ping & DNS resolution work, but not able to update or even use curl to download

[Fowlerj]

I'm seeing the oddest behavior.

New 25.1 install.  Interfaces available and correct; e.g. igb0 (LAN) and ue0 (WAN).  I can successfully ping IPs (1.1.1.1., 8.8.8.8) and domain names (google.com, yahoo.com, pkg.opnsense.org, etc.).

However, I cannot update from GUI or cli.  I cannot even download using curl.

Direct connections to the WAN modem work properly.
Wiped and reinstalled just to verify that it wasn't a configuration change causing the issue.
NAT is set to automatic rule generation (default).
WAN is set to not/not block private networks (the modem provides/uses a private address space (192.168.2.1/24)).

Any troubleshooting suggestions are appreciated it.

Thank you.

[cookiemonster]

yup. System > Firmware > Status : Run an audit.
There should be some clues there hopefully.

[Fowlerj]

It passes the "Health" audit.  It cannot fetch the needed file for the "Security" audit (Unknown resolver error).  The "Connectivity" audit returns a more explicit error matching what I've been experienceing:
The "Checking server certificate for host: pkg.opnsense.org" returns an error: "Address family for hostname not supported."

At the same time, sshing into Opnsense I can ping pkg.opnsense.org and it returns 89.149.222.99 (and works for other URLs too).


Under System > Settings > General I have DNS servers (both Cloudflare and Google) along with the "Prefer to use IPv4 even if IPv6 is available" checked.

[Fowlerj]

Even more fascinating:

When I run the connectivity audit it returns (shortened):
No IPv4 for pkg.opnsense.org
No IPv6 for pkg.opnsense.org

BUT - If I ping pkg.opnsense.org from the a shell and then run the audit (while ping is running from a shell) the audit pings and finds the IPv4 address (89.149.222.99).  However, it then gives 100% packet loss for the audit ping instance.  Meanwhile, the shell ping of pkg.opnsense.org has no packet loss across ~300 packets.

This is really quite confusing.

[EricPerl]

Are you even using IPv6 at all?
Interfaces > Overview?
WAN Config?

[Fowlerj]

IPv6 is completely disabled (https://www.thomas-krenn.com/en/wiki/OPNsense_disable_IPv6).

Both interfaces are set to "none" for IPv6 and "prefer IPv4 over IPv6" is checked under general settings.  The IPv6 rule under Firewall > Rules > LAN is also disabled.  There should be no utilization of IPv6 at all (though it seems to still try).

The modem (WAN) and connected LAN client also have IPv6 disabled.

[franco]

Why not post the raw connectivity audit output? Check dmesg, check your switches.  This sounds like an address conflict or other setup related issue.


Cheers,
Franco

[Fowlerj]

This is the raw output of the "Connectivity" audit  - while pinging pkg.opnsense.org from a shell session.
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 25.1 (amd64) at Fri Apr 25 11:30:47 MST 2025
Checking connectivity for host: pkg.opnsense.org -> 89.149.222.99
PING 89.149.222.99 (89.149.222.99): 1500 data bytes

--- 89.149.222.99 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:14:amd64/25.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/meta.txz: Unknown resolver error
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/packagesite.pkg: Unknown resolver error
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/packagesite.txz: Unknown resolver error
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:5300:a010:1::1
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:14:amd64/25.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/meta.txz: Unknown resolver error
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/packagesite.pkg: Unknown resolver error
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/packagesite.txz: Unknown resolver error
Unable to update repository OPNsense
Error updating repositories!
Checking server certificate for host: pkg.opnsense.org
0020811B05440000:error:10080002:BIO routines:BIO_lookup_ex:system lib:/usr/src/crypto/openssl/crypto/bio/bio_addr.c:738:Address family for hostname not supported
connect:errno=0
***DONE***


There are no switches involved.  There is only Modem > OpnSense > laptop client (w/ static IP).  Trying to have it be as simple as possible while troubleshooting.

