How to get pfSense WAN to accept VLAN 0
-
The subnet and VLAN ID used here are completely independent. Though you will often find people set them up to use the same values as it's much easier to read like that.
What I expect to see there is one switch port connected to the ONT and another connected to the pfSense WAN. However you have ports labeled WAN and LAN? It doesn't actually matter what they're labeled of course as long as the WAN traffic is passing through that VLAN4094 segment it will strip the VLAN0 tags.
Steve
-
@schwiing If your going to get the 2g service from frontier to take advantage of it you will need a switch with at least 2.5gb ports.
-
Ugh I totally messed up my labels on accident. I renamed one to say "ONT" and the other "WAN". Good catch.
They're both 10gb SFP+ ports that can negotiate at 2.5, 5 or 10g so it should work fine I think.
-
@schwiing Sounds like your good to go.
-
@schwiing said in How to get pfSense WAN to accept VLAN 0:
Ugh I totally messed up my labels on accident. I renamed one to say "ONT" and the other "WAN".
They're supposed to be ONT and WAN.
-
@jarhead Yep, that was my mistake earlier. I renamed them from my original screenshot. Now just waiting for frontier to allow me to order service...despite putting a hanger on my door saying "Fiber is Here. Order today" last week.
Much appreciated all!
-
@schwiing Do you mind me asking what city and state your in? I'm curios about frontiers fiber rollout. I'm in New Haven CT. Thanks
-
@michaellacroix Ha! Wallingford here.
They're still building out a lot of CT towns including New Haven. Pretty sure there's not many areas in New Haven with fiber yet. -
@michaellacroix Houston, TX (Southeast)
Most of my neighborhood has had Frontier for a number of years, and Verizon FiOS before that (lots of Verizon plates in the sidewalk). It just started expanding to my section starting end of June, and my street (including the front of my property) has a fiber vault with conduit + fiber ran as of 2 weeks ago...so I'm hoping it'll be ready to order soon.
As I read more about the subject I see a lot of users from CT, so it sounds like a popular rollout spot as well.
-
Hey Folks! Crazy the life my post took on. I had a little one and stepped away for a bit.
Can someone get me up to speed? Does my script work in the latest build? Is it still needed to get VLAN0 to work?
I am currently on: 2.4.5-RELEASE-p1 (amd64) with em0/1 nics
Is it safe to go to 2.6.0 or should I be going 2.5.x?
-
Yes, the script still works.
-
@c45p32 thanks! I thought I had seen some messages fly that my script stopped worked in 2.5.x & 2.6.x?
-
@natbart Do not go to 2.6, it will break....I am still under 2.5.2 and it does work in that release....we are all waiting for a fix on 2.6.
I am thinking about jumping ship to OPNSENSE, but I love pfsense so much that I am debating at this point since I dont know for sure its fix under OPNsense....I dont have a spare box to test and can't afford to have the wife without internet.
-
@natbart I am using igb0-igb4 network cards.
-
I’m using igb0 on 22.05, and I used the same script on 2.6.0 without issue.
-
@cucu007 said in How to get pfSense WAN to accept VLAN 0:
@natbart Do not go to 2.6, it will break....I am still under 2.5.2 and it does work in that release....we are all waiting for a fix on 2.6.
I am thinking about jumping ship to OPNSENSE, but I love pfsense so much that I am debating at this point since I dont know for sure its fix under OPNsense....I dont have a spare box to test and can't afford to have the wife without internet.
It is fixed on opnsense.
-
What exactly is fixed there? The e1000 driver handling of VLAN0 tagged traffic?
Or it accepts priority tagged traffic without a netgraph script? Though I guess that would also require en e1000 driver fix.
Steve
-
@stephenw10 - can you comment on the ability to move past 2.4.5 and still have my script tag VLAN 0 traffic and work with my em0/em1?
Both ethernet ports are using Intel chipsets:
LAN1 = i217-LM
LAN2 = 82583V -
@jarhead Thank you jarhead for the confirmation.
Its taking Netgate way too long to fix this problem, I am not sure if we dont have adecuate people working on the development of this solution....but if it is indeed fixed under OPNsense why can pfsense that has been longer in the market than OPN able to fix this? I dont understand.
-
As I understand it opnsense inherited this fix with the move to FreeBSD 13. That will happen in pfSense when we move from 12-stable in the next release.
Developer time is limited and the resources required to backport it to 12 are not justified for the relatively small number of users who are hitting it. Especially when there are workarounds and it will be fixed anyway by the base update.Steve