My Installation Experience
-
"was no data connection or IP address. Yet it would reliably detect that there was an upgrade available, download it and install it. "
Dude what are you on?? That is just not possible now is it…
Kind of hard to talk on the internet without a IP address..
Where were you seeing that it had no IP, did it show the gateway up with NO ip? So your gui showed you what 0.0.0.0?? What did the console menu show that shows you interface IPs, what did ifconfig show??
-
The only relationship that autonegotiation has to an interface getting an IP address is that a link must be physically up for DHCP requests to go out and for responses to come back.
Edmund, was your pfSense WAN connected directly to your cable modem or was there a switch in between? Are you sure your cable modem was also set to autoneg?
Auto neg has 2 parts: speed and duplex. If one end is forced the other not, speed will often be correct, but duplex is wrong. Duplex wrong is one end thinks "full" the other thinks "half" and you wind up with a lot of errors on the interface.
-
"was no data connection or IP address. Yet it would reliably detect that there was an upgrade available, download it and install it. "
Dude what are you on?? That is just not possible now is it…
Kind of hard to talk on the internet without a IP address..
Where were you seeing that it had no IP, did it show the gateway up with NO ip? So your gui showed you what 0.0.0.0?? What did the console menu show that shows you interface IPs, what did ifconfig show??
This was an installation from a USB drive to the system disk so I was working from the default pfSense stats/dashboard "interfaces" display - my feeling is that the dashboard display is not to be 100% trusted since, as you point out, there must have been a connection there for the upgrade to occur. I don't remember the GUI showing any IP address although I had the green up arrow indicating the cable was plugged in. Looking at the WAN interface it show that it was configured as expected but it would not pull an address if I tried manually - the overall performance of pfSense was very slow unless the WAN interface was disabled so clearly something was going on in the background - two of the cores were at 100%
-
@mer:
The only relationship that autonegotiation has to an interface getting an IP address is that a link must be physically up for DHCP requests to go out and for responses to come back.
Edmund, was your pfSense WAN connected directly to your cable modem or was there a switch in between? Are you sure your cable modem was also set to autoneg?
Auto neg has 2 parts: speed and duplex. If one end is forced the other not, speed will often be correct, but duplex is wrong. Duplex wrong is one end thinks "full" the other thinks "half" and you wind up with a lot of errors on the interface.
The modem was directly connected to the WAN interface via a 6 foot length of CAT5 cable, no switch. In the end I got it to work by replacing the 5 foot CAT5 cable with a 25 foot length of CAT6 cable - with the CAT6 cable it connected at 1000Mbs but refused make a connection at any speed with the CAT5 cable.
The cable modem has no user accessible controls that I can find - I'll check on it's spec but I'd assumed that pfSense would auto-negotiate regardless - at least that's always been my experience in the past. I've ordered a bunch of CAT6 cables to try and do a bit more research into this, I have a ton of CAT5 cables in the bin.
-
cat 5 or 5e? How old are these cables?
-
UPDATE - working with 2.3.2-DEVELOPMENT (amd64) built on Tue Jul 12 18:12:02 CDT 2016 FreeBSD 10.3-RELEASE-p5
I replaced the cable between the WAN i/f and the Cable modem (Motorola Surfboard SB6121) yesterday with a new, three foot long, CAT6 cable. I selected "autoselect" in the WAN interface and initially is showed a 1000Mbs connection - it worked just fine.
This morning I updated to the current release and rebooted (I believe the problem following stem from the reboot) - upon rebooting the system came up and reported that the interface was up but that the IP was 0.0.0.0 - there was no internet connection (Capture1.PNG)
After about a minute I refreshed the dashboard and it reported that the interface was done - note the CPU load at this point in Capture2.PNG. The GUI was very slow, I pulled up the WAN interface to reset it to 100baseTX <full-duplex>- this took a couple of minutes - and then clicked Save. After about 4-5 minutes the system reported 504 Bad Gateway and was completely unresponsive - basically it had hung up. All the WAN and LAN lights on the firewall were flashing but the LAN interface that I was working on was effectively dead.
I pulled the plug on the firewall and it rebooted - it came up with the interface set at 100baseTX <full-duplex>(so the save worked) and is now working fine - Capture3.PNG - the CPU load has returned to normal and traffic is flowing.