Latest dmesg:
---<<BOOT>>---
Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.2-RELEASE stable/25.1-n269614-36155813721 SMP amd64
FreeBSD clang version 18.1.6 (https://github.com/llvm/llvm-project.git llvmorg-18.1.6-0-g1118c2e05e67)
VT(efifb): resolution 800x600
CPU: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz (3200.00-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x906ea  Family=0x6  Model=0x9e  Stepping=10
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x7ffafbff<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x121<LAHF,ABM,Prefetch>
  Structured Extended Features=0x29c6fbf<FSGSBASE,TSCADJ,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,NFPUSG,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PROCTRACE>
  Structured Extended Features2=0x40000000<SGXLC>
  Structured Extended Features3=0x9c002e00<MCUOPT,MD_CLEAR,TSXFA,IBPB,STIBP,L1DFL,SSBD>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
  TSC: P-state invariant, performance statistics
real memory  = 34359738368 (32768 MB)
avail memory = 33201741824 (31663 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <LENOVO TC-M1U  >
FreeBSD/SMP: Multiprocessor System Detected: 12 CPUs
FreeBSD/SMP: 1 package(s) x 6 core(s) x 2 hardware threads
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-119
Launching APs: 1 11 4 6 3 8 2 9 7 5 10
random: entropy device external interface
wlan: mac acl policy registered
kbd1 at kbdmux0
WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 15.0.
efirtc0: <EFI Realtime Clock>
efirtc0: registered as a time-of-day clock, resolution 1.000000s
smbios0: <System Management BIOS> at iomem 0x9b8b4000-0x9b8b401e
smbios0: Version: 3.2, BCD Revision: 2.8
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS>
acpi0: <LENOVO TC-M1U>
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 24000000 Hz quality 950
Event timer "HPET" frequency 24000000 Hz quality 350
Event timer "HPET1" frequency 24000000 Hz quality 340
Event timer "HPET2" frequency 24000000 Hz quality 340
Event timer "HPET3" frequency 24000000 Hz quality 340
Event timer "HPET4" frequency 24000000 Hz quality 340
Event timer "HPET5" frequency 24000000 Hz quality 340
Event timer "HPET6" frequency 24000000 Hz quality 340
Event timer "HPET7" frequency 24000000 Hz quality 340
atrtc1: <AT realtime clock> on acpi0
atrtc1: Warning: Couldn't map I/O.
atrtc1: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pcib2: <ACPI PCI-PCI bridge> at device 0.0 on pci1
pci2: <ACPI PCI bus> on pcib2
pcib3: <PCI-PCI bridge> at device 2.0 on pci2
pci3: <PCI bus> on pcib3
igb0: <Intel(R) PRO/1000 ET 82576 (Quad Copper)> port 0x4020-0x403f mem 0xb2420000-0xb243ffff,0xb2000000-0xb23fffff,0xb2444000-0xb2447fff irq 18 at device 0.0 on pci3
igb0: EEPROM V1.5-1 eTrack 0x00011d40
igb0: Using 1024 TX descriptors and 1024 RX descriptors
igb0: Using 6 RX queues 6 TX queues
igb0: Using MSI-X interrupts with 7 vectors
igb0: Ethernet address: 00:1b:21:6a:0f:00
igb0: netmap queues/slots: TX 6/1024, RX 6/1024
igb1: <Intel(R) PRO/1000 ET 82576 (Quad Copper)> port 0x4000-0x401f mem 0xb2400000-0xb241ffff,0xb1c00000-0xb1ffffff,0xb2440000-0xb2443fff irq 19 at device 0.1 on pci3
igb1: EEPROM V1.5-1 eTrack 0x00011d40
igb1: Using 1024 TX descriptors and 1024 RX descriptors
igb1: Using 6 RX queues 6 TX queues
igb1: Using MSI-X interrupts with 7 vectors
igb1: Ethernet address: 00:1b:21:6a:0f:01
igb1: netmap queues/slots: TX 6/1024, RX 6/1024
pcib4: <PCI-PCI bridge> at device 4.0 on pci2
pci4: <PCI bus> on pcib4
igb2: <Intel(R) PRO/1000 ET 82576 (Quad Copper)> port 0x3020-0x303f mem 0xb1820000-0xb183ffff,0xb1400000-0xb17fffff,0xb1844000-0xb1847fff irq 16 at device 0.0 on pci4
