pfSense

From Mark Furneaux's Wiki
Jump to: navigation, search

pfSense is a free and open-source networking platform built upon FreeBSD.

Config

A proper config will be added later.

TCP MSS Clamping

Set the MSS field in Interfaces>WAN to 1500 to force clamping so that protocols such as TLS work correctly.

Fixes

If using newer Intel network cards that utilize the em driver, there is a high possibility of an unrecoverable buffer overrun. To reduce the risk, force the kernel to use the maximum buffer sizes on the card(s). This is usually 4MiB.
Edit /boot/loader.conf, add the following 2 lines, and reboot:

hw.em.rxd="4096"
hw.em.txd="4096"

Certain Intel network cards using the em driver or the igb driver require more kernel buffers to work properly.
Edit /boot/loader.conf, add the following 2 lines, and reboot:

kern.ipc.nmbclusters="131072"
kern.ipc.nmbjumbo9="131072"