Yes you should be able to access it be just assigning the VLAN parent interface and setting it in the same subnet as the modem admin page. As long as that doesn't conflict with any existing subnet on the firewall.

@stephenw10 said in Awfully slow transfer speeds from remote NAS over ZeroTier: Yup good to know that about zerotier, I wouldn't have thought it was required. According to the documentation, it is not required for holepunching, but they do refer to challenges with symmetric NAT. https://docs.zerotier.com/corporate-firewalls/#:~:text=Default%20zerotier%2Done%20listening%20ports,ZeroTier%20hole%20punching%20to%20work)) @rheuer22 Perhaps try to set Static Port (Hybrid outbound rules), to see if that has a similar effect?

@patient0 said in /mnt folder question: @Gertjan a bit further up stephenw10 wrote: I'm pretty sure the efi partition is mounted there to test at upgrade for example. ... that's why. That's why I replied ... it wouldn't mount in /mnt but somewhere in /mnt/somewhere/ That is, that is what I hope. Because, if not .... dono, that feels pretty dirty to me. What if I have a USB drive mounted (also) with my config.xml ? Anyway, just thinking out loud here.

@SteveITS "sleep 60...." did it, thanks! Tested with a reboot and it did not sleep the reboot process either. Status > OpenVPN also shows the time (re)started correctly. Much appreciated and thanks to everyone for their help!

@dacuda said in Migrating 24.03 to New Hardware: I originally was on CE, and took advantage of the free upgrade to plus when it was previously available. I was on the very similar boat and if you on free-upgrade (CE -> Plus) then tac-support won't do it. I was told that free upgrade is tied to the H/W, hence cannot be transferred. -S

@JonathanLee I'm sure someone with longer and deeper understanding of pfSense will be able to answer that.

Hmm, odd. The routes should be added by the daemon when it connects as long as they are defined in tailscale as I understand it. But, yes, the tailscale interface is not expected to ever be assigned. It is not bypassed by the interfaces check at boot so will throw an error.

@viragomann oh yeah that can be on my pi‘s I have virtualmin! I‘ll change that up Adressen on the pi!

So - I added an Intel Pro 1000 - 4 port 1G NIC - and all is well. Realtek disabled in the bios. Life is good. Lesson learned. All functions normal... Thanks to all who helped.

@stephenw10 I’ve been running on “previous stable” firmware. In response to this most recent drop I upgraded firmware on this SG2100 from 2403 to 2411, removed or disabled several non-essential add ons, and disabled gateway monitoring entirely. crosses fingers

Updated my unofficial guide if anyone else wants to try this here is a short guide for you. https://forum.netgate.com/topic/195843/unofficial-guide-have-package-logs-record-to-a-secondary-ssd-drive-snort-syslog-squid-and-or-squid-cache-system

Patch issued https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/714ecd70d2db2fc45273cbf44e9ea6a6008e828b Success! Thanks

Yup if it is a bug it's in pfBlocker I would think. It should be here: https://redmine.pfsense.org/projects/pfsense-packages/issues Not seeing anything current for duplicate rules there.

Are the additional IPs in the WAN subnet? If so then add VIPs on the WAN and forward traffic from those to hosts in the DMZ. If your additional IPs are routed to you using a different subnet you have more options. https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html Steve

@johnpoz Found the issue I had to setup the right dhcp6 prefix in wan and enable ipv6 in the network now the server was able to reach map so the issue is that the ubuntu server seem to use primary the ipv6 instead of the ipv4 that they get!

@stephenw10 so do I, not felling good when see it.

Tailscale is a great option as @michmoor mentioned. It also depends on your organizations goals and whether or not you are just going to do ZTNA or go with full SASE (which incorporates ZTNA but is far more expensive). The later is arguably better, but it's a lot more work and money and still has some limitations.

@stephenw10 rats. Thanks for the quick response.

@josh44 Or this : [image: 1735840109472-7045020e-83c1-40e3-97a1-6ffe4823e552-image.png] Install pfSense, and you can see it right away. Or this [AWS - Howdy Partner | The Multi Instance Management (MiM) controller](AWS - Howdy Partner | The Multi Instance Management (MiM) controller ( I guess )) Didn't know it was already released.

@Gertjan Sorry its a typo, its should read 10Gb.