A VPN establishes a secure tunnel to your home LAN. You can act from remote with your mobile device in the same way as you would be at some. This means you can use for access your devices the same own private IPs (i.e. 192.168.x.x or 172.16.y.y) as at home. The pfSense routes from the home LAN to the VPN. Noticed at my end: when being remote and connected by IPsec or Wireguard I need to add a route manually at my Win 10 laptop after connection to home LAN is established. I did put this command in a batch file and thats it. Things to take care: depending to your country and provider you will have a public IPv4 or may be not. If not, ask your provider if a public IPv4 is possible. In our region (Germany) people often reported that without an public IPv4 access from outside is not easy to achieve. Me too running still without IPv6 , did not find the time to switch to IPv6 yet. Regards

@pmagid Second issue first, the DHCP registration is a known issue: https://redmine.pfsense.org/issues/5413#note-50 re: gateway there are options in the System>Routing>(edit the gateway) to force a gateway up, but that doesn't work well with multi-WAN and failover. I've also dealt with unstable connections and it is annoying to tune. One wasn't even the connection it was "some massive upload coming off a Mac that flooded out the WAN" for some unknown reason, possibly a backup? I wouldn't have expected high CPU usage though.

@keyser Thanks for the reply! I got lower ram usage like before and on top a lower cou and swap usage. (After applying the patch and rebooting I mean) [image: 1677277095719-cpu-ram-swap-usagejpg.jpg] CPU was on ~30 - 60% ram was on nearly ~91 - 94% swap was from ~50 - 100% And on top I never have seen the message (swap pager: out of space) All is fine now for me.

I have not an APU2 running, but a an APU4D4 and all is running well. You may have a look here. [image: 1677276226455-pfsense2.jpg] [image: 1677276226403-pfsense1.jpg] I run a GPS card, a WiFi card inside and a modem (usb) outside connected and without any problems.

Ah, OK. Yes, that was almost certainly it. I was unable to replicate it here using any combination of selected interfaces.

@52buickman said in Netgate 4100 - 23.01 upgrade experience: Before upgrading, I saw several packages needing upgrading. The upgrades failed Yeah, don't ever do that. Uninstall packages before an upgrade, or leave them. Many/most packages leave their settings. We generally uninstall the "big" packages like Suricata and pfBlockerNG, and leave those like apcupsd. If you are not on the latest version and need to install a package change the update branch to Previous Stable Version. Somewhere I did see posts that PHP errors during the upgrade are to be expected. The pfBlocker version available at release also had a bug causing a PHP error at installation.

@dobby_ if the vlan was not set, it wouldn't work at all. I will leave this in the state of monitoring now to assess if the problem has now been solved. thanks for your thoughts.

@najm Remotely as in you’re not there? If you had an HA setup then Internet would still work, otherwise… Unless something went catastrophically wrong it shouldn’t be asking for anything though.

Ok, no problem. I'll wait to hear if you're able to replicate it.

@t41k2m3 -- most likely needs this patch applied: ff715efce5e6c65b3d49dc2da7e1bdc437ecbf12

You don't need a backup of those files. If you are on Plus with ZFS then that is all handled via ZFS Boot Environments, you can boot back into 22.05 if need be. If you aren't using ZFS, then you'd just reinstall 22.05, make sure the update branch is set to stay on 22.05, then restore the config and it should keep pulling 22.05 packages in.

@nollipfsense said in Got T-Mobile 5G Home Internet: Are they blowing smoke up my rare end? Maybe it needs to be cooked a bit longer. In order to use VoIP behind NAT, STUN is used. This provides the public address of wherever you hit the Internet. Also, I don't know that most residential users are behind CGNAT, though many are. Cell network connections usually are.

Thanks @stephenw10 That was it. A collegue had reduced that because of a packetloss issue. Works fine now everywhere. I really appreciate your fast and rewarding answer.

@jasonreg You can use any subnet on any interface you want, as long as it doesn't conflict with any other interface.

There is a working fix here.

Yup, a real external switch is almost always the better choice here. Only use a bridge if you need to filter between two network segments in the same subnet. That said is should be possible to add ports to a bridge. If you're not using the ports for anything else and the traffic across the bridge will not be too large it would probably be fine. Steve

You can still install 23.01 clean on them right now. The upgrades to them will be re-enabled shortly once we have fully tested the additional checks we added to prevent the EFI loader issue that some older installs were hitting. Those are both still current devices. https://www.netgate.com/support/product-lifecycle Steve

@manojc It has been asks in the past ... https://redmine.pfsense.org/issues/1574 But isn't this actually a non issue ? With the login protection settings you can bring password guessing to a halt : System > Advanced > Admin Access You can also decide not to use the LAN network for regular , and have all devices connected to other OPTx LAN type networks, and then add all devices to these OPTx interfaces. Firewall rules for these interfaces forbid GUI and SSH access to pfSense.

Not really. You might be able to do something with Squid but it would be a very complex setup and likely not what you're looking for. Steve