@patient0 said in /mnt folder question:

@Gertjan a bit further up stephenw10 wrote:

I'm pretty sure the efi partition is mounted there to test at upgrade for example.

... that's why.

That's why I replied ... it wouldn't mount in /mnt but somewhere in /mnt/somewhere/
That is, that is what I hope.
Because, if not .... dono, that feels pretty dirty to me.
What if I have a USB drive mounted (also) with my config.xml ?
Anyway, just thinking out loud here.

@SteveITS
"sleep 60...." did it, thanks!
Tested with a reboot and it did not sleep the reboot process either.

Status > OpenVPN also shows the time (re)started correctly.

Much appreciated and thanks to everyone for their help!

@dacuda said in Migrating 24.03 to New Hardware:

I originally was on CE, and took advantage of the free upgrade to plus when it was previously available.

I was on the very similar boat and if you on free-upgrade (CE -> Plus) then tac-support won't do it. I was told that free upgrade is tied to the H/W, hence cannot be transferred.

-S

@JonathanLee I'm sure someone with longer and deeper understanding of pfSense will be able to answer that.

Hmm, odd. The routes should be added by the daemon when it connects as long as they are defined in tailscale as I understand it.

But, yes, the tailscale interface is not expected to ever be assigned. It is not bypassed by the interfaces check at boot so will throw an error.

@viragomann oh yeah that can be on my pi‘s I have virtualmin! I‘ll change that up Adressen on the pi!

So - I added an Intel Pro 1000 - 4 port 1G NIC - and all is well.
Realtek disabled in the bios.
Life is good.
Lesson learned.
All functions normal...

Thanks to all who helped.

@stephenw10

I’ve been running on “previous stable” firmware.

In response to this most recent drop I upgraded firmware on this SG2100 from 2403 to 2411, removed or disabled several non-essential add ons, and disabled gateway monitoring entirely.

crosses fingers

Updated my unofficial guide if anyone else wants to try this here is a short guide for you.

https://forum.netgate.com/topic/195843/unofficial-guide-have-package-logs-record-to-a-secondary-ssd-drive-snort-syslog-squid-and-or-squid-cache-system

Patch issued

https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/714ecd70d2db2fc45273cbf44e9ea6a6008e828b

Success! Thanks

Yup if it is a bug it's in pfBlocker I would think. It should be here:
https://redmine.pfsense.org/projects/pfsense-packages/issues

Not seeing anything current for duplicate rules there.

Are the additional IPs in the WAN subnet? If so then add VIPs on the WAN and forward traffic from those to hosts in the DMZ.

If your additional IPs are routed to you using a different subnet you have more options.

https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html

Steve

@johnpoz Found the issue I had to setup the right dhcp6 prefix in wan and enable ipv6 in the network now the server was able to reach map so the issue is that the ubuntu server seem to use primary the ipv6 instead of the ipv4 that they get!

@stephenw10 so do I, not felling good when see it. 😖

Tailscale is a great option as @michmoor mentioned.

It also depends on your organizations goals and whether or not you are just going to do ZTNA or go with full SASE (which incorporates ZTNA but is far more expensive). The later is arguably better, but it's a lot more work and money and still has some limitations.

@stephenw10
rats. Thanks for the quick response.

@josh44

Or this :

7045020e-83c1-40e3-97a1-6ffe4823e552-image.png

Install pfSense, and you can see it right away.

Or this [AWS - Howdy Partner | The Multi Instance Management (MiM) controller](AWS - Howdy Partner | The Multi Instance Management (MiM) controller ( I guess ))

Didn't know it was already released.

@Gertjan

Sorry its a typo, its should read 10Gb.

The T-Mobile device was delivered late Monday and initially configured as standalone yesterday morning. I live about 1/2 mile line of sight from the cell tower. My 5G phone normally gets 1.2gb to sometimes 1.4gb

The T-Mobile internet standalone ran at the mid to high 800s without testing too hard. All sites in the house that would be good as a location for the device tracked about the same. My Comcast internet now is 500mb. So, not too bad so far. T-Mobile is said to put home internet on the 2nd lowest priority. After you hit the data cap you go down to the bottom until the next month.

Thanks to the wire tester, finding the cat6 wire took more time to set up than to select the proper wire. T-Mobile as a pfSense WAN source fired up by the time I cleaned up after myself.

Wired internet speeds dropped to the mid 400s. Pretty big but I was considered downgrading to 300 mb on Comcast if I stay with them. 2025 prices go up a lot. Still pretty good.

Now it's a reliability test. I left the old wire from the cable modem just dangling there so it should take a few seconds to switch back.

OK, as I write this, my T-Mobile wired internet just dropped. It was up for maybe 5 minutes. I wrote the above immediately after hooking it up. I finished using T-Mobile wireless - this pc is normally wired in the area serviced by the controversial MOCA. Far away from the device. T-Mobile delivered a very weak signal. Entirely unacceptable for any form of home network. The AX-21 Access Point always delivers a very strong wireless signal to this room.

Correction - the wireless just dropped too. Back to the basement. Comcast fired back up almost immediately as WAN.

Guess what's going back to T-Mobile later this week. OK Comcast, you win this time. The free 15 day trial came in handy. Back to negotiating a new contract later.

Edit a few hours later: The T-Mobile device has been returned.

I remembered fiber was installed in my neighborhood last year. The company confirmed by chat it is available at my house. One week lead time should work. Symmetrical gigabit for $50 a month for first year and $65 a month thereafter. No data caps. Lower price than Comcast for similar download speed. Free ONT. No install charge. No bad reviews anywhere.

Hmm, OK well it either has an ARP entry or a route for that device then. It should be sending directly since it's in the same subnet.

Something must be blocking it.