</full-duplex></full-duplex>
-
After you updated, you rebooted, a warm restart, not power cycle, yes? If so, have you tried setting WAN back to autoneg (not forced to anything) and power cycling? There could be an issue with incomplete reinitialization of an interface at the driver level that causes issues on a warm restart but on a power cycle everything comes up clean. Reason for asking is that it was fine yesterday, you updated, warm reboot and it had problems.
-
"i even got unlimited amount of public IP's available from my ISP."
IPv6 sure why not… But I find it hard to believe they just give you unlimited public ipv4 addresses..
Aren't public IPs, statically assigned (i.e. NON DHCP)??
in the US, and in Mexico and South America and UK (that I know), people only get 1 IP Address for residential service.
Even in the US, for Commercial service, you only get 2 IPs and you don't get them with DHCP, they are static, so you set them yourself.
Again, what you are saying is that in Germany, you can get up to 16 DHCP addresses from your ISP as a residential user? (Is this Ip V6?)
No not IPv6 , unlimited public IPv4 adresses. This is in Belgium.
I didn't know this till a had a client who had problems with one 1 device that loses his IP-adress daily,
only a reboot from the cablemodem fixed each time this problem.
This device was connected to a simple 8 port gigabit switch, right behind the cablemodem.
After this problem occured multiple times during few weeks, we did call the technical department from the ISP,
and ask if there was possibility that we run out of available public IP-adresses.
Untill that day, i tought that this client only received maximum 8 public IP-adresses, but the technical department confirmed,
that we are getting practicle unlimited IP-adresses, and if we consumed too much public IP-adresses,
that they first give a notice, before cutting down the amount of IP-adresses.
Later we get a note that his problem with this 1 device was a problem with the DHCP server on ISP side.A few days later, i have personnaly tested it out, if it was true, that we get unlimited IP-adresses.
At my home, i have identical cablemodem and ISP internet subcription like the client has,
and this is a residential use (Belgium)
I connected a laptop on the switch right behind the cablemodem, and when i got a public IP each time,
i changed the MAC-adress each time 1 letter or 1 number,and write the used MAC-adress down on a paper,
and got each time automatic a different public IP-adress.
When i changed each time back to the used spoofed MAC-adresses, the IP-adress leases where still active for each public IP-adress that i
early received.
This lease was each time for e period of 1 hour.
I have then released each IP-adress, by using the list of used MAC-adresses, because i didn't need al that different IP-adresses,
and it was for testing purpose.
I have that day tested it with more then 16 different MAC-adresses without any problem for getting a unique different IP-adresses.If i have used Torrent programs at home, and after stopping these, the torrent network users keep sniffing at the TCP listen port that was used by the Torrent programs.
This give sometimes enormous logs full of blockactions in pfSense, if i want this to stop, i changed my MAC-adress of my WAN port in pfSense,
and get a different public IP-adress, and the sniffing one the TCP listen port is gone.
This changing from MAC-adress can i do multiple times when i want.Here in Belgium the ISP offer a few different approach of serving the IP-adresses.
Normally for residential use, they provide a cablemodem with buildin router and Wifi.
This cablemodem uses only 1 Public IP-adress, and assigned private IP-adresses behind this modem.
This modem has a passtrough for connecting at Digibox or Digicorder (Digital TV), and these boxes get a private 10.x.x.x IP-adress assigned by the ISP
for the interactive services.Then there is the option for getting a cablemodem without router and without build in wifi, so called "modem-only", what is prefered for
office use, and will be installed by a ISP technician on costumer special needs.
These modems supply the unlimited dynamic public-adresses, assigned by the DHCP server from the ISP.
And last, there is same cablemodem, but with the option for use with static assigned IP-adresses for bussiness purpose,
for assigning servers etc…I have here at home option 2 with the "modem-only" in combination with the possibility for unlimited Dynamic assigned IP-adresses by DHCP server from the ISP,
because i was few years ago selfemployed in repair and selling ICT equipment, and didn't want the router and wifi provided by the ISP.
Also for testing and other purposes i wanted multiple public-adresses.Grtz
DeLorean -
LOL–I see this has devolved into a discussion about the posters understanding of networks and the network stack...typical for holier than thou programmers (I married one.....sigh..and both my kids are also programmers...sigh....)and network specialists--I don't recall saying anything about being a programmer or a network specialist..so why you mentioned it it is completely beyond me?