igb2: EEPROM V1.5-1 eTrack 0x00011d42
igb2: Using 1024 TX descriptors and 1024 RX descriptors
igb2: Using 6 RX queues 6 TX queues
igb2: Using MSI-X interrupts with 7 vectors
igb2: Ethernet address: 00:1b:21:6a:0f:04
igb2: netmap queues/slots: TX 6/1024, RX 6/1024
igb3: <Intel(R) PRO/1000 ET 82576 (Quad Copper)> port 0x3000-0x301f mem 0xb1800000-0xb181ffff,0xb1000000-0xb13fffff,0xb1840000-0xb1843fff irq 17 at device 0.1 on pci4
igb3: EEPROM V1.5-1 eTrack 0x00011d42
igb3: Using 1024 TX descriptors and 1024 RX descriptors
igb3: Using 6 RX queues 6 TX queues
igb3: Using MSI-X interrupts with 7 vectors
igb3: Ethernet address: 00:1b:21:6a:0f:05
igb3: netmap queues/slots: TX 6/1024, RX 6/1024
vgapci0: <VGA-compatible display> port 0x5000-0x503f mem 0xb0000000-0xb0ffffff,0xa0000000-0xafffffff irq 16 at device 2.0 on pci0
vgapci0: Boot video device
xhci0: <Intel Cannon Lake USB 3.1 controller> mem 0xb2620000-0xb262ffff irq 16 at device 20.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pci0: <memory, RAM> at device 20.2 (no driver attached)
pci0: <simple comms> at device 22.0 (no driver attached)
ahci0: <Intel Cannon Lake AHCI SATA controller> port 0x5090-0x5097,0x5080-0x5083,0x5060-0x507f mem 0xb2634000-0xb2635fff,0xb263a000-0xb263a0ff,0xb2639000-0xb26397ff irq 16 at device 23.0 on pci0
ahci0: AHCI v1.31 with 6 6Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ahcich2: <AHCI channel> at channel 2 on ahci0
ahcich3: <AHCI channel> at channel 3 on ahci0
ahcich4: <AHCI channel> at channel 4 on ahci0
ahcich5: <AHCI channel> at channel 5 on ahci0
ahciem0: <AHCI enclosure management bridge> on ahci0
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
hdac0: <Intel Coffee Lake HDA Controller> mem 0xb2630000-0xb2633fff,0xb2500000-0xb25fffff irq 16 at device 31.3 on pci0
pci0: <serial bus> at device 31.5 (no driver attached)
em0: <Intel(R) I219-V CNP(7)> mem 0xb2600000-0xb261ffff irq 17 at device 31.6 on pci0
em0: EEPROM V0.5-4
em0: Using 1024 TX descriptors and 1024 RX descriptors
em0: Using an MSI interrupt
em0: Ethernet address: 30:9c:23:f4:3d:5e
em0: netmap queues/slots: TX 1/1024, RX 1/1024
acpi_button0: <Sleep Button> on acpi0
acpi_button1: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
ns8250: UART FCR is broken
ns8250: UART FCR is broken
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
acpi_syscontainer0: <System Container> on acpi0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
atrtc0: Can't map interrupt.
hwpstate_intel0: <Intel Speed Shift> on cpu0
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel2: <Intel Speed Shift> on cpu2
hwpstate_intel3: <Intel Speed Shift> on cpu3
hwpstate_intel4: <Intel Speed Shift> on cpu4
hwpstate_intel5: <Intel Speed Shift> on cpu5
hwpstate_intel6: <Intel Speed Shift> on cpu6
hwpstate_intel7: <Intel Speed Shift> on cpu7
hwpstate_intel8: <Intel Speed Shift> on cpu8
hwpstate_intel9: <Intel Speed Shift> on cpu9
hwpstate_intel10: <Intel Speed Shift> on cpu10
hwpstate_intel11: <Intel Speed Shift> on cpu11
Timecounter "TSC-low" frequency 1596009120 Hz quality 1000
Timecounters tick every 1.000 msec
ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
hdacc0: <Realtek ALC235 HDA CODEC> at cad 0 on hdac0
hdaa0: <Realtek ALC235 Audio Function Group> at nid 1 on hdacc0
hdaa0: hdaa_audio_as_parse: Duplicate pin 0 (33) in association 1! Disabling association.
pcm0: <Realtek ALC235 (Analog)> at nid 27 and 25 on hdaa0
pcm1: <Realtek ALC235 (Front Analog Mic)> at nid 26 on hdaa0
hdacc1: <Intel Kaby Lake HDA CODEC> at cad 2 on hdac0
