Got the correct image file from Netgate and a bit of help in troubleshooting, ended up the 2440 died during the upgrade process and nothing would revive it.

Shiny new SG-3100 will be here later this week and until then I'll limp along on an antique HP from the spares closet stuffed with Ethernet cards.

Just for anyone else looking this is now fixed here: https://forum.netgate.com/post/987049

Steve

At some point (hopefully soon!) you will be able to upgrade the VM to Plus and then both would be using the same version.
Of course you will still be unable to state sync between those as the interface types will be different.

Steve

@stephenw10
Thank Steve,
Yes this what I did, then I reloaded a previous configuration via the gui.

The netgate support was gave me a great guidance.

Thanks

@nicheath thank you. I have the same issues now. Trying to update from 21.02.2 to 21.05 ... I will try a cold boot to see if that fixes the issues.. (I have SG-1100).

I updated to 21.05 too, had no problems updating. Also applied the patch. Thanks for the help!

@langrock
OK I checked your config there and it looks OK. I just tested again here though and it works fine, something odd is happening there.
A pcap on the LAN whilst tying to pull a lease via the OPT port should show it though.

Steve

@scottlindner said in SG-2220 install to boot from M.2?:

Hopefully it doesn't apply to my SG-2220

I thought you might want to keep both installations.
Because it seems logical to me, this could even be an extra redundancy.

Yup - crazy thread 😉 , but you can see how little things depend on the things and this is the point of the description.

and this is the essence of the Netgate documentation:

9292433a-9c4d-42c1-945f-80d3934a9562-image.png

@stephenw10 thanks

@johnpoz - the unit was off for a few months. When I turned it back on, the system stated it was up to date (via the system - update - system update). As I own two other Netgate models (SG-1100 and SG-2200), the models have pfSense Plus. I never a statement regarding hardware limit via the documentation site nor any release notes.

As I am checking this forum post (for feedback) this morning, I checked the system update section. Today it is prompting me the upgrade is available. It took about 1 day to prompt there is an upgrade.

The system has been upgraded to 21.05.

Thank you for the responses.

@stephenw10 Update 21.05 solved the problem. Thank you.

After upgrading a few SG-3100 to 20.05 it seems to have resolved my issues with VPN speed, and I get expected IPsec VPN performance now.

SG-5100 is still far better if can justify the price.

On the other side, the tcpdump show:

[2.4.5-RELEASE][admin@pf1-tos.domain]/root: tcpdump -i xn0.10 ether host c8:df:84:c1:16:37 -nn tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on xn0.10, link-type EN10MB (Ethernet), capture size 262144 bytes 18:05:55.841165 ARP, Request who-has 172.16.80.241 tell 172.16.80.242, length 42 18:05:55.841190 ARP, Reply 172.16.80.241 is-at 00:16:3e:19:25:5f, length 28 18:05:56.850828 ARP, Request who-has 172.16.80.241 tell 172.16.80.242, length 42 18:05:56.850855 ARP, Reply 172.16.80.241 is-at 00:16:3e:19:25:5f, length 28

i can't run it on the origin otherwise the ping start working...

@stephenw10
I update both, pfBlockerNG dev holds Unbound down at startup. Next Reboot, all good.

SafeXcel works now very nice, 50MBit Throughput, 45-50% before, 20-22% after.
Looks like a nice version.

That's all the output?

That's very early in the boot process, in uboot before it even tries to boot anything.

If it was still booting 2.4.X and you simply ran the upgrade I would not expect a failure at that point. That looks more like a hardware issue if that really is all the output it's showing.

Steve

The SG-1100 use Switchports, no need for Bridge.

I use VLAN 1 to with my, on the Opt is a UniFi AP with Guest Net tagged on top.
DHCP is on the pfsense, there a so many settings you could set if you need.

@gertjan

Serial = (virtual) COM Port, yes

Bricked = kinda depends on how "bricked" bricked was...but it wasn't bricked so bad it became a door stop. :)

@steveits said in XG-7100 - Interface assignement:

A, kind of. The state

Well.

Just FYI, i came back to SG-5100.
I create a CARP between physical Appliance and virtual appliance hosted in my cluster, it works like a charm.
Public network is distributed through a VLAN, and i have double BGP attachment on a VPC Cisco core. Public routes are redistributed with i-bgp.

I can loose a switch core --> prod still working.
I can loose SG-5100 physical appliance --> Virtual appliance in the cluster is taking relay thanks to carp.

I love this setup, don't know why buying Fortinet or Stonesoft solution while pfsense is answering to problems....

@pzanga Excellent.

Remember to remove the VLAN’s as Well as they are No longer needed

@steveits said in SG-3100 Loadbalance and failover:

I've seen comments elsewhere that Starlink uses CGNAT.

Well then I saw it right 😉

Aha, this is not the best situation, because you can only hope that the CGNAT is only because of the few IPv4 address space of the provider and there are no nonsense filtering rules on the NAT.

It's like when you're at work and you need two hands and it's one fixed behind your back.

It's also strange that they use 192.168.0.0/16 and not 10.0.0.0/8, they're not that out of addresses then, hmmm?