How to get pfSense WAN to accept VLAN 0
-
I am using e1000 NICs, are there any solution for those of us or we are to remain in the dark?
-
I wouldn't hold your breathe. Technically its a freebsd shortcoming and pfsense should address it. Negate is basically saying they can do without all the att, verizon, frontier, and all other ISP's that use the vlan zero tag. What a shame. Theirs only a small group of users in this predicament who are technically efficient enough to implement these scripts and changes.
-
This is very sad to hear considering that a $30 walmart router can work just fine with the VLAN 0 from frontier. I also tested using openwrt and those are working fine, but pfsense has been my favorite FW and I would dearly miss it to replace it with something else. I am optimistic Stephen and the team can get something going for those of us using e1000 NICs.
-
yep, i moved on to different hardware..
-
@michaellacroix What hardware you using now?
-
I have a supermicro Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3. I needed something that could handle the 2gb service.
-
@michaellacroix said in How to get pfSense WAN to accept VLAN 0:
X10SLH-N6-ST031 E3-1270 V3
Looks a bit too big for my space, but if you got the space I am sure this can handle it just fine.
-
I think I still have the PC i used that has the e1000 nics in it. I'm going to see if I have time to test over the weekend. I'll let you know.
-
Thank you Michael, are you on ATT or Frontier? I am on frontier. When I was on comcast (xfinity) I never had an issue with this VLAN 0 tag thing.
-
I am on frontier fiber. I also had comcast and didn't have an issue either, They dont do vlan tagging on their connection. It seems to be a phone company thing. If you have the equipment the easiest thing to do is create a vm of the pfsense router from hyperv. The vswitch stripps out the vlan tagging and connects without issues.
-
Hi Michael, I dont have the VM capabilities at the moment...I am sort of focus in doing this natively. Great to hear that you have frontier, so we are in the same page.
-
@cucu007 The easiest thing to do is used a managed switch between the ONT and pfSense. It'll strip the vlan also.
-
Really we want two things to happen here. The e1000 driver needs to be fixed so it passes VLAN0 tagged packets. FreeBSD should probably be accepting priority tagged packets and not dropping them by default. Those two things would negate the need for a script at all on anything but AT&T.
Steve
-
This post is deleted! -
@michaellacroix This is the same error I was getting when I tried to upgrade to 22.05 as well on both igb0 and em0.
-
@cool_corona said in How to get pfSense WAN to accept VLAN 0:
Try to put pfsense into a VM and run VLAN tagging on the WAN interface using VLAN 0.
Then see if it works.
I'm trying to set this up right now - I have Proxmox running and have pfSense installed, but I do not see how to enable VLAN 0 on the WAN interface.
In Proxmox, when I edit the VM pfSense is on and edit the WAN interface, there is a spot for VLAN tag that has the option of "no VLAN" which is the default, but if you put any number outside of 1-4094, the box turns red and refuses to accept it.
Where do you put this configuration? It appears Proxmox thinks VLAN 0 is not a valid tag to put on the interface.
-
Hyper-V uses VLAN 0 for the parent interface as far as I know. I hope nothing will be broken there if pfSense changes its behavior in the future.
-
@jalano said in How to get pfSense WAN to accept VLAN 0:
I have Proxmox running and have pfSense installed, but I do not see how to enable VLAN 0 on the WAN interface.
To tag outbound?
Most of the issues here are that FreeBSD (and hence pfSense) does not accept VLAN0 as valid and drops the packets. Thus if your ISP sends dhcp responses to you tagged vlan0 pfSense never sees them and you never get an IP address.
To work around that a switch the strips the tags allows pfSense to see the traffic. The outbound traffic does not need to be tagged in most cases (AT&T being the exception).Steve
-
@stephenw10 said in How to get pfSense WAN to accept VLAN 0:
@jalano said in How to get pfSense WAN to accept VLAN 0:
I have Proxmox running and have pfSense installed, but I do not see how to enable VLAN 0 on the WAN interface.
To tag outbound?
Most of the issues here are that FreeBSD (and hence pfSense) does not accept VLAN0 as valid and drops the packets. Thus if your ISP sends dhcp responses to you tagged vlan0 pfSense never sees them and you never get an IP address.
To work around that a switch the strips the tags allows pfSense to see the traffic. The outbound traffic does not need to be tagged in most cases (AT&T being the exception).Steve
Exactly what I'm trying to accomplish, but I don't see how in Proxmox I can simulate the switch "stripping the tags". Someone higher up posted that you can do this, presumably with some other software. So I'm unsure how to configure my virtual switch on Proxmox to do this so my pfSense VM can get the DHCP WAN address.
-
@cool_corona I'm trying to do this on Proxmox.
If I'm understanding you correctly, this means on the virtual bridge interface it's just setup as a "trunk" port which accepts tagged VLAN traffic (this is the physical port that's connected to the upstream Frontier device), and within the virtual machine configuration, set virtual ethernet device as an "access" port which is set to VLAN 0?
My only issue is that the Proxmox configuration won't let me pick anything lower than VLAN 1. Does VMWare ESXi let you choose VLAN 0?