hdaa1: <Intel Kaby Lake Audio Function Group> at nid 1 on hdacc1
pcm2: <Intel Kaby Lake (HDMI/DP 8ch)> at nid 3 on hdaa1
Trying to mount root from zfs:zroot/ROOT/default []...
ugen0.1: <Intel XHCI root HUB> at usbus0
uhub0 on usbus0
uhub0: <Intel XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <MTFDDAK256TBN-1AR1ZABHA HPC0012> ACS-3 ATA SATA 3.x device
ada0: Serial Number UFZMN01J7A228E
ada0: 600.000MB/s transfers (SATA 3.x, UDMA5, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 244198MB (500118192 512 byte sectors)
ses0 at ahciem0 bus 0 scbus6 target 0 lun 0
ses0: <AHCI SGPIO Enclosure 2.00 0001> SEMB S-E-S 2.00 device
ses0: SEMB SES Device
ses0: ada0,pass0 in 'Slot 00', SATA Slot: scbus0 target 0
Root mount waiting for: usbus0
uhub0: 22 ports with 22 removable, self powered
ugen0.2: <Novatel Wireless M2000> at usbus0
ugen0.3: <Logitech USB Keyboard> at usbus0
ukbd0 on uhub0
ukbd0: <Logitech USB Keyboard, class 0/0, rev 1.10/64.00, addr 2> on usbus0
kbd2 at ukbd0
igb0: link state changed to UP
acpi_wmi0: <ACPI-WMI mapping> on acpi0
acpi_wmi0: cannot find EC device
acpi_wmi0: Embedded MOF found
ACPI: \134WMI1.WQCA: 1 arguments were passed to a non-method ACPI object (Buffer) (20221020/nsarguments-361)
acpi_wmi1: <ACPI-WMI mapping> on acpi0
acpi_wmi1: cannot find EC device
acpi_wmi2: <ACPI-WMI mapping> on acpi0
acpi_wmi2: cannot find EC device
acpi_wmi2: Embedded MOF found
ACPI: \134_SB.WFDE.WQCC: 1 arguments were passed to a non-method ACPI object (Buffer) (20221020/nsarguments-361)
acpi_wmi3: <ACPI-WMI mapping> on acpi0
acpi_wmi3: cannot find EC device
acpi_wmi3: Embedded MOF found
ACPI: \134_SB.WFTE.WQCC: 1 arguments were passed to a non-method ACPI object (Buffer) (20221020/nsarguments-361)
ichsmb0: <Intel Cannon Lake SMBus controller> port 0xefa0-0xefbf mem 0xb2638000-0xb26380ff irq 16 at device 31.4 on pci0
smbus0: <System Management Bus> on ichsmb0
urndis0 on uhub0
urndis0: <Novatel Wireless M2000, class 0/0, rev 2.10/4.14, addr 1> on usbus0
ue0: <USB Ethernet> on urndis0
ue0: Ethernet address: 00:15:ff:30:11:45
uhid0 on uhub0
uhid0: <Logitech USB Keyboard, class 0/0, rev 1.10/64.00, addr 2> on usbus0
lo0: link state changed to UP
ugen0.2: <Novatel Wireless M2000> at usbus0 (disconnected)
urndis0: at uhub0, port 1, addr 1 (disconnected)
urndis0: detached
pflog0: permanently promiscuous mode enabled
igb0: link state changed to DOWN
ugen0.2: <Novatel Wireless M2000> at usbus0
umass0 on uhub0
umass0: <Novatel Wireless M2000, class 0/0, rev 2.10/4.14, addr 3> on usbus0
umass0:  SCSI over Bulk-Only; quirks = 0x0000
umass0:7:0: Attached to scbus7
da0 at umass-sim0 bus 0 scbus7 target 0 lun 0
da0: <Linux File-Stor Gadget 0414> Removable Direct Access SCSI-2 device
da0: 40.000MB/s transfers
da0: Attempt to query device size failed: NOT READY, Medium not present
da0: quirks=0x2<NO_6_BYTE>
cdce0 on uhub0
cdce0: <Novatel Wireless M2000, class 0/0, rev 2.10/4.14, addr 3> on usbus0
ue0: <USB Ethernet> on cdce0
ue0: Ethernet address: 00:15:ff:30:11:45
igb0: link state changed to UP
ugen0.2: <Novatel Wireless M2000> at usbus0 (disconnected)
cdce0: at uhub0, port 1, addr 3 (disconnected)
cdce0: detached
umass0: at uhub0, port 1, addr 3 (disconnected)
da0 at umass-sim0 bus 0 scbus7 target 0 lun 0
da0: <Linux File-Stor Gadget 0414>  detached
(da0:umass-sim0:0:0:0): Periph destroyed
umass0: detached
ugen0.2: <Novatel Wireless M2000> at usbus0
urndis0 on uhub0
urndis0: <Novatel Wireless M2000, class 0/0, rev 2.10/4.14, addr 4> on usbus0
ue0: <USB Ethernet> on urndis0
ue0: Ethernet address: 00:15:ff:30:11:45
igb0: link state changed to DOWN
igb0: link state changed to UP

