How to get pfSense WAN to accept VLAN 0
-
Then you will need to run:
ifconfig igb0 -vlanhwfilterAssuming your WAN is igb0.
You can run that at every boot using shellcmd:
https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html#shellcmd-optionSteve
-
Thank you Steve, I will give it a try probably this weekend and report back.
Is this something that will be permanetly fix in the final release of 2.7 or we will need to still use this workaround?
-
Hi All,
I have frontier and use the netgraph script to get my IP from dhcp. I noticed Frontier has a very short dhcp lease so I devised a couple of upgrade plans. I have two upgrade plans. Would like to get opinions on which one is better or if anyone thinks I need to add or change anything. Thanks
Plan 1
-
Set WAN DHCP to static IP (Should have 30min before disconnect).
-
Change interface from ngeth0 to ix0. Verify internet connectivity.
-
Disable shellcmd to run netgraph script.
-
Reboot
-
Proceed with upgrade.
-
If all goes well change WAN interface from static to dhcp.
Plan 2
-
Clean install of 2.7.0
-
Edit backup config.
a. Change WAN interface from ngeth0 to ix0.
b. Disable shellcmd or remove -
Restore config - reboot
-
-
@cucu007 said in How to get pfSense WAN to accept VLAN 0:
Is this something that will be permanetly fix in the final release of 2.7 or we will need to still use this workaround?
The actual driver issue is still outstanding upstream as far as I know so it would ionly be in 2.7 once that's fixed. It might be possible to include a gui option to disable it as a workaround.
Though reviewing the open bug the referenced FreeBSD bug is now closed but also doesn't fit this exactly.
Steve
-
@michaellacroix
Your plan one there would likely fail because netgraph would still be running and attached to ix0. I would disable the NG shellmd and reboot first. Then reconfigure WAN and test/upgrade.Steve
-
@stephenw10
Thanks so much Stephen. I will amend my plan. With that said, do you think plan 1 is better than plan 2?
Thanks again -
I would go with plan 2. Reviewing plan 1 again I can't see how that would work unless it's only DHCP that fails? If so then I guess a static IP might work for some time.... it might not though!
-
@stephenw10
Yeah, I was leaning on that myself. The only two things I need to edit in the config are:- remove the shellcmd section.
- Replace wan interface from ngeth0 to ix0
Thanks again
-
Hi Stephen, I did some testing last weekend importing my config to a test machine and editing the config file. Everything went fine except for the app packages not loading during the restore. If I manually install the packages they work except for HAProxy. I could not get that package to work with 2.7.0. All my interfaces looked good and other config settings imported just fine. I attached some of the log files hoping you might be able to see something I missed. Thanks
PHPError2.7.0.zip -
There are a number of known php issues with HAProxy though I didn't see that one so I opened a new report: https://redmine.pfsense.org/issues/13684
But the WAN successfully pulled a DHCP lease?
-
@stephenw10
Yes! The wan pulled ip no problem. All other config settings and interfaces came through fine also. The issue with the packages is very similar to this:
https://redmine.pfsense.org/issues/12105 -
@michaellacroix
Its also worth mentioning this happens whether I restore the config during install or after install and use the "Backup & Restore" utility in pfsense. -
@stephenw10
This is odd, I did a fresh install pfsense dev on hyper-v and I get an interface mismatch message. This is a fresh install no config restore or anything like that.
-
That's expected. There's no default interface config for hnX NICs so it asks you to assign them at first boot.
Steve
-
@stephenw10
Thanks Stephen.
By the way, I was able to get my test machine working with my current edited config file by changing one of my backend servers from its dns name to its IP address in HAProxy. After painfully going over all the lines of the haproxy install script I realized this one server on the backend was the only one I entered with its dns name instead of using its IP address. A restore to my live firewall probably would work since it could reach my local dns.
Only other issue so far is when trying to restore the config during install I get this warning "configuration references interfaces that do not exist : em1" and I get a network interface mismatch message and need to assign my interfaces and the config file does not apply. There is no reference to a "em1" interface anywhere in my config so I'm a little confused about the message. Thanks again for all your help
Mike -
@stephenw10
heres a pic
-
It must be in the config that is being restored if you're seeing that. I would look in the file directly.
However that's probably better served in a new thread. This one should be exclusively for the VLAN0 issue.
Steve
-
@stephenw10
Thanks Stephen, I opened a new thread for this issue. FYI - I get this message on clean install from scratch. Message does not exist on 2.6.0 install.
Also, I think I found some strange behavior on 2.7.0 when resetting to factory defaults after install, it hangs on reboot. -
@stephenw10 said in How to get pfSense WAN to accept VLAN 0:
I would go with plan 2. Reviewing plan 1 again I can't see how that would work unless it's only DHCP that fails? If so then I guess a static IP might work for some time.... it might not though!
You were right on the money going with plan 2. For anyone out there with the same issue as me the best way to upgrade is to edit your backup config file and change the wan interface to your preference. Not only did I change the wan interface but completely removed the shellcmd package and a lot of left over garbage from past package installs. You can really clean up your config file this way. And if you are using an em or igbx interface you can change your shellcmd (if your using one) to disable vlan filtering so you should be able to grab an IP from your ISP dhcp on your wan interface. Thanks
-
@stephenw10 i know this is an old thread (amazed at what I started here..), but I will admit I set things up and left them. I am still on 2.4.5-RELEASE-p1 (amd64)
Can I move past this version to 2.72? Considering I am using em nic?
Any guidance to save some time would be appreciated.
