Messages

The X710-T2 is still at ~235€. I think that is a little steep when a full mainboard costs less. The XG-C100C can be had for 63€ shipped.

Yes, I tried. But it actually is a catch-22: Without the driver (which does not load because of the PCI ID) you cannot use the flash tool. And you need the flash tool to change the PCI ID. The only way to make it work it to use the standalone UEFI flat tool aqflash.efi.

Aquantia themselves once had these tools, but they discontinued it. The only way to get them is from Asus, because they had these chips on some motherboards. But their site was down over the weekend.

After all, the AQC107 uses much more power than the newer AQC113C and I will get one this week...

See #14. I have contacted Asrock tech support about this, but for what I am reading about both B550 and X570, PCIe problems are reported all over the internet. Those chipsets are themselves problematic, as it seems.

Maybe it is time for a better system - this would involve buying DDR5, though. So, at current prices, I will make do with the new NIC first.

[gen: 3 speed: 8 GT/s lanes: 1]

Interesting, actually, the RTL8126 is a PCIe 3.0 card - and it runs like that on your board:

    v: 10.016.00 modules: r8169 pcie: gen: 3 speed: 8 GT/s lanes: 1 port: e000

So it seems the instability is with PCIe 3.0 as well with my X570 board.

I use apps and games that are only available on Windows. Besides, this is a hardware issue.

1. What was hacked seems to be your Windows 11 PC, not OpnSense. Why? Because it does not even make sense to install a .bat file there. Which hacker in his right mind would try to install a payload for a Windows PC on a FreeBSD box?

2. How do you know what the way of intrusion was? "Hacked through 2.4G wifi" can mean anything. I would argue that you surfed the wrong websites and the infection was via a browser exploit.

Nothing of this is inherently linked to OpnSense, so the thread title is misleading. Unless, of course, you expect OpnSense to protect your end devices from OSI layer 8 problems... ;-)

I think that is a misconception. Realtek advertises those AT variants as being either PCIe 4.0 x1 or PCIe 3.0 x2, but that is only to show its capability to support the full needed bandwitdh with PCIe 3.0 mainboards (provided that they have at least 2 free lanes).

Matter-of-fact, the cards will train at the highest speed they can find. That is just how PCIe works.

So, if you put them into a PCIe 4.0-capable system, they will use PCIe 4.0 x1, regardless. he only only you have on a PCIe 4.0-capable system is to limit the slot to PCIe 3.0 only. Givingg the card more lanes is not gonna cut it.

As it turns out, these Realtek adapters are on the edge of the PCIe 4.0 specification and the X570 chipset is known to be finicky as well. You may have better luck with other mainboard chipsets.

I am already on the second but last one and considering the risk for my system and the restoration time I would be looking at, I am not willing to take that risk any more.

Actually, I had quite a zoo of these adapters over time, which do not help my situation at all.
This is because the cabling in my flat is so bad that I need 5 Gbps NBase-T to work reliably.

I actually got two Intel adapters when they came out at half price - AFAIR, they were $800 each at regular price. Those were even full cards.

Then, I used X540. but those can do only 1/10 Gbps.

After that came a Buffalo LGY-PCI-MG, which is an AQC107. This never worked quite right. I also cannot load either newer Aqantia driver nor update the firmware, because Buffalo used an exotic PCI ID. It is a catch-22.

I also had an older ASUS XG-C100C with the AQC107.

Now I have a X550-T1, which I bought a few years ago, only to learn now that there are several variants (AT, AT2, BT2). I was able to flash to the newest firmware, but that does not help, because my specimen, like many other china ones, is a revision 1, which physically cannot do N-Base-T. With 10 Gbps, these things get so hot that they start to drop packets when the are under load and they take a boatload of power (~8 Watts). For NBase-T, you need both a revision 2 and current firmware.

My experiments with the newer Realteks RTL8126 and RTL8127 are now documented above. Maybe it would be wise to get an RTL8127AT, which can use more than one PCIe lane, but I think that in a PCIe 4.0 x4 slot, they will prefer PCIe 4.0 x1 over PCIe 3.0 x2 (they can do both) and cause the same problems.

And just now I have ordered a new Asus XG-C100C V3, which uses the AQC113C and finally should do the trick... mind you, that is only for Windows, not for FreeBSD, as it appears.

I do that primarily because of performance on all VMs, but it may help in high-load scenarios as well.

Yes, I know that there is a specific problem - yet I think it would be better working towards a solution in OpnSense than to use external scripts.

Did you enable multiqueue on the VM's network interfaces?

Are you aware that ddclient is on its way out as discussed here and that it has long be superseded by the native backend for os-ddclient?

This native backend already supports deSEC.

Are you aware that ddclient is on its way out as discussed here and that it has long be superseded by the native backend for os-ddclient?

This native backend already supports deSEC.

Try "bridge-mcsnoop 0".