I was afraid I would hear that. As an interim solution I actually did use a media converter (I agree with the "yuck"), because I had an extra one available. In the long run I will most likely get another switch and use that solution.

Thanks for the quick and helpful reply, though!

Open a ticket with us: https://go.netgate.com/

You should always see some output there from uboot if you power cycle it, even if pfSense is not booting at all.

We have seen bad cables that somehow allow the device to be seen but not any actual output. You have already tried a different cable though.

Steve

Yup that.

An m.2 SATA is significantly faster than the eMMC but that really only makes any difference to packages using the storage and boot times.
VPN throughput would not change.

Steve

Difficult to say what the issue was. U suspect it was resolved before you ran the command line update. I would expect it to fail there if there was an issue. The advantage of updating at the command line like that is it gives you some error output that usually tells you why6 packages are not available.

As far as I know there is no current issue with the armv6 pkg repo and hasn't been for some weeks at least.

Steve

That Crucial module is a compatible device. It removing that allowed it to run stable it was probably a bad module.

Steve

I would expect to see ~100Mbps OpenVPN throughput from the SG-3100. About 3x that for IPSec using one of it's hardware accelerated ciphers.
That is very depended on latency, packet size etc.

Steve

@froussy What Crucial memory did you buy and how did it work out? Did you get the SATA ssd from crucial also?

@Gertjan I absolutely agree with you! Although it wasn't clear, I elided some earlier troubleshooting steps from my story. I was stuck helping a non-technical person via phone without any remote access--I had only intended to be away for the weekend and hadn't gotten around to setting up remote access and dynamic DNS yet. The power strip (in fact, it is a UPS) I had her toggle was connected to the modem, SG-1100, and the WAP, and this was my last-ditch effort to fix something. As you say, I lost my bet.

@Rico thanks for the pointer to the right place in the docs! I'll open a ticket with Netgate ASAP and get started.

After doing a bit of research it looks like this is most likely related to the "Atom C2000 Series Bug" which is addressed (although not by name) here.

Netgate appears to have a replacement program that covers affected devices for up to 3 years, however this bug is most likely to cause a failure after 3 years. My device has failed just shy of the 4-year mark, so it looks like I am SOL.

If you are reading this and have a device that may be affected but still within the 3-year replacement period, I would recommend rebooting it early and often to make sure you are eligible for the replacement when the hardware does finally fail.

@stephenw10 I've sent you a link to the files.

That should work on port 8 as you have it configured there as long as you're using lagg0.100 as the assigned interface for the WAN.

Steve

Thank you both. My SG-5100 just arrived today, so tonight's going to be fun, replacing the SG-1100.

(0x) F8 on the internal display (port 80) is the expected last thing displayed when it boots correctly.

Check the second virtual comport for diagnostic info, that should always display something. The port 80 output is also shown there together with thermal values and CPU error values.

Steve

Were you able to resolve this?

I have no idea why you were blocked but I have now whitelisted your address so please open a ticket or email support@netgate.com and we can get you that firmware.

Steve

Hmm, well you might try creating a partition with gpart. I would think that will create a new table if it cannot read one.
You could then just leave that or try removing it.

Steve

Thanks, I'll base the build based on that configuration.
I know that I didn't specified the budget, but this is around $500 over of what I was planning to spend.

Just an update on this for anyone interested.

This ended up being an issue on the Unifi switch side due to what appears to be a bug in the 4.3.13.11253 USW-Pro firmware. For some reason it was blocking tagged traffic from ix0.100 on the trunk port from reaching the untagged switch ports assigned to VLAN 100.

Hi all,

Thanks for your input.

I finally:

contacted with NetGear Support got access to the lastest official image (2.4.5_p1) backed up the router installed the pfSense image restored the image

and the problem was solved.

I had tried, out of desperation, trying to switch back to the 2.4.4 train, but to no avail.
I had no chance of trying @Tuco 's suggestion, which looks like a good solution to the problem.

Thanks to everybody for chiming in.

Fixed, required firmware flash.

https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html

-Rico