, Tim Dressel <tjdressel@...> wrote:
> PRO 100's have serious problems in BSD7.
>

That's not true. I know there are issues in combination with some
Adaptec RAID cards but other than that they work fine.

> Is the Pro/1000 better than the Pro/100?  Is the em driver better than fxp?

The gig cards are faster hardware, the drivers no difference really.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 5 comments |
headers
Tim Dressel | 1 Nov 2009 03:57
Picon

Re: Re: Hardware upgrade recommendation

This is the exact issue I had with the PRO100's. I never tried
disabling TSO or applying the patch.

http://security.freebsd.org/advisories/FreeBSD-EN-09:03.fxp.asc

On Sat, Oct 31, 2009 at 7:34 PM, Chris Buechler <cmb@...> wrote:
> On Sat, Oct 31, 2009 at 10:13 PM, Tim Dressel <tjdressel@...> wrote:
>> PRO 100's have serious problems in BSD7.
>>
>
> That's not true. I know there are issues in combination with some
> Adaptec RAID cards but other than that they work fine.
>
>
>> Is the Pro/1000 better than the Pro/100?  Is the em driver better than fxp?
>
> The gig cards are faster hardware, the drivers no difference really.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@...
> For additional commands, e-mail: support-help@...
>
> Commercial support available - https://portal.pfsense.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...
(Continue reading)

Permalink | Reply | 4 comments |
headers
Chris Buechler | 1 Nov 2009 04:24
Favicon
Gravatar

Re: Re: Hardware upgrade recommendation

On Sat, Oct 31, 2009 at 10:57 PM, Tim Dressel <tjdressel@...> wrote:
> This is the exact issue I had with the PRO100's. I never tried
> disabling TSO or applying the patch.
>
> http://security.freebsd.org/advisories/FreeBSD-EN-09:03.fxp.asc
>

That was a regression in 7.2. It's not applicable to 1.2.2-release
(where it isn't applicable) or 1.2.3-RC3 (which has that fix). There
may be some edge case with some specific hardware and rare
circumstances but I've yet to see a problem myself, I'm on at least
2-3 different boxes every week with fxp cards.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 3 comments |
headers
Chris Buechler | 1 Nov 2009 04:28
Favicon
Gravatar

Re: IPSEC Doesnt Work

On Sat, Oct 31, 2009 at 11:22 AM, Koray AGAYA <insanadair@...> wrote:
> I Use Pfsense (1.2.2   built on Sat Jan 17 17:24:57 EST 2009  FreeBSD
> 7.0-RELEASE-p8 i386 )
>
> Error is below Can you help me please ! Ipsec doens't work Why ?
>
> NOTE: I use to both site crosover cable and use same switch, it's distribute
> real IP  I make to site site
>
>
> Oct 28 09:55:28     racoon: ERROR: such policy already exists. anyway
> replace it: 10.0.1.0/24[0] 10.0.0.0/24[0] proto=any dir=in
> Oct 28 09:55:28     racoon: [Self]: INFO: X.X.166.34[500] used as isakmp
> port (fd=15)
> Oct 28 09:55:28     racoon: [Self]: INFO: 10.0.0.1[500] used as isakmp port
> (fd=14)
> Oct 28 09:55:28     racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port
> (fd=13)
> Oct 28 09:55:28     racoon: WARNING: /var/etc/racoon.conf:3: "0660" admin
> port support not compiled in
> Oct 28 09:55:28     racoon: ERROR: such policy already exists. anyway
> replace it: 10.0.0.0/24[0] 10.0.1.0/24[0] proto=any dir=out
> Oct 28 09:55:28     racoon: ERROR: such policy already exists. anyway
> replace it: 10.0.0.1/32[0] 10.0.0.0/24[0] proto=any dir=out
> Oct 28 09:55:28     racoon: ERROR: such policy already exists. anyway
> replace it: 10.0.0.0/24[0] 10.0.0.1/32[0] proto=any dir=in
> Oct 28 09:55:28     racoon: INFO: unsupported PF_KEY message REGISTER
>

This all the logs you ever see?  It's not even attempting to connect,
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ugo Bellavance | 2 Nov 2009 03:06
Picon

Re: Hardware upgrade recommendation

Chris Buechler wrote:
> On Sat, Oct 31, 2009 at 10:57 PM, Tim Dressel <tjdressel@...> wrote:
>> This is the exact issue I had with the PRO100's. I never tried
>> disabling TSO or applying the patch.
>>
>> http://security.freebsd.org/advisories/FreeBSD-EN-09:03.fxp.asc
>>
> 
> That was a regression in 7.2. It's not applicable to 1.2.2-release
> (where it isn't applicable) or 1.2.3-RC3 (which has that fix). There
> may be some edge case with some specific hardware and rare
> circumstances but I've yet to see a problem myself, I'm on at least
> 2-3 different boxes every week with fxp cards.

