Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense image for Oracle IaaS network interface error

    Scheduled Pinned Locked Moved
    Virtualization
    2
    2
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alyssonjetery
      last edited by

      All,

      At this moment there is no pfSense image available for Oracle IaaS, so I decided to create one and test it.

      The process itself is simple, the steps I took are:

      1 - Installed pfSense on VirtualBox
      2 - Configured a WAN interface (em0) with DHCP
      3 - Enabled sshd
      4 - Installed sudo and python packages
      5 - Exported the image to Oracle Cloud following Oracle's documentation for custom images

      The problem is that after the disk comes online and the instance gets a public IP I still can't access it on any ports. Through Oracle Cloud Console I can see the boot log of the instance and here is what I got:

      _Warning: Configuration references interfaces that do not exist: em0

      Network interface mismatch – Running interface assignment option.
      xn0: 2 link states coalesced
      xn0: link state changed to UP

      Valid interfaces are:

      xn0    c6:b0:21:53:37:8f (down) Virtual Network Interface

      Do VLANs need to be set up first?
      If VLANs will not be used, or only for optional interfaces, it is typical to
      say no here and use the webConfigurator to configure VLANs later, if required.

      Should VLANs be set up now [y|n]?_

      It looks like it lost my interface em0. Is there anyway I can make this interface persist even when I change my virtual NIC (from VirtualBox to Oracle Cloud)?

      Do you know what I might be missing?

      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • S
        scross01
        last edited by

        I've had some initial success getting pfSense 2.3.4 running on Oracle Compute Cloud.  It requires several manual changes to the configuration before launching the image on Oracle Cloud

        A few pointers so far:

        • The interfaces names change from em0 to xn0 because VirtualBox and the Oracle Compute hypervisor use different drivers. Oracle Compute is Xen based and pfSense uses the Xen PV-HVM drivers by default for the nics.  The WAN and LAN <if>setting in the config.xml must match the interface names the image boots with on Oracle Compute</if>

        • If the interfaces are not pre-configured correctly pfSense prompts to start the setup on the serial console, but Oracle Compute has no direct console input so the boot halts without any interfaces setup.

        • Both a WAN and LAN interface need to be defined for pfSense to fully boot.  The LAN interface defaults to 192.168.1.1, this needs to be set to correct IP network interface that the instance will be launched with, note the 192.168.1.1 address can't be used even if you create a 192.168.1.1/24 IP network as the first address is allocated for use for the default IP Network routing

        • The default dhclient for FreeBSD 10.3 has issues with the pv-hvm drivers and Oracle Compute due to an issue with TCP RX checksum offloading, which results in the interface not being able to get its IP from DHCP - one workaround is to set hw.xen.disable_pv_nics=1 in the /boot/loader.conf.local, or use manually assigned IP on the interface

        • If you are using pfSense with the WAN interface on the Oracle Compute shared network all traffic is blocked be default as pfSense filters private and bogon ip address ranges on the WAN interface. The Oracle Compute shared network uses a 10.x.x.x range, with floating public IPs. The fix is to remove the <blockpriv>and <blockbogons>from the wan section in the config.xml</blockbogons></blockpriv>

        • Enable sshd to allow remote administration

        • To allow management over the WAN interface add a rule to enable inbound ssh and http(s) traffic

        • To access the webConfigurator over the WAN interface enable the <nodnsrebindcheck>and <nohttpreferercheck>options in the <webgui>section of the config.xml</webgui></nohttpreferercheck></nodnsrebindcheck>

        • The pfSense dhcpd configuration should be disabled as DHCP is already provided in the Oracle Compute Shared and IP networks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post