2.5 upgrade is missing USB Ethernet (ue0)
-
I have been using a USB3 1Gbit Ethernet adaptor as my WAN interface on my portable firewall successfully for more than a year on 2.4.x, up until today.
After upgrading to 2.5, my headless firewall failed to come back up. I attached a monitor and keyboard and spotted the error immediately with a message saying that the configuration for ue0 was invalid as there is no device ue0.
I am hundreds of miles from home in Covid19 lockdown with no access to my physical install media. I can't find an installer download option for 2.4.5 so I will have to install an alternative until ue0 support returns to pfSense.
-
@vmb
What kind of adapter were you using? I've only used Asix chipset models, which are dirt cheap. I haven't tried it on a 2.5 box (don't have any usb-ethernet adapters at home), but a quick kldstat -v on my 2.5 box shows axe and axge both present.
As for a 2.4.5 installer, you should be able to find one with some searching, or by asking the right person. -
@dotdash
I am using one of these...
No idea what chipset it has from memory. My pfSense 2.4.5 config sees it as ue0.I have ordered some USB data sticks that should arrive in a couple of days. I will try a fresh 2.5 install with my USB3 Ethernet plugged in. If it's not recognised, I have a plan B that uses FreeBSD 12.2, ZFS, beadm and a useful bootstrap script to turn it into a firewall appliance.
It is dissapointing that the official download has already got rid of 2.4.5 . I could have been up and running again with a saved config.xml on the day the data sticks arrive.
I will have to revisit my disaster recovery procedures and make the following changes:
- Remove/disable upgrade button from pfSense web interface. Download and install updates only as an installer image to build fresh and restore a config.xml .
- Rsync installer images and config.xml to laptops so I will always have the correct installer image to do a recovery with.
- Install beadm on pfSense to make rollbacks possible.
- Create a script to monitor changes to config.xml and create a new ZFS boot environment automatically.
-
I just keep a recent backup and a copy of the previous installer.
For a corporate environment, one should have a spare firewall available. -
@dotdash
I have a spare portable firewall with 2.4.5 installed a couple of hundred miles away but I am stuck in this pointless Covid19 lockdown in England and I can't get home.My corporate firewalls are setup with CARP, with a third machine in each rack as a cold standby/upgrade guinea pig.
-
@vmb That Ethernet adapter uses the Realtek chipset and you can see this link for the solution. https://forum.netgate.com/topic/161076/upgrade-to-2-5-0-went-well-after-an-additional-upgrade-of-the-realtek-ethernet-nic-driver
-
@nollipfsense
Thanks for the URL, I have linked to it here.I will check it later today. It will certainly save a lot of time if it does work. I will try making the changes in /boot/loader.conf.local first as changes here at least stand a chance of surviving future upgrades.
-
re(4) is for Realtek PCI NICs. You probably want ure(4) which has never been included but is now built for 2.6 snaps. See:
https://forum.netgate.com/topic/161352/issue-with-upgrade-and-install-latest-versionFor some reason it seems those devices are loaded as generic cdce in 2.4 and 2.6 but not 2.5. Unclear why yet.
The device will likely work much better with the correct ure driver.
If you need the 2.4.5p1 installer image just open a ticket and we can get it to you: https://go.netgate.com/
Steve
-
@nollipfsense
Sadly the Realtek kernel module didn't work for me. I get a kernel panic, fatal trap 12: page fault while in kernel mode. The intel Atom based device I am using has a Realtek NIC on the motherboard.Fortunately, the FreeBSD 11.3 kernel was still present and I could boot it to delete my /boot/loader.conf.local .
I have come up with a temporary workaround using a VLAN capable Ethernet switch that I have here. I can configure VLANs for WAN and LAN to use the same parent interface. Alternatively, I could use the unused Atheros WLAN as a separate interface for WAN. I have only ever used it to provide a temporary access point, never used it as a client before in pfSense.
-
The ure or re module? Did you try loading either in real time?
As I said the re module will not help you with a USB device, it's a PCI driver.
Steve
-
@stephenw10
Yes, I tried a kldload of if_re.ko . kldstat reported it was loaded but because my machine's onboard Ethernet adapter is a Realtek the in-kernel version had already grabbed the interface.I am looking for a way to upgrade to 2.6.0 from the 2.5.0 console but I can't find a way of doing this using a URL for a 2.6.0 installer image.
-
Yes, you would need to add that line to the loader file to load the alternative re driver in preference to the in kernel driver.
You can't upgrade to an installer image. You could try toedit the pkg repo line in the config file, reboot to apply it, then upgrade using menu option 13.
Add or edit the line:<pkg_repo_conf_path>/usr/local/share/pfSense/pkg/repos/pfSense-repo-devel.conf</pkg_repo_conf_path>
Re-installing to 2.6 directly would be better though.
Steve
-
@stephenw10
Thanks. I will try the repo line edit first. If it fails, I will install 2.6.0 from a flash drive. -
Upgrading to 2.6.0 using the repo edit worked well. I have a running firewall again with USB Ethernet.
-
Nice. Still at the reduced speed though?
You should try adding ure in the loader file so it's present at boot if you have not already.
Steve
-
@stephenw10
It looks like it is being automatically detectedId Refs Address Size Name 1 28 0xffffffff80200000 3ae8530 kernel 2 1 0xffffffff83ce9000 97a0 cryptodev.ko 3 1 0xffffffff83cf3000 3bb8f0 zfs.ko 4 2 0xffffffff840af000 a448 opensolaris.ko 5 1 0xffffffff840ba000 ef18 aesni.ko 6 1 0xffffffff84311000 1000 cpuctl.ko 7 1 0xffffffff84312000 3d00 if_ure.ko 8 1 0xffffffff84316000 b28 coretemp.ko
dmesg shows ue0 binding to ure0 at full speed.
ure0 on uhub0 ure0: <Realtek USB 10/100/1000 LAN, class 0/0, rev 2.10/30.00, addr 2> on usbus0 miibus1: <MII bus> on ure0 rgephy1: <RTL8251/8153 1000BASE-T media interface> PHY 0 on miibus1 rgephy1: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT-FDX, 1000baseT-FDX-master, auto ue0: <USB Ethernet> on ure0
A grep for ure on /boot/loader.conf turns up nothing. I am happy the adapter is working again as it did on 2.4.5 .
-
Ah, that looks good.
Does it report the correct link speed now? Typically it does not using the generic driver.
Steve
-
@stephenw10
ifconfig shows...media: Ethernet autoselect (1000baseT <full-duplex>)
Web GUI says the same for the interface status.
-
I have upgraded my remaining 2.4.5p1 to 2.5.2 today and it correctly recognises the USB Ethernet adaptor using kernel module if_ure.ko .
-
@vmb I have upgraded my 2.5.2 installs to 2.6.0 today. The automatic notifications I have configured made it clear that 2.6.0 works better for me.