I'm running 1.2-release on this box (will of course install 
1.2-2-release on the new box.  Does that mean it is affected or not?

Regards,

Ugo

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 2 comments |
headers
Ugo Bellavance | 2 Nov 2009 03:12
Picon

NIC choice

Hi,

	To set replace an old pfsense box, I bought a PC with an Intel Pro/1000 
NIC onboard (em).  In my inventory, I have a 3com 905 (xl) and a Dlink 
538-tx (rl).  Which one of th 3com or Dlink should I use to make sure I 
have the best performance?  The setup is 1 wan (internet), 1 NIC for 
inside networks, with 3 vlans.  I'm using the traffic shaper and BandwidthD.

Regards,

Ugo

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 10 comments |
headers
Chris Buechler | 2 Nov 2009 03:14
Favicon
Gravatar

Re: Re: Hardware upgrade recommendation

On Sun, Nov 1, 2009 at 9:06 PM, Ugo Bellavance <ugob@...> wrote:
> Chris Buechler wrote:
>>
>> On Sat, Oct 31, 2009 at 10:57 PM, Tim Dressel <tjdressel@...> wrote:
>>>
>>> This is the exact issue I had with the PRO100's. I never tried
>>> disabling TSO or applying the patch.
>>>
>>> http://security.freebsd.org/advisories/FreeBSD-EN-09:03.fxp.asc
>>>
>>
>> That was a regression in 7.2. It's not applicable to 1.2.2-release
>> (where it isn't applicable) or 1.2.3-RC3 (which has that fix). There
>> may be some edge case with some specific hardware and rare
>> circumstances but I've yet to see a problem myself, I'm on at least
>> 2-3 different boxes every week with fxp cards.
>
> I'm running 1.2-release on this box (will of course install 1.2-2-release on
> the new box.  Does that mean it is affected or not?
>

The only thing affected were a few 1.2.3 7.2-based snapshots a few
months back before that fix was committed to FreeBSD.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ugo Bellavance | 2 Nov 2009 03:24
Picon

Re: Hardware upgrade recommendation

Chris Buechler wrote:
> On Sun, Nov 1, 2009 at 9:06 PM, Ugo Bellavance <ugob@...> wrote:
>> Chris Buechler wrote:
>>> On Sat, Oct 31, 2009 at 10:57 PM, Tim Dressel <tjdressel@...> wrote:
>>>> This is the exact issue I had with the PRO100's. I never tried
>>>> disabling TSO or applying the patch.
>>>>
>>>> http://security.freebsd.org/advisories/FreeBSD-EN-09:03.fxp.asc
>>>>
>>> That was a regression in 7.2. It's not applicable to 1.2.2-release
>>> (where it isn't applicable) or 1.2.3-RC3 (which has that fix). There
>>> may be some edge case with some specific hardware and rare
>>> circumstances but I've yet to see a problem myself, I'm on at least
>>> 2-3 different boxes every week with fxp cards.
>> I'm running 1.2-release on this box (will of course install 1.2-2-release on
>> the new box.  Does that mean it is affected or not?
>>
> 
> The only thing affected were a few 1.2.3 7.2-based snapshots a few
> months back before that fix was committed to FreeBSD.

Ok thanks :)

Ugo

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
(Continue reading)

Permalink | Reply | 0 comments |
headers
Morgan Reed | 2 Nov 2009 05:17
Picon

Re: NIC choice

On Mon, Nov 2, 2009 at 13:12, Ugo Bellavance <ugob@...> wrote:
>        To set replace an old pfsense box, I bought a PC with an Intel
> Pro/1000 NIC onboard (em).  In my inventory, I have a 3com 905 (xl) and a
> Dlink 538-tx (rl).  Which one of th 3com or Dlink should I use to make sure
> I have the best performance?  The setup is 1 wan (internet), 1 NIC for
> inside networks, with 3 vlans.  I'm using the traffic shaper and BandwidthD.

I'm extremely prejudiced against Realtek (rl) cards because of the
grief I've had with them the past, personally I would toss the rl in
the bin and use the xl, better yet I'd find another em card and use
that ;oD.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 5 comments |

Gmane