Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?



  • Update: it is working now i had an issue with my ports :) physically...

    piece of advise. dont use ports 1,2 and 7,8 use 1234..... lol

    Hi all,

    So I originally had setup PFsense with the help of a friend and recently my UPS died and the box got messed up and well... now its not working

    I need to reconfigure everything and even know i had a recording of the original setup it doesnt work. My hyppotesis is either DHCP misconfig or VLAN misconfig

    Here is my hardware setup :
    Smart switch: GSS108E – ProSAFE 8-port Gigabit Click Switch
    HArdware: ESXi Box (dell mini pc with only one nic.
    NICS: virtual nics VMX0 and VMX1

    Now I first tried doing my thing:

    Vlans in ESXi: Outside ID : 30 everything else default
    Switch: This was the prior setting when it used worked

    30-uT000000
    0-uuuuuuuu

    • modem coming to port 1, port 2 going to esxi/pfsense

    Since that did not work I then followed this guide on :

    https://blog.spirotot.com/2016/06/28/pfsense-vlans-with-one-nic-nuc-a-tp-link-tl-sg108e/

    Inside 10: t-x-u-u-u-u-u-u
    Outside 30: t-u-x-x-x-x-x-x
    Default 1: u-u-u-u-u-u-u-u

    411d69c6-5b9a-45d2-9756-de813ec578e6-image.png

    • I tried also tried labeling VM network en ESXi as both 10 and 0 *default

    IF i leave the switch with only 3 things connected I'm not able to access neither ESXi nor PFSense upon enabling VLAN; however, if I connect my home router (linksys router/wireless AP EA900 - also has vlans options but very basic) in any port to any of its non-internet ports (as in ports 1-4 not the internet port, and I set up DHCP in my desktop, and the router, I can access PFsense and ESXi. IF i disable DHCP in the router or attempt to assign static on my PC to either router or AP it wont work.

    Using this method I Can actually receive an IP in my WAN interface but no internet. See images bellow

    At some point, I clicked diagnose when input my static IP and windows set up DHCP but towards the modem and therefore my desktop had a public IP.

    IMAGES

    d3159ebb-f51a-4bda-bac1-9357e2bfbe5f-image.png
    b91c333d-6422-42f7-9250-9fb915495204-image.png
    90bc2f8b-8556-4ebb-8f00-dcadd90653c5-image.png
    bce67362-6128-4cba-8b59-4b109a120077-image.png
    19458930-6972-4a48-9228-1d434433e51a-image.png
    ed49038b-93e5-4edc-bbd6-c050e9196da3-image.png


  • Netgate Administrator

    So you have a single NIC on the actual ESXi host and trunk the VLANs to it? Then you are separating the VLANs in the virtual switches and presenting the traffic untagged to pfSense?

    Steve



  • @stephenw10 said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

    So you have a single NIC on the actual ESXi host and trunk the VLANs to it? Then you are separating the VLANs in the virtual switches and presenting the traffic untagged to pfSense?

    Steve

    Hi Steve,

    Im' not sure what you are referring to, noob with Vlans afterall; however here is what i did.

    1. I created the following port group in ESXi:
      Outside Port group 30: 1 port assign (pfsense)

    2. I created the following Vlans on the switch which is using 802.1Q:
      Vlan30: utxxxxxx
      vlan 1: xuuuuuuu

    Port id:
    Port 1: ID 30
    port 2-8 ID 1

    Connected hardware as follow:
    Modem to port 1 on Smart Switch
    Smart switch port 2 , to ESXi

    At this point I dont even get an IPV4 address from Comcast. I talked with their support and they stated they cant reach my router.


  • Netgate Administrator

    It looks like the vswitch is not passing the VLAN30 tagged traffic to pfSense.

    Either it's not passing it at all or maybe passing it still tagged and VLAN30 is not configured in pfSense.

    Steve


  • LAYER 8 Global Moderator

    if you want tags to be passed on a vswitch in esxi you have to set the vlan id to 4095 on the vswitch/port group



  • @johnpoz said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

    if you want tags to be passed on a vswitch in esxi you have to set the vlan id to 4095 on the vswitch/port group

    Hi John, So instead of lan id 30 on ESXI i set 4095? How about in the smartswitch (physical) leave as 30 or set as 4095 as well?



  • @thekamikazepr said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

    @stephenw10 said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

    So you have a single NIC on the actual ESXi host and trunk the VLANs to it? Then you are separating the VLANs in the virtual switches and presenting the traffic untagged to pfSense?

    Steve

    Hi Steve,

    Im' not sure what you are referring to, noob with Vlans afterall; however here is what i did.

    1. I created the following port group in ESXi:
      Outside Port group 30: 1 port assign (pfsense)

    2. I created the following Vlans on the switch which is using 802.1Q:
      Vlan30: utxxxxxx
      vlan 1: xuuuuuuu

    Port id:
    Port 1: ID 30
    port 2-8 ID 1

    Connected hardware as follow:
    Modem to port 1 on Smart Switch
    Smart switch port 2 , to ESXi

    At this point I dont even get an IPV4 address from Comcast. I talked with their support and they stated they cant reach my router.

    Thats what I beleive is happening as well. So where should i start looking into this? smartwitch, vswitch, vport, or pfsense?

    on my prior deployment (before it all went to mayhem, i had no vlans configured in PFsense.


  • Netgate Administrator

    Indeed it looks like you have separate internal interfaces for WAN and LAN on the pfSense VM with no VLANs. So the tags must be removed in the vswitch; you do not want to trunk the tagged traffic.

    Steve



  • @stephenw10 said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

    Indeed it looks like you have separate internal interfaces for WAN and LAN on the pfSense VM with no VLANs. So the tags must be removed in the vswitch; you do not want to trunk the tagged traffic.

    Steve

    So to make sure I understand,

    I keep my tags in the physical smart switch, Netgear; however, I must remove/modify the Vswith tags in ESXi to either 0 or 4095 like @johnpoz said?


  • LAYER 8 Global Moderator

    if you going to let esxi break out the tags then you would set them to what they are in your physical network and then pfsense would see the traffic as untagged on a native interface.

    If you want to pass the tags to pfsense and let it sort it out via its own vlan interfaces then you would set 4095 on the vswitch the vlan traffic would pass through be it 30,40, 100 or whatever vlan ID you use on your real switches and the vlan ID you set in pfsense.



  • @johnpoz said in Noob: Can't get PFSense to work, IP on WAN but no internet. VLAN dhcp issue?:

    if you going to let esxi break out the tags then you would set them to what they are in your physical network and then pfsense would see the traffic as untagged on a native interface.

    Is this what I was attempting and did not work?


  • LAYER 8 Global Moderator

    well for starters your switch config is borked you have every port still in vlan 1..

    looks like you have multiple ports with multiple untagged ports.. Does not work that way.. What switch is that - is it a tplink they have models that do not allow you to remove vlan 1 which makes them utter junk!!



  • @johnpoz @stephenw10 got it to work! i updated the main threat... basically yeah i had port 1 on port 8 anmd port 8 on port 1


Log in to reply