Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Another 2.5 failure - need help...

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 4 Posters 1.2k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG Offline
      Gertjan @krbvroc1
      last edited by Gertjan

      @krbvroc1
      I didn't use the initial cli wizard for many years now, but .... :

      23f200ec-e2b6-442b-bab6-3054e7d02b3b-image.png

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      K 1 Reply Last reply Reply Quote 0
      • K Offline
        krbvroc1 @Gertjan
        last edited by

        @gertjan It refuses to allow me to enter that. That is what my older pfsense version looked like, but the upgrade process destroyed that. And when trying to re-enter it only allows a netmask of 1 to 31 bits.

        Something in the upgrade process disturbs the WAN / WAN6 assignments.

        Even my 'em0' as you have above was replaced with 'vtnet0', which broke a shellcmd I had that added the off subnet gateway.

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          What page specifically is refusing to let you enter that?

          The WAN interface configuration page allows entering a /32, perhaps the wizard doesn't.

          You don't have to use the wizard, you can click the logo in the top left to get out of it.

          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          K 1 Reply Last reply Reply Quote 0
          • K Offline
            krbvroc1 @jimp
            last edited by

            @jimp It is a catch-22 ... the upgrade broke WAN connectivity, so that prohibited me from accessing the web page or even SSH into the router. So I logged in via the serial console and used the '2) Set interfaces(s) IP address' flow. That prompts for a WAN IP and separately for a netmask between 1 and 31. It rejects 32 as an entry.

            F 1 Reply Last reply Reply Quote 0
            • jimpJ Offline
              jimp Rebel Alliance Developer Netgate
              last edited by

              Ah, OK. That's not the "installer" but that particular console script.

              Since the GUI allows /32 there that script should as well, so you can open a bug report on https://redmine.pfsense.org/ with the procedure to reproduce the condition.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • F Offline
                f.meunier @krbvroc1
                last edited by

                @krbvroc1
                can't you just "loose" the mask a little bit (/31 ou /30) just the time for you to access the webGUI and set it back to /32 ?

                (mostly ZOTAC CI or CA nano barebones)

                K 1 Reply Last reply Reply Quote 0
                • K Offline
                  krbvroc1 @f.meunier
                  last edited by krbvroc1

                  @f-meunier I tried lots of things... I don't recall if that was one of them. Those adjacent IP's are used by other devices on the same virtual machine. But it may have worked since these are routed IP and not bridged.

                  And since it would not let me use /32, I assumed pfsense 2.5 / freebsd 12 disallowed that and I didn't even try to see if the webGUI was different.

                  GertjanG F 2 Replies Last reply Reply Quote 0
                  • GertjanG Offline
                    Gertjan @krbvroc1
                    last edited by Gertjan

                    @krbvroc1

                    Hummmm.

                    Normally, as I have to use an up stream ISP router, I chose DHCP for my WAN and forget about it.
                    I just check up front if this ISP router isn't using also the 192.168.1.1/24 LAN network - they normally do - and change that to something like 192.168.10.1/24.
                    All this because I like to keep my pfSense LAN to default (also).
                    This permits me to get a network up and running by just running the initial pfsense console wizard like : ok Ok ok ok ok ok done. Such a situation would be an emergency situation, which I actually never had to apply ....

                    Anyway, I had to wipe my WAN_DHCP gateway first.
                    The I had to change the WAN interface to Static, chose 192.168.10.3 and a mask as /24 (not 32).
                    At that moment, unable to use :

                    73bec3d7-2143-4a2b-bafc-0c33b293d37c-image.png

                    as the WAN static IPv4 didn't exist at that moment - your catch 22.

                    I created the static IPv4 WAN without gateway ( none ).

                    Now I created my new WANGW gateway, where 192.168.10.1 is the IP of my upstream ISP router.

                    1a4da233-b3da-42b5-bc32-b06771c3f9e6-image.png

                    The Monitoring IP is an IP that I own - some server on the net. Not an IP from my ISP.

                    Now, back to the WAN interface, and I could actually assign the Gateway :

                    683e8233-fbd9-43f4-b461-fcb725599c76-image.png

                    At that moment, I switched back to the /32 network :

                    27067af8-aa40-4857-996e-036e26f63b2a-image.png

                    but that broke my WAN uplink.

                    So /24 for the static WAN IP it will be.

                    edit : my console menu looks like this :
                    f26b3b74-145a-4972-950d-7f158b7addbf-image.png

                    so clearly a /24 on the WAN IPv4 - which is NOT what I stated / showed above, several posts earlier.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • F Offline
                      f.meunier @krbvroc1
                      last edited by f.meunier

                      @krbvroc1
                      changing the mask temporarily "may" be ok since you can keep the same IP and it will not overlap other virtual machines.
                      Using /32 address on a WAN interface is somehow a "complex" trick since it will need some dynamic routing to find a gateway and an outbound route.
                      Previously, how was your WAN gateway defined in this pfSense machine ?

                      (mostly ZOTAC CI or CA nano barebones)

                      K 1 Reply Last reply Reply Quote 0
                      • K Offline
                        krbvroc1 @f.meunier
                        last edited by

                        @f-meunier Previously, it was setup with an actual public/32 IP. I then use the 'shellcmd' plugin to run a script which basically performed the following:

                        route add $EXT_GW_IP -interface em0
                        route add default $EXT_GW_IP
                        

                        The was required because FreeBSD will not allow you to add a route outside a subnet, which causes issues with a /32 IP.

                        These IP's are not made up or theoretical, but publicly assigned IPs from the ISP where my server is located. This particular routing setup is similar to some other online ISP I have seen over the years 'OVH'. It creates challenges when setting things up.

                        I probably set this up 5 or 6 years ago, so maybe pfsense 2.2? This was the first upgrade that broke things for my setup.

                        1 Reply Last reply Reply Quote 0
                        • jimpJ Offline
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          For that kind of setup you'll also need the patch from https://redmine.pfsense.org/issues/11433 on 2.5.0/21.02

                          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.