Thanks all for the feedback.

===
UPDATE: Protectli suspects that it's a race condition in igc(4). According to them OpenBSD's igc might not be as stable as the driver for Linux.
===

I received a brand new Protectli VP2430 yesterday and it felt very solid. I've installed OpenBSD 7.7 stable and have been testing it by running ssh vp2430 'cat /dev/random' >/dev/null the whole night and most of today. First from one host it reached 72 MByte/sec with a load of 1.6. Then added another ssh session and it topped at 118 MByte/sec with a load of 3.8. It got quite hot but I could still hold my hand on it without burning.

This was all over igc0, then I started testing on igc1 with a MTU of 1420 (but the VPN server was another host) and after about 4 hours I got a kernel panic. I'm not sure if it has anything to do with igc(4):

*cpu2: vmmaplk rwlock 0xfffffd8401c63698: enter read deadlock
ddb{2}> trace
db_enter() at db_enter+0x14
panic(ffffffff82553cb9) at panic+0xdd
rw_do_enter_read(fffffd8401c63698,0) at rw_do_enter_read+0x175
uvmfault_lookup(ffff800048a9f3b0,0) at uvmfault_lookup+0x8a
uvm_fault_check(ffff800048a9f3b0,ffff800048a9f3e8,ffff800048a9f418,0) at uvm_fault_check+0x38
uvm_fault(fffffd8401c635b0,6cc016ed000,0,1) at uvm_fault+0xed
kpageflttrap(ffff800048a9f530,6cc016ed024) at kpageflttrap+0x158
kerntrap(ffff800048a9f530) at kerntrap+0xaf
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
uvm_map_uaddr(6cc016ed000,6cc016ed000) at uvm_map_uaddr+0x1e
uvm_map_splitentry(fffffd8401c635b0,6cc016ed000,6cc016ee000,0) at uvm_map_splitentry+0x20b
sys_mprotect(ffff800048a847f0,ffff800048a9f7d0,ffff800048a9f740) at sys_mprotect+0x17c
syscall(ffff800048a9f7d0) at syscall+0x5ec
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x701102e59f30, count: -14

$ pkg_info
intel-firmware-20250512v0 microcode update binaries for Intel CPUs
inteldrm-firmware-20250509 firmware binary images for inteldrm(4) driver
quirks-7.103        exceptions to pkg_add rules
symon-2.89p0        active host monitoring tool
updatedb-0p0        pkg_add speed up cache
vmm-firmware-1.16.3p0 firmware binary images for vmm(4) driver

https://dmesgd.nycbug.org/index.cgi?do=view&id=8380

#Protectli #OpenBSD

/cc @mischa @dartov @tomka @wickedshell @treefifty @AFresh1

@AlexanderMars We've partnered with the fine folks at #Protectli to develop a fully open source and hardened system based on #HardenedBSD. You can find the original post here: https://hardenedbsd.org/article/shawn-webb/2024-09-23/hardenedbsd-and-protectli-collaborates-censorship-and-surveillance

@gadgetboy nice hardware ! I use #Protectli hardware to get #Coreboot + TPM out of the box. A bit pricier but worth it IMO. Check this guy's #OPNsense playlists to get started (including Wifi): https://www.youtube.com/@homenetworkguy/playlists

The #WageNet now consists of 4 #Dell Precision T7810 #servers running #ProxMox, an older #Protectli Vault acting as an antenna TV tuner, and a newer Protectli Vault running #pfSense.

Behold the power of the WageNet.

Hey fedi #HomeLab peeps, what do you all make of #Protectli appliances. Looking to add a hardware #firewall running #OpenSense, but they have so many configurations. Budget ~$250 at some points would be running non-stop as home office production firewall.

New House Projects – Network 2.0

Ok - So, take one of this project didn't go as planned. I don't regret the choices I made, and while I'm very happy with how everything is working today. it's not the setup I had hoped for. So, where did I end up?