[newsense]

Is time correct on the device ?

To verify use this command:

Code Select Expand

date

To set the time:

Code Select Expand

date yymmddhhmm.ss
yymmddhhmm.ss means YearMonthDateHoursMinutes.Seconds


Reboot after setting the correct time and check for updates and/or do a healthcheck again and post it here.

[Fowlerj]

The date is/was the correct time.  Sat Apr 26 14:02:19 MST 2025

[EricPerl]

What does the WAN configuration page look like?

[cookiemonster]

ue0 (WAN).

Code Select Expand

ue0: <USB Ethernet> on cdce0
ue0: Ethernet address: 00:15:ff:30:11:45
igb0: link state changed to UP
ugen0.2: <Novatel Wireless M2000> at usbus0 (disconnected)
cdce0: at uhub0, port 1, addr 3 (disconnected)
cdce0: detached
umass0: at uhub0, port 1, addr 3 (disconnected)
da0 at umass-sim0 bus 0 scbus7 target 0 lun 0
da0: <Linux File-Stor Gadget 0414>  detached
(da0:umass-sim0:0:0:0): Periph destroyed
umass0: detached
ugen0.2: <Novatel Wireless M2000> at usbus0
urndis0 on uhub0
urndis0: <Novatel Wireless M2000, class 0/0, rev 2.10/4.14, addr 4> on usbus0
ue0: <USB Ethernet> on urndis0What sort of setup is this, some USB NIC but also some wireless card somewhere? Or is it a usb-attached wifi thingy ? Surely your WAN is connected to something that can provide a public IP or WAN access.
Can you clarify this setup please?
It might be what's giving trouble.

[EricPerl]

I missed the interface assignments in the OP.
That Novatel Wireless M2000 appears to be a 5G mobile hotspot used by T-Mobile.
It allows some form of tethering via USB-C.

Per PCMag review:

One way to extend range is to hook the hotspot up to a secondary router. That's trickier than it sounds: The M2000 doesn't have an Ethernet port, and even if you use an adapter to connect a router through the USB-C port, most routers don't have the drivers to tether to a hotspot. You'll specifically need a travel router that supports tethering.

The MAC is associated with Novatel as well, which seems to confirm tethering...

Not being more upfront about that part seems inefficient at best.

[Fowlerj]

Sorry.  I have the same modem in connected to three other OpnSense installs where it is working without an issue.  Since I can get IP traffic (ICMP pings) across the modem, it didn't seem to be the point of failure.  The modem IP assigned to OpnSense is as the DMZ address in the modem.

The modem is a MiFi2000 (some specs: https://www.4gltemall.com/inseego-5g-mifi-m2000.html).  It is connected to a USB port and presents to the system as ue0, which is assigned to the WAN. 

Presently the WAN interface configuration is enabled and receives an IPv4 via DHCP (from the modem).  IPv6 is set to "none".  "Block private networks" and "Block bogon networks" are unchecked. "Overide MTU" is checked.

Trying to reduce possible interference while troubleshooting.

Again, apologies for not being more explicit about the 5G modem.

[EricPerl]

Having 0 experience with these, I'm going to withdraw.
If it were me, I would try different combinations to establish that the modem itself is working as expected (e.g. tether another machine).
Then compare firmware, settings with working units...