Tailscale is a great option as @michmoor mentioned.

It also depends on your organizations goals and whether or not you are just going to do ZTNA or go with full SASE (which incorporates ZTNA but is far more expensive). The later is arguably better, but it's a lot more work and money and still has some limitations.

@stephenw10
rats. Thanks for the quick response.

@josh44

Or this :

7045020e-83c1-40e3-97a1-6ffe4823e552-image.png

Install pfSense, and you can see it right away.

Or this [AWS - Howdy Partner | The Multi Instance Management (MiM) controller](AWS - Howdy Partner | The Multi Instance Management (MiM) controller ( I guess ))

Didn't know it was already released.

@Gertjan

Sorry its a typo, its should read 10Gb.

The T-Mobile device was delivered late Monday and initially configured as standalone yesterday morning. I live about 1/2 mile line of sight from the cell tower. My 5G phone normally gets 1.2gb to sometimes 1.4gb

The T-Mobile internet standalone ran at the mid to high 800s without testing too hard. All sites in the house that would be good as a location for the device tracked about the same. My Comcast internet now is 500mb. So, not too bad so far. T-Mobile is said to put home internet on the 2nd lowest priority. After you hit the data cap you go down to the bottom until the next month.

Thanks to the wire tester, finding the cat6 wire took more time to set up than to select the proper wire. T-Mobile as a pfSense WAN source fired up by the time I cleaned up after myself.

Wired internet speeds dropped to the mid 400s. Pretty big but I was considered downgrading to 300 mb on Comcast if I stay with them. 2025 prices go up a lot. Still pretty good.

Now it's a reliability test. I left the old wire from the cable modem just dangling there so it should take a few seconds to switch back.

OK, as I write this, my T-Mobile wired internet just dropped. It was up for maybe 5 minutes. I wrote the above immediately after hooking it up. I finished using T-Mobile wireless - this pc is normally wired in the area serviced by the controversial MOCA. Far away from the device. T-Mobile delivered a very weak signal. Entirely unacceptable for any form of home network. The AX-21 Access Point always delivers a very strong wireless signal to this room.

Correction - the wireless just dropped too. Back to the basement. Comcast fired back up almost immediately as WAN.

Guess what's going back to T-Mobile later this week. OK Comcast, you win this time. The free 15 day trial came in handy. Back to negotiating a new contract later.

Edit a few hours later: The T-Mobile device has been returned.

I remembered fiber was installed in my neighborhood last year. The company confirmed by chat it is available at my house. One week lead time should work. Symmetrical gigabit for $50 a month for first year and $65 a month thereafter. No data caps. Lower price than Comcast for similar download speed. Free ONT. No install charge. No bad reviews anywhere.

Hmm, OK well it either has an ARP entry or a route for that device then. It should be sending directly since it's in the same subnet.

Something must be blocking it.

You're right. The cert the firewall attempted to use is missing. Login SSH, restore the configuration prior to the upgrade. Rebooted back on RELEASE 24.03, Login to the GUI and removed the missing cert ... upgrade from 24.03 to 24.11 again ... and voila, upgrade is successful!!

Ah, nice result!

Yes if you had some other router that resolved to the same IP and then use that same URL after swapping in pfSense it will show a rebind error.

@jmmm Were you ever able to solve your IPv6 issues while bypassing the ATT modem? I followed the pfSense recipe. IPv4 works great, but IPv6 devices cannot access DNS nor can the pfSense instance access the Netgate servers for updates and packages.

I mean it could be the device testing from has it set incorrectly. Just seeing IPs from two halves of the /24 like that (assuming it is) screams subnet mask to me.

I assume you have that lib but it's the wrong version?

You probably need to upgrade mongodb since installing an old lib is unlikely to work IMO.

Mmm, I would expect it to sometimes end up on the 2.5G link if you repeat the test though.

However bridged connections can behave oddly.

Yes that's true, the on-board switch only supports load-balance LAGGs which is not useful in that situation. The NIC connected to it cannot pass the additional bandwidth and it doesn't provide any redundancy.

The only way you could do it would be using the WAN port and one of the LANs with VLANs run over it. But that's also unlikely to give you anything useful!

Ah, it's an 1100? You're probably hitting a RAM limit.

Try uninstalling any packages before upgrading. You can re-install them afterwards and the settings will be retained.

What version did you upgrade from?

@xvicarious said in Upgrade Heck, left with a broken ICU, package itself broken:

it points of course to libicuio.so.73.2. And that... Is only there in spirit.

You don't see ibicuio.so.73.2 either on your system or in the pkg?

It should be there.

Yes it's common to get a delegation only on the WAN directly. So you can use that on internal interfaces but the WAN only ever as a link local address to route it across.

OK so it's a GPON module. Those can present issues in pfSense since they often only accept one link rate but present as a something else to the NIC.

If it's a 1G link I would try to get a 1G SFP NIC as that is most likely to work without issues.

Though since it's probably running OpenWRT you may be able to force it. https://hack-gpon.org/ont-huawei-ma5671a/

Ah, yes. Been a while I guess. 😉

@stephenw10 said in [ Bug? ] 24.11 web GUI cannot enable L2TP server ( while the service is just working fine in the background ):

3487972e11dc8d096f97c2a2e5a0e86d7f179002

Hi,

Thank you. Had fix it.