@52buickman said in Netgate 4100 - 23.01 upgrade experience: Before upgrading, I saw several packages needing upgrading. The upgrades failed Yeah, don't ever do that. Uninstall packages before an upgrade, or leave them. Many/most packages leave their settings. We generally uninstall the "big" packages like Suricata and pfBlockerNG, and leave those like apcupsd. If you are not on the latest version and need to install a package change the update branch to Previous Stable Version. Somewhere I did see posts that PHP errors during the upgrade are to be expected. The pfBlocker version available at release also had a bug causing a PHP error at installation.

@dobby_ if the vlan was not set, it wouldn't work at all. I will leave this in the state of monitoring now to assess if the problem has now been solved. thanks for your thoughts.

@najm Remotely as in you’re not there? If you had an HA setup then Internet would still work, otherwise… Unless something went catastrophically wrong it shouldn’t be asking for anything though.

Ok, no problem. I'll wait to hear if you're able to replicate it.

@t41k2m3 -- most likely needs this patch applied: ff715efce5e6c65b3d49dc2da7e1bdc437ecbf12

You don't need a backup of those files. If you are on Plus with ZFS then that is all handled via ZFS Boot Environments, you can boot back into 22.05 if need be. If you aren't using ZFS, then you'd just reinstall 22.05, make sure the update branch is set to stay on 22.05, then restore the config and it should keep pulling 22.05 packages in.

@nollipfsense said in Got T-Mobile 5G Home Internet: Are they blowing smoke up my rare end? Maybe it needs to be cooked a bit longer. In order to use VoIP behind NAT, STUN is used. This provides the public address of wherever you hit the Internet. Also, I don't know that most residential users are behind CGNAT, though many are. Cell network connections usually are.

Thanks @stephenw10 That was it. A collegue had reduced that because of a packetloss issue. Works fine now everywhere. I really appreciate your fast and rewarding answer.

@jasonreg You can use any subnet on any interface you want, as long as it doesn't conflict with any other interface.

There is a working fix here.

Yup, a real external switch is almost always the better choice here. Only use a bridge if you need to filter between two network segments in the same subnet. That said is should be possible to add ports to a bridge. If you're not using the ports for anything else and the traffic across the bridge will not be too large it would probably be fine. Steve

You can still install 23.01 clean on them right now. The upgrades to them will be re-enabled shortly once we have fully tested the additional checks we added to prevent the EFI loader issue that some older installs were hitting. Those are both still current devices. https://www.netgate.com/support/product-lifecycle Steve

@manojc It has been asks in the past ... https://redmine.pfsense.org/issues/1574 But isn't this actually a non issue ? With the login protection settings you can bring password guessing to a halt : System > Advanced > Admin Access You can also decide not to use the LAN network for regular , and have all devices connected to other OPTx LAN type networks, and then add all devices to these OPTx interfaces. Firewall rules for these interfaces forbid GUI and SSH access to pfSense.

Not really. You might be able to do something with Squid but it would be a very complex setup and likely not what you're looking for. Steve

@heimire Move the rules? One option is to search and replace in the config file and restore again. You can also edit each rule, or copy selected rules to a different interface.

@dobby_ said in Yea yea I know, RealTek isn't reliable on PFSense..: It all depends also on the support from the company that is producing that card and how open they are to the open source community, or how much they are willing that others write drivers for their devices. RealTek has drivers for FreeBSD - that are updated - here: https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-pci-express-software So they are available for compiling and inclusion into FreeBSD and therefore should be part of PFSense updates, no? NB: OPNSense provides updated drivers. There is also a plug-in that you can install for RealTek support. To solve my problem I downloaded the RealTek kernel module from OPNSense and installed it. I mean, if they can do it.. ? https://pkg.opnsense.org/FreeBSD:12:amd64/snapshots/latest/All/realtek-re-kmod-196.04.txz ; pkg install -f -y realtek-re-kmod-196.04.txz Maybe the answer is for the vast number of RealTek cards out there and the people using them, to just use OPNSense.

Thanks guys, then I'll leave it at that. Thanks for sharing :)

@joda We are now in 2023 and this solution has solved my my problem, I replaced the switch with an old 100 mbps switch and it has worked. What I am thinking about right now is to confer SET (Switch Embedded Team) with one Team Member Port in Hyper-V, after that I think I could use my 1GB switch. Thanks alot!

@jimp The fix has been applied successfully on both appliances, the issue is fixed. Thank you