Messages

Glad to hear it working great for you. I also find it worth using a known good speedtest server.

I usually try and use http://ovh.net as I know all their test locations are 10gbit connections, if speedtest.net is looking to give odd/varying results.

"ovh.net" does not even open for me in the browser, is that a public speedtest service by the way?

If pppoe is out of question, you may win the 500Mbit/sec battle (but not the big 1Gbit war, hehe).

What is seriously limiting the performance, is the NAT function done via the "pf". If you can, you may experiment with 2 local PC: connect 1 directly to the WAN leg of the APU, and connect the other PC directly to the LAN leg of the APU, and try to do pure routing with NAT disabled and proper IP subnets assigned to each PC and the APU intrefaces.
Also in my experience, upload speed was much higher via NAT, than the download speed, for an unknown reason.
Good luck, and share any results, somebody may benefit from it.

Welcome to the club of dissappointed Pcengines APU2-3-4-5-6-... owners :)

It would be great to highlight these trapmines, as the average APU owner goes to Techlager.se or to some random Calomel article e.g. https://calomel.org/freebsd_network_tuning.html -> and apply the performance optimization sysctl-s that were relevant only for an older v10 or v11 freebsd release, and the current fbsd / hbsd / opnsense release runs v12.x, and benefit near-0% from them.

My problem, when I enabled MFS was also the loss of vnstat history and the vnstat db got corrupt and had to do DB reset every single time the system booted.
The "solution" suggested from one of the opnsense devs was, to turn off MFS. Then do a reboot. Then turn ON the MFS, then reboot again. Suddenly, the vnstat database was relocated under the folder /root/var/lib/vnstat (dont ask me how it happened, I think it was some faulty race condition or sthg similar mistake), so in fact it remained on permanent storage. So the issue has been "fixed" so to say.
On another opnsene with MFS this same vnstat+MFS issue still persist even today, but the MFS turn ON and then OFF then ON again did not fix it the same way. So after every reboot I have to always reset the DB, otherwise the vnstat service fails to start.
Seems nobody else in the community is affected. Or nobody is using MFS + vnstat on the same system. Or simply nobody else reported this issue after all...

Thanks. Another nail in the "ipsec transport mode on fbsd" coffin.

This will disable all throttling and lock the CPU at 1.4GHZ

-> This is plain incorrect. The CPU is only 1.0Ghz fast, and core performance boost can increase only 1 core, and this one only up to max 1.4Ghz, and only for a short moment of time. Then it will get back to 1.0Ghz.
Throttling can decrease the clockspeed of all cores down to 800Mhz or the minimum 600Mhz.

Sorry to spam your thread:

how can I measure the write amount of the SSD? I have setup MONIT, and it shows read and write statistics. But my /var and /tmp is on ramdrive, and I am not sure if the root FS stats exclude the /var and /tmp amount from that?

I get what you mean. I am more or less familiar with the (complex) nature of multicast. Ok, its not the igmpproxy responsibility, to describe how to make it work under the Opnsense firewall. Then who should be the producer of such a guide, e.g. : how to send multicast traffic between Site-A and Site-B (back and forth), when there are Opnsense routers (1 or more) between the sites, connected via e.g. IPSEC VPN tunnel? Firewall is obviously in the picture, I guess there is a very good chance >99,99% of the opnsense users do use the firewall feature, so there is no real reason not to consider that part of the setup.

Sorry if it seems offtopic, but igmp proxy would require a LOT of documentation. As today practically its an undocumented piece of software. And I mean NOT source code level COMMENTING, but enduser level human readable DOCUMENTATION.

subscribe...

These tips and suggestions should be part of the official docs page, under the troubleshooting section. Because what is there currently, is less than practial, no matter who is reading it.

and if usb is not a good enough alternative are there any cheap alternatives would an SD card trough a reader be better

What kind of interfaces do you have available on your G4? A new SATA SSD (128GB) costs about $20 on Amazon.

Does your G4 support m.2 SSDs?
I bought 32GB m.2 SSD for $6 off Ebay. That size is plenty for basic usage + VPN which is what I am using that box for.

The entire opnsense setup -- HP T730 (used) + i340-T4 NIC (used) + 32GB m.2 SSD (used) --  cost me only $126 USD.

HP proliant G4 server are from 2004-2008 timeframe. M.2 wasnt even in the dreams of its inventors...

The best solution is to get a written(!) assurance from Deciso, what traffic their hardware can do. That way you can demand the promised performance for your money, if it turns out thweir hardware underperforms. Otherwise any vendor on the planet can say literally anything they are not shy to say. As you cant depend on generic  marketing PDFs.

check this forum for the "APU2 stuck at 600Mhz" issue:

https://github.com/pcengines/coreboot/issues/457

Regarding the policy based ipsec enablement immediately halves the throughput even if the traffic is bypassing the vpn tunnel, is very concerning. I also have some policy based vpn tunnels, so it may further limit my WAN speed, even if that traffic is not getting routed into the vpn tunnel. Big mess, I have to say, and years can pass by without resolution :(

If the business edition can be freely downloaded from download
opnsense.com, its the installation phase / post-install activation phase which is blocked until a valid license key is entered?