USB Ethernet support for AX88179 USB adapter
-
When I plug in the startac USB31000S adapter into the system, it is recognized and brings the interface up as "ue0". I can even configure it for IPv4 and IPv6, but it won't send out DHCP leases, won't ping any other system on the same switch/vlan/subnet, and I don't see any IPv4 traffic at all when I sniff on it. I see much SSDP traffic and ICMP6 and nothing else. Its as if the interface is IPv6 enabled only, which is strange. Is this normal for these adapters with 2.3.4-RELEASE?
ugen4.2: <ax88179 asix="" elec.="" corp.="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (248mA)
bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0210
bDeviceClass = 0x00ff <vendor specific="">bDeviceSubClass = 0x00ff
bDeviceProtocol = 0x0000
bMaxPacketSize0 = 0x0040
idVendor = 0x0b95
idProduct = 0x1790
bcdDevice = 0x0100
iManufacturer = 0x0001 <asix elec.="" corp.="">iProduct = 0x0002 <ax88179>iSerialNumber = 0x0003 <0000249B043782>
bNumConfigurations = 0x0001ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=80008 <vlan_mtu,linkstate>ether 00:24:9b:04:37:82
hwaddr 00:24:9b:04:37:82
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
inet6 fe80::1:1%ue0 prefixlen 64 scopeid 0x7
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active</full-duplex></performnud,auto_linklocal></vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></ax88179></asix></vendor></ax88179> -
Since it says: media: Ethernet autoselect (1000baseT <full-duplex>)
I'm guessing the driver and firmware are both fine. This probably means that it's a configuration issue and not a hardware issue. Maybe you didn't allow firewall access for those IPv4 things?</full-duplex> -
I considered that even after verifying that its not being blocked. Thing is, not even getting mac layer stuff to any of the other devices on that subnet that isn't multicast.
-
I considered that even after verifying that its not being blocked. Thing is, not even getting mac layer stuff to any of the other devices on that subnet that isn't multicast.
What does tcpdump -vvv -i ue0 show? (on the shell)
-
Pretty much just these items (ssdp and icmp6 discovery/advert stuff)
tcpdump: listening on ue0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:24:39.055420 9b:bd:b0:03:08:00 (oui Unknown) > 5e:7f:ff:fa:00:08 (oui Unknown), ethertype Unknown (0x4500), length 134:
0x0000: 007a 0000 4000 0111 c5d6 c0a8 02fa efff .z..@…........
0x0010: fffa 91ce 076c 0066 ef70 4d2d 5345 4152 .....l.f.pM-SEAR
0x0020: 4348 202a 2048 5454 502f 312e 310d 0a48 CH..HTTP/1.1..H
0x0030: 6f73 743a 2032 3339 2e32 3535 2e32 3535 ost:.239.255.255
0x0040: 2e32 3530 3a31 3930 300d 0a4d 616e 3a20 .250:1900..Man:.
0x0050: 2273 7364 703a 6469 7363 6f76 6572 220d "ssdp:discover".
0x0060: 0a53 543a 2073 7364 703a 616c 6c0d 0a4d .ST:.ssdp:all..M
0x0070: 583a 2035 0d0a 0d0a X:.5....
11:24:41.103883 9b:bd:b0:03:08:00 (oui Unknown) > ff:ff:ff:ff:00:08 (oui Unknown), ethertype Unknown (0x4500), length 61:
0x0000: 0031 0000 4000 4011 b372 c0a8 02fa c0a8 .1..@.@..r......
0x0010: 02ff d0b1 7e9c 001d b2dd 4d2d 5345 4152 ....~.....M-SEAR
0x0020: 4348 202a 2048 5454 502f 312e 310d 0a CH..HTTP/1.1..
11:24:41.105133 9b:bd:b0:03:08:00 (oui Unknown) > ff:ff:ff:ff:00:08 (oui Unknown), ethertype Unknown (0x4500), length 61:
0x0000: 0031 0000 4000 4011 b372 c0a8 02fa c0a8 .1..@.@..r......
0x0010: 02ff b1f9 7e9e 001d d193 4d2d 5345 4152 ....~.....M-SEAR
0x0020: 4348 202a 2048 5454 502f 312e 310d 0a CH.*.HTTP/1.1..
11:24:43.745360 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::1:1 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
hop limit 64, Flags [other stateful], pref medium, router lifetime 30s, reachable time 0s, retrans time 0s
dnssl option (31), length 24 (3): lifetime 10s, domain(s): xxxxxxxxxxxx.com.
0x0000: 0000 0000 000a 0965 6972 6567 7561 7264
0x0010: 0363 6f6d 0000
mtu option (5), length 8 (1): 1500
0x0000: 0000 0000 05dc
source link-address option (1), length 8 (1): 00:24:9b:04:37:82
0x0000: 0024 9b04 3782 -
Are any of the offloading options on? In any case: turn all offloading options off, like TCP Checksum etc
-
Nothing is setup for offload, but I have ran out of time and patience on it. The solution is temporary, as the system is way too large and power hungry to use for this purpose anyway. I've ordered a low power fanless solution, and just wait for it to arrive. In the meantime, no DMZ. Annoying, but no disaster.
-
Fair enough. USB Ethernet is a shitshow anyways. Does the fanless PC you ordered have Intel NICs and AES-NI? If so, you'll be set for the next 5 years.
-
4x intel gigabit lan and AES-NI, yeah. I only loaded this up because I was in the lurch when my old firewall device tossed a disk and controller at the same time. Only think I had to remediate quickly so I didn't lose work time.
https://www.amazon.com/gp/product/B0742Q3NT6/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1
If this one lasts as long as the last one (over a decade), I'll be happy.
-
4x intel gigabit lan and AES-NI, yeah. I only loaded this up because I was in the lurch when my old firewall device tossed a disk and controller at the same time. Only think I had to remediate quickly so I didn't lose work time.
https://www.amazon.com/gp/product/B0742Q3NT6/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1
If this one lasts as long as the last one (over a decade), I'll be happy.
Not sure what you paid for it, hope it's not the $400+ price tag on amazon. The box on display is a rebranded Qotom box. You can get an i3 version for half the money and same guarantee and delivery speed at: https://aliexpress.com/store/product/Pfsense-as-router-firewall-4-LAN-Mini-pc-with-core-I3-4005U-Fanless-QOTOM-Q330G4/108231_32807735278.html?spm=a2g0z.12010608.0.0.59105060hnaJ0R
They have smaller and bigger versions too, so if you have the option to cancel at amazon and get the non 'rebranded' version for less that's maybe worth thinking about.
-
I can't wait a week for this to get worked out. The i3 is probably a 2x performer, and would have saved me probably $75 after shipping, but 7 days is too long. If it sucks, Ill ship it back after getting a replacement from ali.