I understand perfectly how networks work from the level I need to understand them. Did I sniff" out the packets?..no of course not, I don't have the expertise to do that...nor do I wish to have that expertise or I would have it...did I write F******G scripts or programs to "do it for me" again no--because I simply don't have that expertise nor would I want it or I would have it. Sheesh.
Ask for a little help and get crammed on. Even though I don't have the aforementioned expertise I DO have enough brains to reboot the goddam modem,,, even let it sit for a bit to clear all electricity from the device...and ffs I waited 12 goddam hours for the "lease" to expire. I didn't have to wait at all for Zentyal it just picked up an IP...
To the two people who actually gave me constructive steps to try---I did set the wan interface to 100 FD and back to 1000FD. when on 100FD it again was "online" for approx. 2 minutes and I lost the connection again...and when I went back to 1000 FD it was the same symptoms/issue.
I also have a shitload of brand new cat 5e/6 cables at my disposal and I tried a number of them (4 to be exact). I got fed up with re-installing Zentyal--which works perfectly I might add --and went out and purchased a 120GB sdd...so now in my box I have a mechanical drive (500GB) with Zentyal installed and configured (and working just fine thank you very much-did I say that already?) and a brand new sdd in which I have been trying to install a WORKING PFsense--which hasn't been working out to well tyvm even though the config is exactly the same as Zentyal.
So, I am assuming that the default install of PFsense is doing something that my ISP is not liking and they are cutting me off (like serving out dhcp address on the wan interface-is this possible for a default , next, next,next reboot install? from what I read it wasn't but doesn't hurt to ask here) OR PFsense is NOT completely compatible with my hardware.
All I know for sure is I boot up zentyal and it works fine and has since day one install. Shut down and disconnect Zentyal hdd and reconnect pfsense sdd and can't get an IP on the WAN interface and YES I am not just rebooting the cable modem between shutdowns of the firewall; I am shutting down the cable modem completely for 2 minutes at least and then starting it up again, then I reboot the firewall once the cable modem is online and pfsense STILL gets no WAN ip.
So, I was under the impression that if you followed the default install you would end up with a working firewall when installing pfsense and many have already done this I am sure--but for me and my hardware it is NOT working out. How in the world leaving everything at default and installing the firewall could possibly be construed as "user error" is completely beyond me.
BUT, since the community here at PFsense seems to be of the "holier than thou you must be an idiot" crowd I will take myself on over to the Zentyal crowd and just re-install next years developer version. I mean you should see the support people are getting in the community user forums at Zentyal--true open source atmosphere.
If it helps any, untangle wouldn't work (I forget why) nor did clear OS (wouldn't detect one of my nics), opnsense does the same thing pfsense does (huh imagine that!)...I would assume that the debian based Zentyal is simply "more" compatible with a larger pool of hardware than the freeBSD based pfsense and opnsense although my tiny non-programmer, non-network specialist brain is probably wrong about that to huh?
Cheers people and thank you once more to the people who offered constructive suggestions instead of belittling my efforts and offering non-constructive criticisms.
Have a nice life everyone.
-
"So, I am assuming that the default install of PFsense is doing something that my ISP is not liking"
And where is the sniff?? Holier than thou? How are you going to troubleshoot anything with just freaking guesses..
There was a thread quite some time back where could not get a dhcp address.. Well it was it was because his dhcp server was over 16 hops away, and the dhcp client was setting ttl 16 hop limit.. So we recompiled and there you go he was getting an IP.
What actual info have you provided here to help you? Bumpkiss is what… I connect pfsense and it doesn't get an IP... Help me..
-
LOL–I see this has devolved into a discussion about the posters understanding of networks and the network stack..
That wasn't a discussion, just a explanation how the ISP works here in Belgium
BUT, since the community here at PFsense seems to be of the "holier than thou you must be an idiot" crowd I will take myself on over to the Zentyal crowd and just re-install next years developer version. I mean you should see the support people are getting in the community user forums at Zentyal–true open source atmosphere.
This is a forum for getting help for free, so you don't have to be rude because you run a little bit frustrated because pfSense
doesn't work at the first time.
And if you don't like the support here, go ahead and go to Zentyal if you feel better there.
And last, we do not pretend to be holier, but who started with the first sentence "i have 25 years of experience…." ?
Not we, but you, so if like to be a smartass and can't appreciate the help people are giving to you, then figured it out for yourself !!!
