What is the pfSense alternative for /etc/rc.conf in FreeBSD? Is that /etc/rc.conf.local?

maartenv · Nov 3, 2020, 2:30 PM

I want to enable the incoming (optional) aggregated (LACP) link from my ISP towards the two Gateways I received form my ISP. (I have 2 x 1Gbit WAN uplink).

That way I will have an (automatic) redundant uplink with just one IP Address to work with. And clients also only need one IP Address to connect to a server behind pfSense without having to use the Round Robin method.

Also it would make life a lot easier for the rest of the configuration of pfSense, especially because I also will use two (pfSense) nodes with CARP.

Unfortunately there is, as far as I can see, no option to do this in the pfSense Webgui and because pfSense is based on FreebSD and this can be done in FreeBSD very easily, I believe I should also be able to do the same in pfSense from the CLI.

In FreeBSD I need to put something like this in the /rtc/rc.conf file

ifconfig_igb0=up
ifconfig_igb1=up
cloned_interfaces="lagg2"
ifconfig_lagg2="laggproto lacp laggport igb0 laggport igb1 10.0.0.3/24"

Can somebody tell me how to do this in pfSense? Can I use /etc/rc.conf.local for that, or must/can it be done another way?

jimp · Nov 3, 2020, 3:08 PM

pfSense does not use the FreeBSD rc system so that is not possible.

Why not set that up as a LAGG interface in the GUI? (Interfaces > Assignments, lagg tab, pick igb0 and igb1, set LAGG protocol to LACP)

maartenv · Nov 3, 2020, 3:14 PM

Maybe I am doing something wrong (I am new to pfSense), but both WAN interfaces don't show in Assignments. That is why I ask.

jimp · Nov 3, 2020, 3:16 PM

You add the unassigned physical interfaces to a LAGG, then assign the LAGG and give it an IP address

For example if your WAN now is igb0, and you want to put it in a LAGG with igb1, then remove igb1 from Interfaces > Assignments, then create a lagg with just igb1. Then change the assignment of WAN to the LAGG interface, then add igb0 to the LAGG.

maartenv · Nov 3, 2020, 3:25 PM

@jimp
That sounds promising and I will try that later this afternoon or tomorrow because I am afraid that I might lose my remote connection this way.

To be sure, one more question: It is clear to you that the LAGG is initiated by my ISP?

jimp · Nov 3, 2020, 3:33 PM

Using the GUI the way I mentioned would be equivalent to doing the rc method you listed above, so if it worked that way, it should work in the GUI. Doesn't matter who initiates it as long as it speaks LACP.

maartenv · Nov 3, 2020, 4:13 PM

@jimp
If the webgui does the same thing as the rc method, it should indeed do the job. Thanks a lot.

Concerning your: "Doesn't matter who initiates it as long as it speaks LACP." I meant that my ISP also must speak LACP before I can test it. So I have to ask them first to set up the links as LACP, and I don't want do that if it is not sure it will work 100%

MushyMiddle · Mar 25, 2021, 8:25 PM

Old topic, I know, but I have a similar need that I don't think is handled by the GUI.

In my case, I want to create a VM to mirror my production firewall (hardware), down to the interface names. While I can manually change the interface names via ifconfig (e.g. ifconfig em0 name igb0), how do I make this persistent? Surely some script must run at startup that could do this, right?

My use case is so I can test big config changes and updates before deploying for reals, and not have to mentally map things between the two, likely screwing something up along the way.

Thanks...