Another 2.5 failure - need help...
-
@krbvroc1
I didn't use the initial cli wizard for many years now, but .... : -
@gertjan It refuses to allow me to enter that. That is what my older pfsense version looked like, but the upgrade process destroyed that. And when trying to re-enter it only allows a netmask of 1 to 31 bits.
Something in the upgrade process disturbs the WAN / WAN6 assignments.
Even my 'em0' as you have above was replaced with 'vtnet0', which broke a shellcmd I had that added the off subnet gateway.
-
What page specifically is refusing to let you enter that?
The WAN interface configuration page allows entering a /32, perhaps the wizard doesn't.
You don't have to use the wizard, you can click the logo in the top left to get out of it.
-
@jimp It is a catch-22 ... the upgrade broke WAN connectivity, so that prohibited me from accessing the web page or even SSH into the router. So I logged in via the serial console and used the '2) Set interfaces(s) IP address' flow. That prompts for a WAN IP and separately for a netmask between 1 and 31. It rejects 32 as an entry.
-
Ah, OK. That's not the "installer" but that particular console script.
Since the GUI allows /32 there that script should as well, so you can open a bug report on https://redmine.pfsense.org/ with the procedure to reproduce the condition.
-
@krbvroc1
can't you just "loose" the mask a little bit (/31 ou /30) just the time for you to access the webGUI and set it back to /32 ? -
@f-meunier I tried lots of things... I don't recall if that was one of them. Those adjacent IP's are used by other devices on the same virtual machine. But it may have worked since these are routed IP and not bridged.
And since it would not let me use /32, I assumed pfsense 2.5 / freebsd 12 disallowed that and I didn't even try to see if the webGUI was different.
-
Hummmm.
Normally, as I have to use an up stream ISP router, I chose DHCP for my WAN and forget about it.
I just check up front if this ISP router isn't using also the 192.168.1.1/24 LAN network - they normally do - and change that to something like 192.168.10.1/24.
All this because I like to keep my pfSense LAN to default (also).
This permits me to get a network up and running by just running the initial pfsense console wizard like : ok Ok ok ok ok ok done. Such a situation would be an emergency situation, which I actually never had to apply ....Anyway, I had to wipe my WAN_DHCP gateway first.
The I had to change the WAN interface to Static, chose 192.168.10.3 and a mask as /24 (not 32).
At that moment, unable to use :as the WAN static IPv4 didn't exist at that moment - your catch 22.
I created the static IPv4 WAN without gateway ( none ).
Now I created my new WANGW gateway, where 192.168.10.1 is the IP of my upstream ISP router.
The Monitoring IP is an IP that I own - some server on the net. Not an IP from my ISP.
Now, back to the WAN interface, and I could actually assign the Gateway :
At that moment, I switched back to the /32 network :
but that broke my WAN uplink.
So /24 for the static WAN IP it will be.
edit : my console menu looks like this :
so clearly a /24 on the WAN IPv4 - which is NOT what I stated / showed above, several posts earlier.
-
@krbvroc1
changing the mask temporarily "may" be ok since you can keep the same IP and it will not overlap other virtual machines.
Using /32 address on a WAN interface is somehow a "complex" trick since it will need some dynamic routing to find a gateway and an outbound route.
Previously, how was your WAN gateway defined in this pfSense machine ? -
@f-meunier Previously, it was setup with an actual public/32 IP. I then use the 'shellcmd' plugin to run a script which basically performed the following:
route add $EXT_GW_IP -interface em0 route add default $EXT_GW_IP
The was required because FreeBSD will not allow you to add a route outside a subnet, which causes issues with a /32 IP.
These IP's are not made up or theoretical, but publicly assigned IPs from the ISP where my server is located. This particular routing setup is similar to some other online ISP I have seen over the years 'OVH'. It creates challenges when setting things up.
I probably set this up 5 or 6 years ago, so maybe pfsense 2.2? This was the first upgrade that broke things for my setup.
-
For that kind of setup you'll also need the patch from https://redmine.pfsense.org/issues/11433 on 2.5.0/21.02