Interface mismatch
-
My pfSense box was working unmanned for many days but once I found it's unaccessible. I have rebooted it and found strange message during boot. saying "Interface mismatch". Then it asked me to reconfigure interfaces manually.
Why? What was happen?
Mismatch between what and what?
How to prevent this?
-
@dimskraft said in Interface mismatch:
Mismatch between what and what?
You should tell us.
And I get it, you do'nt know neither, but you can access your pfSense so you can look in the logs.
Or, ask your pfSense what interface it 'thinks' it has :
Type 'ifconfig' on the command line and admire the result.Btw : if there is a 'interface' (== network) problem, changes are great that the GUI / web access doesn't work at all. That's why the console access, serial or VGA, is so important.
Check the log /var/log/dmesg.boot and see what NICs are detected on boot - and thus what NIC are not detected.
For example, USB NICs (never ever use these, don't even gibe them to you worst enemy) can be detected to late or not at all, and this will change the NIC list order and pfSense now knows something changed and present you the "please assign the interfaces" list.
This is a pure security issue : example : if the initial LAN interface becomes unknown/not detected, the next known interface will NOT inherit the LAN interface settings and related firewall rules, as this could be a network with untrusted devices ... -
@gertjan currently I don't see anything in dmesg
My computer has two physical ethernet cards, one is builtin into motherboard and another one is plugged into socket.
During boot it showed me these two cards with their MAC addresses and saying that due to mismatch it can't decide what is what. I said, which one is WAN and which one is LAN, specified static IP for LAN and etc. After boot I found pfSense forgot everything related with LAN interface.
After that I have rebooted and it booted ok. I don't see any problematic boot logs now. Is it possible to find them?
Additionally I have USB mobile dongle which simulates USB NIC. I was plugging and unplugging it in preceding days. It was creating additional interface. During the incident, it was unplugged. May be it confused it somehow with LAN interface?
-
If you assigned a USB Ethernet interface and then unplugged it and rebooted, you'd get a mismatch. It expected that USB Ethernet to be there and it wasn't. You should remove the assignment when it's not going to be plugged in.
The next release will handle that a little better (22.05 already does) but USB Ethernet in general is problematic. Not just on pfSense, but overall.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp what is suffucient action to preven this after unplug? Go to interface assignments and unassign?
-
That is sufficient, yes, but do that before you unplug, not after.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp BTW what is the problem with this? I saw USB device had specific device path and I have assigned it to the interface. Okay, it has disappeared. But no reason to confuse it with other lans and wans. Why don't just unassign it automatically or go to the same state as after unplug? Any automatic solution is better that unability to resurrect without human intervention.
-
It's much safer to force the user to re-assign them.
Imagine if you had 3 USB NICs and you disconnect one of them. Now at boot the NIC order might be different and you could end up with LAN hosts connected to a DMZ interface. Or worse.
Steve