Firstly - I ended up ordering a firewall from Protectli, the VP2420, which I ordered with Coreboot BIOS. Performance has been great, it was easy to setup, and the

https://topslakr.com/2025/01/new-house-projects-network-2-0/

#Topslakr #HomeLab #WiFi #Protectli #TPLink

Ha! Been struggling getting my #live #antenna #TV working right with #Jellyfin tonight so we could watch a live #countdown for #NYE tonight. Unfortunately Jellyfin doesn't have access to a GPU for #transcoding (#VM in a CPU-only #server). Using a dual-core #Protectli device for the antenna ingestion. Neither machine doing well transcoding. Finally figured it out by having #TVHeadend copy the video codec from the antenna and transcoding the audio to #AAC locally. Load is about 20% each, now. :D

My #Protectli internet #router died after 8 years of service. #RIP.

It took 3 days for a new unit to arrive. After much struggle, I have recovered my old settings and my #network (including this #Mastodon server) is back.

#mastoadmin #admin #networkadmin

If anyone out there is having issues on a #homelab #Proxmox machines with #Intel NIC's... In my case on a couple of #Lenovo M710q's with #I219-V, an Intel NUC10i3FNB with the same, and a #Protectli VP2420 with 4 * #I225-V. The solution for me so far (and I've not seen any performance impact though I've not _really_ looked hard so don't trust this for production) is popping the below after your 'iface eth0 inet manual' line. In my case of course I'm hanging everything else off a bridge onto that interface (vlans and what have you), or passing the PCI-E device to a VM, so adapt as you need. This came from a site somewhere but I cannot find the source any more.

post-up /usr/bin/logger -p debug -t ifup "Disabling segmentation offload for ${IFACE}" && /sbin/ethtool -K $IFACE tso off gso off && /usr/bin/logger -p debug -t ifup "Disabled offload for ${IFACE}"

Current status: timing how long it takes to build #HardenedBSD 15-CURRENT/amd64 on a #Protectli FW4B.

Perhaps I should grab a pizza.

HardenedBSD and Protectli Partner to Build a Censorship-Resistant Mesh Network #Hardenedbsd #Protectli #Firewall #Unix
https://ostechnix.com/hardenedbsd-and-protectli-partner-to-build-a-censorship-resistant-mesh-network/

@darth I maintain a soft fork of #OPNsense based on #HardenedBSD. I use a #Protectli VP4670.

I can't recommend Protectli enough. Amazing hardware and awesome customer service.

The #HardenedBSD Foundation and The HardenedBSD Project are happy to announce a collaboration with #Protectli to research and develop a censorship- and surveillance-resistant mesh network: https://hardenedbsd.org/article/shawn-webb/2024-09-23/hardenedbsd-and-protectli-collaborates-censorship-and-surveillance

#infosec #HumanRights #HumanRightsTech

Here we see a hardware donation from the fine folks at #Protectli. They have donated 4xFW4B devices to support our next foray into #HumanRightsTech.

Early in 2025, the #HardenedBSD project plans to put in a concerted effort at developing a censorship- and surveillance-resistant mesh network.

More details will come in a future official announcement from the HardenedBSD project.

#infosec

#Firewall wird auf ein #Protectli #Barebone betrieben.

@josephholsten @fellmoon @dexter @normis @coreboot I would agree with that assessment.

Sad to have seen PC-Engines go the way of the dodo. I'm all the more grateful for #Protectli for filling the void by providing quality hardware.

This I learned: #Protectli offers @coreboot

https://protectli.com/product-comparison/

And "BSD"

@torarg What kinds of speeds are you getting through Protectli and which device do you have?

#OpenBSD #Protectli

Die Frage stellt sich mir ob ich mir eine "Hardware" China Firewall (Barebone) kaufe oder was aus den USA?!

Pro China:
Billig, mehr Leistung fürs Geld

Kontra:
China, unklar wie es zusammen gebaut wurde, unklar wie die Wärmeleitfähigkeit umgesetzt wurde. Unklar Produkt Qualität. Leistung und Stromverbrauch.

Im Internet gibt es Stimmen die brechen in jubeln aus und andere raten komplett ab also darauf kann man nicht setzten.

Das Ami Teil ist von der Marke #Protectli

Updated #OPNsense from 23.7.12 -> 23.7.12_5 -> 24.1_1 -> 24.1.1

- took 20 minutes on #Protectli FW4B
- 1 automatic reboot
- 1 manual reboot to get internet connectivity back

🏷️ #HomeLab