How to get pfSense WAN to accept VLAN 0
-
Let me double check Steve, I believe I was using emo as the wan interface but I will verify.
thanks -
@michaellacroix is this an issue with ix? I'm getting frontier in a couple weeks (2gig) and I assume it'll have the same problem. I have an Intel x520-da2.
If it is a problem with pfsense, could I put a mikrotik switch in front of it to strip the tag?
Thanks!
-
@schwiing Doesn't matter what equipment you have because frontier tags their internet connection you will either need to put a switch between your pfs router and ONT or use the netgraph script. Somewhere in this forum are directions to use netgraph. That's what I use.
-
@michaellacroix I'm open to either method. Does netgraph work with 22.05 or did/do you have to downgrade to 2.6 or below?
-
@schwiing I'm using 22.05 and it works great. If you look back in this forum I did run into a problem upgrading from 2.6 to 22.05 and needed to remove a couple of lines from the script. But other than that it works great.
-
@michaellacroix said in How to get pfSense WAN to accept VLAN 0:
@schwiing I'm using 22.05 and it works great. If you look back in this forum I did run into a problem upgrading from 2.6 to 22.05 and needed to remove a couple of lines from the script. But other than that it works great.
Thanks. That gives me some hope.
This is what my script looks like (Let me know if I did it right [the MAC is for my WAN port in PFsense):
https://pastebin.com/LMJhVphx
Do I still need to change my WAN from "ix0" to "ngeth0"? If so, how do I do that?
-
@schwiing Script looks good. Once you run the script you will have an option in the interface assignments section of pfs to change the adapter interface to netgraph
-
@michaellacroix Here is the original github for the netgraph instructions. We only need to worry about the vlan tagging.
https://github.com/MonkWho/pfatt
-
Yeah ix should work with the script. The regression in 2.6 is in the e1000 driver, so em and igb NICs.
-
@michaellacroix Thanks, and sorry for all of the questions so far. I really appreciate the help.
So I don't need the Mac or interface of the ONT itself in the script right (despite the labels in the script?) I put my pfsense wan nic MAC in the script.
Also, regarding the change to ngeth0 is that done in the GUI after rebooting with the script installed or in CLI?
-
@schwiing Correct, you only need the mac and wan of pfs in script.
The change is done in the GUI and and you dont need to reboot. Once the script runs you will see the ngeth option for the wan interface. Make sure you use shecmd to run script on reboots as to lose the interface. -
@michaellacroix as to NOT lose the interface
-
So, I'm trying to get ahead of the game and I installed and ran the vlan0 script. I didn't change interfaces at all, since I'm still on my current comcast DOCSIS connection, but wanted to see if the ngeth0 interface would appear. It did, but I completely lost internet. Should I just wait to run the script when I swap to Frontier (next week) and then swap the interface then? Or, should I not have lost internet by running the script (again, keeping ix0 as my WAN)?
Thanks!
-
If you start tagging traffic VLAN0 and expecting traffic to be tagged VLAN0 when your current ISP does not require it then the situation is undefined. But one outcome is that it all gets dropped and you end up with nothing, yes.
-
That makes sense. I assumed however, that if I don't change the interface from "ix0" (default) to "ngeth0" that nothing would change. But I guess it could have dropped the traffic regardless.
-
Yes the ng script will still be active and tagging even if you're not sending traffic through it. I would actually try setting WAN to ngeth0 since there's a good chance your current ISP doesn't care if you anything. Enabling the script and then not using it will definitely fail though.
-
@stephenw10 i tried swapping to ngeth0 after running the script. 0.0.0.0 WAN. No internet.
-
This is my vlan0 script:
https://pastebin.com/hmywwK5a
All I changed were the commenting of the few lines that @michaellacroix instructed, and the variables for the IF and MAC at the top, which correspond to my NIC. I assume if I did everything right, I'd still maintain internet after swapping to ngeth0, but no joy.
-
@schwiing etc...
I would really advise folks who are having issues with the vlan0 stripping to run virtualized under esxi. You can download a free version of esxi from vmware, and it strips off the vlan0 header so pfsense works fine on the virtualized adapter.
And you get snapshotting too, which I can attest is very useful from personal experience. I run pfsense 2.6 on a AT&T fiber connection using the supplicant method and it works just fine.
You can use it as an interim approach until the move to the new BSD codebase is completed if you want, but as I said, I find the virtualization very valuable.
-
@fresnoboy
I suppose I could try it...maybe with a dedicated box (spare PFsense) and install ESXi with Pfsense virtualized.
. Is there any performance loss running pfsense virtualized? Any other disadvantage?
