@citaku I don’t even know why the information is not in the documentation.

We buy expensive hardware, supporting netgate and pfSense at the same time, and we cannot get the simple reference of the SSD being used.

Thanks steve. I got an img from support reimaged device and is working fine.

Again Thank you

@jimp See outputs below....

FROM SG-5100 DHCP GUI:
Capture.PNG

FROM "/var/dhcpd/var/db/dhcpd6.leases" Lease FILE:

authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;

server-duid "[REDACTED]";

ia-na "[REDACTED]" {
cltt 4 2021/10/28 06:46:19;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 4 2021/10/28 16:26:10;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 11:52:14;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 4 2021/10/28 23:52:14;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 12:16:19;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 5 2021/10/29 00:16:19;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 11:24:51;
iaaddr [REDACTED] {
binding state active;
preferred-life 20157;
max-life 43200;
ends 4 2021/10/28 23:24:51;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 11:56:39;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 4 2021/10/28 23:56:39;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 12:08:29;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 5 2021/10/29 00:08:29;
}
}

ia-na "[REDACTED]" {
cltt 3 2021/10/27 22:55:03;
}

ia-na "[REDACTED]" {
cltt 3 2021/10/27 17:00:43;
}

ia-na "[REDACTED]" {
cltt 3 2021/10/27 21:46:16;
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 11:10:44;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 4 2021/10/28 23:10:44;
}
}

ia-na "[REDACTED]" {
cltt 3 2021/10/27 18:03:46;
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 11:08:53;
iaaddr [REDACTED] {
binding state active;
preferred-life 7200;
max-life 43200;
ends 4 2021/10/28 23:08:53;
}
}

ia-na "[REDACTED]" {
cltt 3 2021/10/27 22:53:32;
}

ia-na "[REDACTED]" {
cltt 3 2021/10/27 21:45:18;
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 12:22:00;
iaaddr [REDACTED] {
binding state active;
preferred-life 23597;
max-life 43200;
ends 5 2021/10/29 00:22:00;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 04:49:16;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 4 2021/10/28 16:49:16;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 08:49:05;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 4 2021/10/28 20:49:05;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 05:37:30;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 4 2021/10/28 17:37:30;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 13:10:10;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 5 2021/10/29 01:10:10;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 13:17:10;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 5 2021/10/29 01:17:10;
}
}

ia-na "[REDACTED] {
cltt 4 2021/10/28 13:24:13;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 5 2021/10/29 01:24:13;
}
}

ia-na "[REDACTED]" {
cltt 4 2021/10/28 13:44:58;
iaaddr [REDACTED] {
binding state active;
preferred-life 27000;
max-life 43200;
ends 5 2021/10/29 01:44:58;
}
}

@kabluton
Yes. There is a lot of good documentation here:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/index.html

@nocling said in Can SG-1100 handle this S2S VPN?:

If you choose the SG-2100, the power consumption is almost the same.
But you have more power.
The SG-2100 has a dedicated WAN port instead of the SG-1100 and can achieve higher performance because 1 NIC can only use 1 CPU core.
And you have 4GB of RAM to do some things with no problem.

Exactly - and in My case also especially because it has a Dual personallity SFP WAN port which allowed me to terminate My fiber to home directly in My firewall (No ISP box to use power anymore).
I could do that because My ISP runs single strand Ethernet which is easy to get a SFP tranciever for😊

@bruenore

See also the doc : Docs » pfSense® software » Solutions » Netgate 3100 Security Gateway Manual

As long as you're in the situation where the power can go down, keep this Netgate video in reach : How to Run a pfSense Software File System Check.

( or get an UPS ;) )

5100 is a great product; the only thing missing is Layer 3 switching and a 10GB WAN/LAN port. ...oooh i miss Layer 3 switching.....

@steveits said in Upload configuration to a Netgate 7100 from other PfSense:

Hopefully the posting will be helpful to others.

hmmm, so you're back and you won't forget?

I love you man, but you know that...

+++edit:

I hope your style is honed by a serious CNC..... :)

@pourts The initial question is whether you want to prevent wired and wireless from talking to each other?

If you do, you can use different interfaces on pfSense and use firewall rules to block traffic between them, from LAN to OPT and OPT to LAN. The 1100 has an OPT port so that could be for wireless. There's no need for a VLAN-capable switch in this scenario, but you may need two "dumb" switches, one on LAN and one on OPT, if you have multiple devices.

@gertjan

Console would not respond to commands, but I was able to halt the system through the WebGUI prior to removing power.

Update (10/22): the router ran fine for about 13 hours and then the OpenVPN (site to site) service hung, the service would not restart, and I had to reboot the router.

@stephenw10 Looks like bandartogel is trying to use your forum to advertise!

@stephenw10

Thanks stephenw10 and yes, its from the same (mobile) client.

Sounds like the Windows client requesting certs for every CA it has for some reason.

That makes sense. On the other hand i explicitly have selected the CA certificate in the IPSec profile setup @ Win10.
Would just like to know if i can do anything to avoid that. Seems a little bit much overhead for going through every CA that is located in the Trusted Root CAs, which are indeed exactly 33.

Hmm, that's all that appears? That's not good.

I would open a ticket with us if you have not already: https://go.netgate.com/

Steve

@bigsy thank you for your reply.

i had thought i had replied ... my apologies for such a late thank you to you.

@akuma1x thanks for posting that link. Very "cool".

For future reference, when you reinstall it sets the boot env to the chosen install media. It is possible to set that manually from the uboot prompt though. For example:

setenv bootcmd 'run setLED; run emmcboot;' saveenv reset

You would only ever need to do that if for some reason you need to change boot media without reinstalling.

Steve

Hey everyone, thanks for your kind suggestions. At the same time I was working with Netgate directly as I personally became convinced pretty quickly that this was a hardware issue.

After 2 days of installing new firmware from console, resetting settings, and turning things off, Netgate eventually agreed it was hardware and gave me an RMA. Now I'm in the waiting game between shipping the device back and getting a new one. I have to say, having to pay return shipping for a dead on arrival device kinda blows. So does 2 days of hours spent troubleshooting (a few times with techs who clearly were convinced the fault was me misconfiguring things).

New customer here, not sure if I'll be a repeat one after this experience. What's worse: Ubiquiti where they lie about being hacked (which is why I picked netgate over the EdgeRouter) or this?

But I can say the community (y'all who replied above) seem pretty great!

The advantage currently is the increased resilience to filesystem damage from a power loss.

There is not (yet) any integration for things like snapshots or boot environments but that is on the cards.

ZFS will install and run fine on that box with the default settings. I've been running it here on numerous things for a long time.

Steve

Additional insights:

Version is 21.05.1 BIOS is 1.2c no NAT done, pfSense is internal firewall/router in front of their core switches ix0/ix1 are combined to lagg0 and connected to a core switch each (no crossover cabling) lagg0 is running normally (both channels active) rules on test VLAN interfaces are simple and to test were pass alls

so nothing out of the ordinary that would hinder traffic flow or performance

@lralvarez what @bmeeks said - but why would you want 21.02 vs 21.05.1 which is current? Running 21.05.1 on my sg4860..

They normally respond with link to image and instructions within a few minutes.