Did you have a specific question?

If you're unsure I would first try installing CE on whatever hardware you have to test it.

Steve

@viragomann said in pfSense on Proxmox via vmbr0 - got LAN access, but no WAN/internet access - why?:

@newsboost
You cannot use a passed-through NIC on Proxmox itself. The only available NIC you can use is enp1s0f3.

That makes completely sense to me and probably explains the error message, thanks! But I'm really confused now, because it seem to work, i.e. it provides VLAN 100 internet access and yet it seems that the interface is still being passed through, because enp1s0f0 = igb0 = WAN and enp1s0f1 = LAN (vlan trunk) = igb1... Are you sure this should not work, because it seem to work? And why does it work, is it kind of "undefined behaviour" perhaps? Great comment, thanks!

That's not a prlausible reason to have two subnets on Proxmox.

The explanation was not good enough... So, VLAN 1 (subnet 192.168.1.0/24) is my management VLAN and the VMs I create in Proxmox should preferably not have access to the management VLAN so I thought the safest and quickest solution would be to use another subnet for all my experimental VMs... That way, they don't have access to the more important devices/machines/printers/servers on VLAN 1... I think this is a better explanation, hopefully...

Just connect the bridge vmbr0 to a physical NIC port and assign a static (!) IP to the bridge in Proxmox. This should be a trusted subnet of course.

You're right - and I did just that and it also works:

209a52c4-6261-487e-9fff-3645ceca5665-image.png

From a logical perspective, this makes much more sense because as you wrote above and after I've been thinking about it, I think it's weird that I can bridge a NIC that has been passed through to proxmox and still get the behaviour that I wanted - but after my improved understanding and after reading your comment, now I wouldn't expect this to work any longer, but it still does... Very weird, it can bridge the NIC when passed through, apparently without internet/network problems!

So to access Proxmox in case of emergency, you have only to assign a static IP within the same subnet to a computer and connect it to the appropriate network port. Then you can access Proxmox independently from the state of pfSense.

It makes completely sense what you're writing and probably the solution could be that I should have two VMBR-interfaces:

One for emergencies, if pfSense does not respond or boot up correctly so I can plugin a network cable and ssh directly into Proxmox and One on subnet 100, such that I can isolate all the VMs from the management VLAN and do experiments without any fear...

Is it really that bad if I put vmbr0 in the VLAN 100-subnet so the proxmox interfaces can be access on two different subnets? Because I've been testing and it seems to work completely fine on two different subnets - although perhaps I would like to later block VLAN 100 from accessing the Proxmox-interface and I can do that by adding a firewall-rule using the pfSense-interface, isn't that right?

Appreciate your comments a lot, thanks!

Well if it's not actually in bridge more I'd expect pfSense to pull a private IP on it's WAN as long as it's set to DHCP.

You probably would have to power cycle to modem to be sure it isn't locked to the MAC address of whatever client you had connected there initially. Or spoof that MAC address in pfSense.

@jarrodsfarrell Did fix the DNS IPv4+6. Post filter is getting tripped so I can't edit my post.

I figured out how to connect my computer to the pfsense vm. On windows server 2016 i went to network connections where i can see all my ethernet adapters. Then i selected in my case ethernet 3 where my computer is connected and the internal lan adapted and bridged the two adapters. In the bridged adapter i changed the ipv4 adress and i was connected to the router.

However now i am connected but still dont have internet and i am able to ping 8.8.8.8 but not google.com i get the error dns could not be resolved when trying to access internet in chrome.

It's because of the new RSC support in the updated hn(4) driver which is apparently broken.
It only supports TCP to when you use OpenVPN (UDP) the traffic is unaffected.
See: https://forum.netgate.com/topic/169884/after-upgrade-inter-v-lan-communication-is-very-slow-on-hyper-v

Steve

Problem fixed by forcing the gateway on the AP to PfSense's LAN IP. I had it set up through /etc/network/interfaces but turns out I had to set it up via

route add default gw 192.168.1.1 wlan0

@benjaminpc said in PfSense AWS OpenVPN kein Internet:

Wenn ich mich aber nun via OpenVPN verbinde kann ich zwar die PfSense pingen aber nicht die Server im LAN Netz
Ebenso haben die Server kein Internet

Beide Symptome könnten hier dieselbe Ursache haben, aber auch verschiedene.
Ich würde die Internet Verbindung der VMs als erstes in Angriff nehmen. Scheint mir leichter zu klären zu sein.

Nachdem die pfSense aus dem Internet erreichbar ist und ihrerseits die Server erreichen kann, besteht mal "physisch" eine durchgehende Verbindung.
Ich nehme an, vom LAN ist nach wie vor alles erlaubt, also die standardmäßige any-to-any Regel aktiv.

Dann versuche mal von einer VM einen Ping auf 8.8.8.8. Wenn das funktionieren sollte, liegt es vermutlich daran, dass die VMs keine Hostnamen auflösen können.

Falls der Ping auch scheitert, könnte das Outbound NAT nicht funktionieren. Dann würde ich die Frage stellen, wie dein WAN konfiguriert ist. Wenn manuell, hast du in den Interface Einstellungen auch das Gateway angegeben?

Sorry, OutBound Nat. Gets tedious typing it every time!

@athish system logs
Dec 11 03:59:13 kernel arpresolve: can't allocate llinfo for 192.168.10.1 on rl0
Dec 11 03:59:14 kernel arpresolve: can't allocate llinfo for 192.168.10.1 on rl0
Dec 11 03:59:14 kernel arpresolve: can't allocate llinfo for 192.168.10.1 on rl0

@mcury said in Erro de acesso aos sites Rico.com.vc e portal.xpi.com.br:

che o navegador, reabra e tente novamente.

Tentarei o Bypass via navegador.

Hi, So you are saying that "reordering you FW rules" then putting them back the way they were fixed you issue with not being able to access the internet after the update to 2.5.2?

MP

@nirmelamoud said in netgate UI stop working, page does not return:

ethernet ports lights on for 10..30 sec than off for 10..30 sec

That sounds more like it's rebooting...? You can try opening a ticket at go.netgate.com.

@gertjan said in netgate UI stop working, page does not return:

Netgate device was sold with this cable

All the models we've bought recently do. I vaguely recall it being an option in the past? I may be misremembering that though. I always leave it in its plastic bag and write on the bag so no one throws it in the cable drawer and it is lost in the neverending sea of cables. :)

Ah es funzt u sieht schon viel besser aus :)

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

I am not sure if this issue was recorded in certain log or not.

WAN events are always logged.
In the logs.
Not a question of being sure : if you want to know, you have a look.

Damn that’s encouraging