How to get pfSense WAN to accept VLAN 0
-
@michaellacroix as to NOT lose the interface
-
So, I'm trying to get ahead of the game and I installed and ran the vlan0 script. I didn't change interfaces at all, since I'm still on my current comcast DOCSIS connection, but wanted to see if the ngeth0 interface would appear. It did, but I completely lost internet. Should I just wait to run the script when I swap to Frontier (next week) and then swap the interface then? Or, should I not have lost internet by running the script (again, keeping ix0 as my WAN)?
Thanks!
-
If you start tagging traffic VLAN0 and expecting traffic to be tagged VLAN0 when your current ISP does not require it then the situation is undefined. But one outcome is that it all gets dropped and you end up with nothing, yes.
-
That makes sense. I assumed however, that if I don't change the interface from "ix0" (default) to "ngeth0" that nothing would change. But I guess it could have dropped the traffic regardless.
-
Yes the ng script will still be active and tagging even if you're not sending traffic through it. I would actually try setting WAN to ngeth0 since there's a good chance your current ISP doesn't care if you anything. Enabling the script and then not using it will definitely fail though.
-
@stephenw10 i tried swapping to ngeth0 after running the script. 0.0.0.0 WAN. No internet.
-
This is my vlan0 script:
https://pastebin.com/hmywwK5a
All I changed were the commenting of the few lines that @michaellacroix instructed, and the variables for the IF and MAC at the top, which correspond to my NIC. I assume if I did everything right, I'd still maintain internet after swapping to ngeth0, but no joy.
-
@schwiing etc...
I would really advise folks who are having issues with the vlan0 stripping to run virtualized under esxi. You can download a free version of esxi from vmware, and it strips off the vlan0 header so pfsense works fine on the virtualized adapter.
And you get snapshotting too, which I can attest is very useful from personal experience. I run pfsense 2.6 on a AT&T fiber connection using the supplicant method and it works just fine.
You can use it as an interim approach until the move to the new BSD codebase is completed if you want, but as I said, I find the virtualization very valuable.
-
@fresnoboy
I suppose I could try it...maybe with a dedicated box (spare PFsense) and install ESXi with Pfsense virtualized.
. Is there any performance loss running pfsense virtualized? Any other disadvantage? -
@fresnoboy said in How to get pfSense WAN to accept VLAN 0:
@schwiing etc...
I would really advise folks who are having issues with the vlan0 stripping to run virtualized under esxi. You can download a free version of esxi from vmware, and it strips off the vlan0 header so pfsense works fine on the virtualized adapter.
I've seen other people mention this too - how do you configure ESXi to do this? Does it just strip off vlan0 headers by default, or do you have to do something specific? I'm trying to do this by running pfSense under Proxmox, and I see no options to do this.
-
@schwiing I would suggest using a managed switch. Really is nice to put 3 ports in a separate vlan and get 2 public ip's (or more if you wanted) for a lab setup.
Or even a public server completely separate from your LAN or anything else you would want to do with a public IP. -
It strips it by default. I can't speak to proxmox, but esxi definitely does this.
-
I am considering doing this also...albeit it means buying another switch and some transceivers...trying to figure out which switch would be best for stripping vlan0. I'm leaning mikrotik but I'm horrible at both RouterOS and SwOS. They're not terribly difficult but it's just not intuitive to me.
-
@jarhead said in How to get pfSense WAN to accept VLAN 0:
@schwiing I would suggest using a managed switch. Really is nice to put 3 ports in a separate vlan and get 2 public ip's (or more if you wanted) for a lab setup.
Or even a public server completely separate from your LAN or anything else you would want to do with a public IP.Is there a specific manged switch that you know will do this? Do they all strip VLAN-0 or is this something that only some of them can do?
-
Any managed switch should be able to.
I use Cisco SG-300's but there's plenty of posts on here with suggestions for managed switches.
Any switch that let's you assign vlans will work. -
So, if using mikrotik, how would I set it up if put in between the ONT and PFsense?
What would I change here?
https://www.servethehome.com/wp-content/uploads/2019/12/Mikrotik-CSS326-RM-SW-OS-VLAN.png
-
@schwiing You'd have to go into Vlans first, create a new vlan. Use an obscure vlan that you won't need, like 4094 since it's the last usable vlan. Then use 2 ports, say 9 and 10, and set them both to vlan 4094. Not sure what the "force vlan ID" is but you might need to check that. Set both to enable, and untagged only.
Then plug the ONT into 9 and the WAN into 10. That's it.
If you want another public IP, set another port to that vlan and plug that port into another router's WAN.I've never used Microtik but that would be my guess. The manual would probably tell more if needed.
-
@jarhead Ah, so even the WAN port will be able to see VLAN0 (on port 9 in your example) despite it being VLAN4094? That's the part that always confused me. I didn't know if you had to trunk port 9 to accept VLAN0 or not. If they're both untagged, that makes it MUCH easier!
-
@jarhead
Oh.. One more thing. What do I set for the IP of the switch? -
@schwiing Anything you want on your subnet. That's just for managing it.
Just to be clear. You can then use ports 1-7 (or 8 if only using 9 and 10) for your LAN devices. You don't need a separate switch for this. That's what vlans do. Turns one switch into 2 or more.
