How to get pfSense WAN to accept VLAN 0
-
Not beyond what's shown here. The script need to be altered to remove the nfctl_attach lines since they are no longer needed. We have one report that it doesn't work still but no packet captures that might show why.
-
Its hard to think that many of us are still dealing with this nighmare of accepting traffic tagged on VLAN 0 at the WAN interface.
Can we please get some traction this item? My $20 bucks router from walmart is able to work just fine, how is it possible that this expensive piece of equipment is not able to get this working under release 2.6.x or 2.7.x, many of us were able to get this working using some hacky way under 2.5.2. Please lets figure this out.
-
There are workarounds. It depends what your ISP actually requires.
If they are sending priority tagged replies to dhcp requests you can just use a switch to strip those tags.
If you need to send and receive priority tagged traffic then you still need the netgraph script to do that and something in the iflib based Intel drivers has broken that. So you ca try using the non-iflib driver or use a different NIC.
Steve
-
Thanks @stephenw10
This post saved my bacon. I have frontier fiber and need the script to obtain an IP on the wan interface due to the vlan 0 issue. When I upgraded I got the same error messages as above and this fixed it for me.
-
Just commenting out the lines from the script?
Can I assume you are using a NIC other an Intel e1000 device? Other NICs should work with that.Steve
-
yep, just commenting out the lines worked for me. Yes, my nic is not e1000 device. The script broke upgrading from 22.01 to 22.05
Upgrading form 2.6.0 was no problem
Upgrading to pfsense 22.01 no problem
Upgrading from 22.01 to 22.05 the script broke with the error message:Fatal error: Uncaught Error: Call to undefined function pfSense_ngctl_attach() in Command line code:1
Stack trace:
#0 {main}
thrown in Command line code on line 1 -
I am using e1000 NICs, are there any solution for those of us or we are to remain in the dark?
-
I wouldn't hold your breathe. Technically its a freebsd shortcoming and pfsense should address it. Negate is basically saying they can do without all the att, verizon, frontier, and all other ISP's that use the vlan zero tag. What a shame. Theirs only a small group of users in this predicament who are technically efficient enough to implement these scripts and changes.
-
This is very sad to hear considering that a $30 walmart router can work just fine with the VLAN 0 from frontier. I also tested using openwrt and those are working fine, but pfsense has been my favorite FW and I would dearly miss it to replace it with something else. I am optimistic Stephen and the team can get something going for those of us using e1000 NICs.
-
yep, i moved on to different hardware..
-
@michaellacroix What hardware you using now?
-
I have a supermicro Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3. I needed something that could handle the 2gb service.
-
@michaellacroix said in How to get pfSense WAN to accept VLAN 0:
X10SLH-N6-ST031 E3-1270 V3
Looks a bit too big for my space, but if you got the space I am sure this can handle it just fine.
-
I think I still have the PC i used that has the e1000 nics in it. I'm going to see if I have time to test over the weekend. I'll let you know.
-
Thank you Michael, are you on ATT or Frontier? I am on frontier. When I was on comcast (xfinity) I never had an issue with this VLAN 0 tag thing.
-
I am on frontier fiber. I also had comcast and didn't have an issue either, They dont do vlan tagging on their connection. It seems to be a phone company thing. If you have the equipment the easiest thing to do is create a vm of the pfsense router from hyperv. The vswitch stripps out the vlan tagging and connects without issues.
-
Hi Michael, I dont have the VM capabilities at the moment...I am sort of focus in doing this natively. Great to hear that you have frontier, so we are in the same page.
-
@cucu007 The easiest thing to do is used a managed switch between the ONT and pfSense. It'll strip the vlan also.
-
Really we want two things to happen here. The e1000 driver needs to be fixed so it passes VLAN0 tagged packets. FreeBSD should probably be accepting priority tagged packets and not dropping them by default. Those two things would negate the need for a script at all on anything but AT&T.
Steve
-
This post is deleted!
