If it was booting fine in 22.05 you won't be hitting the specific issue described there. However by entering any character at the loader menu there you might end up at the loader prompt requiring pressing enter to continue. You might also hit something earlier in the BIOS.

@dobby_

I can't fight DDOS ... (Only the ISP's can "Scrub those data volumes"
Even back in 2013 i was at a company that had 4 x 100Mbit lines , and they were all flodded.
In the end we had to subscribe to a (rather expensive to activate) "Scrubbing service" at the ISP's.

What i hope for by using two different "implementations" would be :
To avoid some "unknown Zero day exploit" or a "Build error" from the manufactor.

If I GOOF , in implementing rules .. It really depends.
Did i hit wrong button (maybe correctable in the other fw) or did i misunderstand and implemented the same "error" on both systems (not correctable on he other fw).

/Bingo

@cronjoblover

I know "only" a work around that I will using in the next month by my self 😉 because my modem is also usb connected and looses here and there also the connection.
It looks then like this entry here:

Enter an option: ugen0.2: <Sierra Wireless, Incorporated MC7710> at usbus0 (disconnected) u3g0: at uhub2, port 3, addr 1 (disconnected) u3g0: detached ugen0.2: <Sierra Wireless, Incorporated MC7710> at usbus0 u3g0 on uhub2 u3g0: <Sierra Wireless, Incorporated MC7710, class 0/0, rev 2.00/0.06, addr 1> on usbus0 u3g0: Found 6 ports.

And my modem is normally on ugen0.3 and so it comes that I even again and again must go back to the config
and set the new "ugen" up!

I will go with a small RapsBerry Pi 3/4 with daughter board
on top with SIM and that miniPCIe modem and a mSATA
at the bottom site. Then I can connect it to the pfSense
over ethernet! I hope then getting less disconnections.

@steveits said in Last IP of an Alias is not used???:

@furom Tried, can't duplicate.

Alias with 5 IPs in LAN subnet, mine last
rule allow ICMP to pfSense from alias
rule reject ICMP to pfSense from LAN Net

Removed the allow, waited for the state to expire, can't ping.

Interestingly, the test alias does not show up in Diag/Tables until it is used in a rule. Didn't expect that but it makes sense.

Understood, and appreciated. As it has an easy workaround it's really not a big problem. Was just curious if anyone else had the same, and apparently not, which is all good. :) Thanks for testing!

@drg25
I see. You can do this also with single server though, but yes, it might be more clearly, if you set up a separate server for each user group.

With a single server you would have to create a client specific override for each single user to assign an IP out of a smaller subnet of the OpenVPN tunnel to him.
So say your tunnel is 10.0.8.0/24 you can assign the VLAN1 group 10.0.8.64/26 and 10.0.8.128/26 to the VLAN2 group.
In the CSOs you can also specify the "Local Network" to push different routes to the clients and then use the two tunnel subnets as sources in the firewall pass rules.

@vinothvkr
I wrote above that the problem was solved.

A VPN establishes a secure tunnel to your home LAN.
You can act from remote with your mobile device in the same way as you would be at some.
This means you can use for access your devices the same own private IPs (i.e. 192.168.x.x or 172.16.y.y) as at home.
The pfSense routes from the home LAN to the VPN.

Noticed at my end: when being remote and connected by IPsec or Wireguard I need to add a route manually at my Win 10 laptop after connection to home LAN is established. I did put this command in a batch file and thats it.

Things to take care: depending to your country and provider you will have a public IPv4 or may be not.
If not, ask your provider if a public IPv4 is possible.
In our region (Germany) people often reported that without an public IPv4 access from outside is not easy to achieve.

Me too running still without IPv6 🙄 , did not find the time to switch to IPv6 yet.

Regards

@pmagid Second issue first, the DHCP registration is a known issue: https://redmine.pfsense.org/issues/5413#note-50

re: gateway there are options in the System>Routing>(edit the gateway) to force a gateway up, but that doesn't work well with multi-WAN and failover. I've also dealt with unstable connections and it is annoying to tune. One wasn't even the connection it was "some massive upload coming off a Mac that flooded out the WAN" for some unknown reason, possibly a backup?

I wouldn't have expected high CPU usage though.

@keyser

Thanks for the reply! I got lower ram usage like before
and on top a lower cou and swap usage. (After applying
the patch and rebooting I mean)

cpu ram swap usagejpg.jpg

CPU was on ~30 - 60%
ram was on nearly ~91 - 94%
swap was from ~50 - 100%

And on top I never have seen the message (swap pager: out of space)

All is fine now for me.

I have not an APU2 running, but a an APU4D4 and all is running well.

You may have a look here.
pfSense2.jpg pfSense1.jpg

I run a GPS card, a WiFi card inside and a modem (usb)
outside connected and without any problems.

Ah, OK. Yes, that was almost certainly it. I was unable to replicate it here using any combination of selected interfaces.

@52buickman said in Netgate 4100 - 23.01 upgrade experience:

Before upgrading, I saw several packages needing upgrading. The upgrades failed

Yeah, don't ever do that. Uninstall packages before an upgrade, or leave them. Many/most packages leave their settings. We generally uninstall the "big" packages like Suricata and pfBlockerNG, and leave those like apcupsd.

If you are not on the latest version and need to install a package change the update branch to Previous Stable Version.

Somewhere I did see posts that PHP errors during the upgrade are to be expected. The pfBlocker version available at release also had a bug causing a PHP error at installation.

@dobby_ if the vlan was not set, it wouldn't work at all. I will leave this in the state of monitoring now to assess if the problem has now been solved. thanks for your thoughts.

@najm Remotely as in you’re not there? If you had an HA setup then Internet would still work, otherwise…

Unless something went catastrophically wrong it shouldn’t be asking for anything though.

Ok, no problem. I'll wait to hear if you're able to replicate it.

@t41k2m3 -- most likely needs this patch applied:
ff715efce5e6c65b3d49dc2da7e1bdc437ecbf12

You don't need a backup of those files. If you are on Plus with ZFS then that is all handled via ZFS Boot Environments, you can boot back into 22.05 if need be.

If you aren't using ZFS, then you'd just reinstall 22.05, make sure the update branch is set to stay on 22.05, then restore the config and it should keep pulling 22.05 packages in.

@nollipfsense said in Got T-Mobile 5G Home Internet:

Are they blowing smoke up my rare end?

Maybe it needs to be cooked a bit longer. 😉

In order to use VoIP behind NAT, STUN is used. This provides the public address of wherever you hit the Internet. Also, I don't know that most residential users are behind CGNAT, though many are. Cell network connections usually are.

Thanks @stephenw10 That was it. A collegue had reduced that because of a packetloss issue. Works fine now everywhere. I really appreciate your fast and rewarding answer.