How to get pfSense WAN to accept VLAN 0

michaellacroix

@stephenw10
Thanks Stephen.
By the way, I was able to get my test machine working with my current edited config file by changing one of my backend servers from its dns name to its IP address in HAProxy. After painfully going over all the lines of the haproxy install script I realized this one server on the backend was the only one I entered with its dns name instead of using its IP address. A restore to my live firewall probably would work since it could reach my local dns.
Only other issue so far is when trying to restore the config during install I get this warning "configuration references interfaces that do not exist : em1" and I get a network interface mismatch message and need to assign my interfaces and the config file does not apply. There is no reference to a "em1" interface anywhere in my config so I'm a little confused about the message. Thanks again for all your help
Mike

michaellacroix

@stephenw10
heres a pic

stephenw10

It must be in the config that is being restored if you're seeing that. I would look in the file directly.

However that's probably better served in a new thread. This one should be exclusively for the VLAN0 issue.

Steve

michaellacroix

@stephenw10
Thanks Stephen, I opened a new thread for this issue. FYI - I get this message on clean install from scratch. Message does not exist on 2.6.0 install.
Also, I think I found some strange behavior on 2.7.0 when resetting to factory defaults after install, it hangs on reboot.

michaellacroix

@stephenw10 said in How to get pfSense WAN to accept VLAN 0:

I would go with plan 2. Reviewing plan 1 again I can't see how that would work unless it's only DHCP that fails? If so then I guess a static IP might work for some time.... it might not though!

You were right on the money going with plan 2. For anyone out there with the same issue as me the best way to upgrade is to edit your backup config file and change the wan interface to your preference. Not only did I change the wan interface but completely removed the shellcmd package and a lot of left over garbage from past package installs. You can really clean up your config file this way. And if you are using an em or igbx interface you can change your shellcmd (if your using one) to disable vlan filtering so you should be able to grab an IP from your ISP dhcp on your wan interface. Thanks

natbart

@stephenw10 i know this is an old thread (amazed at what I started here..), but I will admit I set things up and left them. I am still on 2.4.5-RELEASE-p1 (amd64)

Can I move past this version to 2.72? Considering I am using em nic?

Any guidance to save some time would be appreciated.

cucu007

@natbart said in How to get pfSense WAN to accept VLAN 0:

@stephenw10 i know this is an old thread (amazed at what I started here..), but I will admit I set things up and left them. I am still on 2.4.5-RELEASE-p1 (amd64)

Can I move past this version to 2.72? Considering I am using em nic?

Any guidance to save some time would be appreciated.

I think the latest release is working as expected and this issue was fixed, at least is working as expected in frontier (ISP).

stephenw10

Yup, the vlan0 bug in e1000 is fixed in 2.7.2: https://redmine.pfsense.org/issues/12821

natbart

@stephenw10 what is the recommended path to upgrade then?

How do I get from where I am now to new version without the need for my script?

stephenw10

What do you have setup currently? Been a while since I was digging on this.
Just the netmap script to allow priority tagged DHCP repies?
You shouldn't need anything in 2.7.2 for that. em can pass vlan0 tagged packets and dhclient can accept them.

natbart

@stephenw10 just the script to allow VLAN 0 from early on.

Could I install 2.7.2 on a new machine and restore everything but the script?

Or how easy to do upgrade in place?
How do I disable the script? It’s been so long. Just looking for a recommended way with least risk and hassle.

stephenw10

You should be able to upgrade. You might have to re-assign the WAN back to the em NIC after upgrading.

natbart

@stephenw10 - apologies if this should go in a new thread, but considering things are fixed in 2.7.2 I am trying to understand how to make the leap from 2.4.5p1 to 2.7.2. I dont see 2.7.2 as an upgrade option! How do I avoid being stuck on a version where I wont be able to get internet?

Screenshot 2024-01-07 at 2.48.27 PM.png

Jarhead

@natbart Why not just do a fresh install? You can even use your existing config during the install so it will be done after the install.
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html

Otherwise you'll have to step through the major updates. Can't just go to 2.7 or even 2.6 from your version.
Fresh install is the best way, heck, my system does the full install and back up and running in under 2 minutes

stephenw10

Yup, I would probably reinstall. And if possible install to a different drive so you can just swap back in the old one if you have to fall back.

natbart

@stephenw10 had a backup machine I upgraded... tested and then upgraded active system.

Still have a question on if backup config file should be in root of FAT32 partition or in E:\config\ -> I had it in both.

Process I followed was to:

1. change interface to em0 pre-upgrade and disable the shellcmd script.
2. Take backup and upload to usb key
3. Connect my Bell MTS ONT to pfSense
4. Reboot and install new

This found the config, recognized and got internet DHCP address for WAN on em0 and installed packages as there was an active internet connection.

No other config changes were needed.

This has been quite a journey from when I first started this thread! Glad to see my script is no longer needed.