How to get pfSense WAN to accept VLAN 0
-
I have several CE test boxes running current snapshots and they have been pretty stable for some time now. Still hard to recommend using it in 'production' though.
If you can test it that helps any issues of course.Steve
-
Hey guys- I'm using Ziply fiber- which used to be frontier. It is doing exactly this. No ip address on WAN. I've updated my netgate 4100 to the latest dev build and ran the command "ifconfig ix2 pcp 4" and it shows the flag being set correctly. Still no IP address.
I don't understand why this is even a problem. (I get it is because of vlan0-still) How can a major firewall manufacturer...which I actually paid for by the way...not allow all ISPs to work on their device? How can you then- choose to NOT support me. My last request for zero setup was completely ignored- now I know why. I've been in IT for a very long time and this is the first time I've ever run into something like this. First thing I'm doing for my new job is ripping out all the netgate devices that I'm responsible for- why trust a product that just doesn't even work on some internet connections in 2022?????! Absurd!
-
@jhiggy If you run pfsense in a virtual machine (ESXi is free for this), then you avoid this issue, and get a lot of advantages like snapshots that are very useful features that are not built into PFSense.
To be honest, this stupidity that AT&T started (and now other Arris based ISPs use) with using VLAN0 and such is highly unusual. They make it very hard for you to use your own equipment. I would not be so harsh on the Netgate people as much as your ISP who inflicts this stupidity on the world.
I think folks who have to suffer with these ISPs do have a great option by running in a ESXi VM. So it's not the end of the world even if this bug isn't fixed for a long time.
-
@jhiggy You might be hitting something else there because current 23.01 snaps can accept priority tagged traffic and can accept dhcp offers tagged that way.
You don't usually need to add priority tags to the replies so setting a pcp value shouldn't be required.
Perhaps that ISP has some other requirement like a vlan tag?The only thing outstanding there is the driver bug in e1000 that requires vlan hardware tagging be disabled. You wouldn't hit that on an ix NIC though.
Steve
-
Sorry- I'm obviously really upset- I've flashed this brand new device 4 different times now with different versions with no luck. (I refuse to use that script- maybe it would work?) I purchased this so that I could learn the new Pfsense OS for my job and time is out. =/ All I know is that I've had an Edgerouter and Unfi gateway working out of the box-along with pfsense installed on a server. I also just tested with a cheap asus router working. Ziply has a hard time replacing an ONT that works with 99.9% of routers out there so I'm stuck.
What else can I try?
I tried the dumb switch between the ont with no luck either. I tried an untagged port in my unifi switch- same. It always detected it but always shows 0.0.0.0 as the ip. (I've reset the ONT and had ziply repush the config as well)
-
First thing to do it grab a packet capture of the DHCP traffic on the WAN and see what's actually arriving. What made you think your ISP is using traffic in the first place? Perhaps you already saw it in a pcap?
https://docs.netgate.com/pfsense/en/latest/diagnostics/packetcapture/webgui.html
Steve
-
@stephenw10
Hi All, in my testing with the limited equipment I have I noticed there is a small but noticeable performance increase with my wan connection when using 2.7.0 vs 2.6.0 using the netgraph script. When i get a chance i'll do a iperf throughput test to see if its actual or just me..
Has anyone else experienced this? Thanks All -
@michaellacroix
Also wanted to note that when using ix# nic with netgraph on pfsense 2.6 I need to manually set my WAN interface speed at 10g as for some reason when its set to auto select it goes to 1gb where in 2.7 without netgraph it picks up the 10g connection on its own with auto select. Could be because of an updated driver in 2.7??? Not sure -
Hmm, not sure about the link a speed but pfSense would not be setting that directly when using the script since WAN is ng0.
I would certainly expect variation in throughput or loading. In 2.6 everything has to go through the netgraph overhead. That's completely removed in 2.7.
Steve
-
Hi @stephenw10 ,
Do we know if the VLAN 0 issue is fix in the daily snapshots for 2.7? I am still running 2.5.2 because the frontier VLAn 0 issue. PLease advise, I would like to to move to Snapshot if VLAN 0 is fully functional without additional tricks. Thank you. -
If the only issue you were facing was that the ISP was sending priority tagged dhcp replies that is fixed in current 2.7 snaps.
But if you are running an e1000 NIC (em or igb) you still need to disable hardware vlan filtering because of the driver bug.Steve
-
@stephenw10 said in How to get pfSense WAN to accept VLAN 0:
If the only issue you were facing was that the ISP was sending priority tagged dhcp replies that is fixed in current 2.7 snaps.
But if you are running an e1000 NIC (em or igb) you still need to disable hardware vlan filtering because of the driver bug.Steve
My interfaces are showing as igbx, so what options or steps do I need to take if I decide to push my upgrade to snapshot?
-
Then you will need to run:
ifconfig igb0 -vlanhwfilterAssuming your WAN is igb0.
You can run that at every boot using shellcmd:
https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html#shellcmd-optionSteve
-
Thank you Steve, I will give it a try probably this weekend and report back.
Is this something that will be permanetly fix in the final release of 2.7 or we will need to still use this workaround?
-
Hi All,
I have frontier and use the netgraph script to get my IP from dhcp. I noticed Frontier has a very short dhcp lease so I devised a couple of upgrade plans. I have two upgrade plans. Would like to get opinions on which one is better or if anyone thinks I need to add or change anything. Thanks
Plan 1
-
Set WAN DHCP to static IP (Should have 30min before disconnect).
-
Change interface from ngeth0 to ix0. Verify internet connectivity.
-
Disable shellcmd to run netgraph script.
-
Reboot
-
Proceed with upgrade.
-
If all goes well change WAN interface from static to dhcp.
Plan 2
-
Clean install of 2.7.0
-
Edit backup config.
a. Change WAN interface from ngeth0 to ix0.
b. Disable shellcmd or remove -
Restore config - reboot
-
-
@cucu007 said in How to get pfSense WAN to accept VLAN 0:
Is this something that will be permanetly fix in the final release of 2.7 or we will need to still use this workaround?
The actual driver issue is still outstanding upstream as far as I know so it would ionly be in 2.7 once that's fixed. It might be possible to include a gui option to disable it as a workaround.
Though reviewing the open bug the referenced FreeBSD bug is now closed but also doesn't fit this exactly.
Steve
-
@michaellacroix
Your plan one there would likely fail because netgraph would still be running and attached to ix0. I would disable the NG shellmd and reboot first. Then reconfigure WAN and test/upgrade.Steve
-
@stephenw10
Thanks so much Stephen. I will amend my plan. With that said, do you think plan 1 is better than plan 2?
Thanks again -
I would go with plan 2. Reviewing plan 1 again I can't see how that would work unless it's only DHCP that fails? If so then I guess a static IP might work for some time.... it might not though!
-
@stephenw10
Yeah, I was leaning on that myself. The only two things I need to edit in the config are:- remove the shellcmd section.
- Replace wan interface from ngeth0 to ix0
Thanks again
