How to get pfSense WAN to accept VLAN 0
-
@michaellacroix
Also wanted to note that when using ix# nic with netgraph on pfsense 2.6 I need to manually set my WAN interface speed at 10g as for some reason when its set to auto select it goes to 1gb where in 2.7 without netgraph it picks up the 10g connection on its own with auto select. Could be because of an updated driver in 2.7??? Not sure -
Hmm, not sure about the link a speed but pfSense would not be setting that directly when using the script since WAN is ng0.
I would certainly expect variation in throughput or loading. In 2.6 everything has to go through the netgraph overhead. That's completely removed in 2.7.
Steve
-
Hi @stephenw10 ,
Do we know if the VLAN 0 issue is fix in the daily snapshots for 2.7? I am still running 2.5.2 because the frontier VLAn 0 issue. PLease advise, I would like to to move to Snapshot if VLAN 0 is fully functional without additional tricks. Thank you. -
If the only issue you were facing was that the ISP was sending priority tagged dhcp replies that is fixed in current 2.7 snaps.
But if you are running an e1000 NIC (em or igb) you still need to disable hardware vlan filtering because of the driver bug.Steve
-
@stephenw10 said in How to get pfSense WAN to accept VLAN 0:
If the only issue you were facing was that the ISP was sending priority tagged dhcp replies that is fixed in current 2.7 snaps.
But if you are running an e1000 NIC (em or igb) you still need to disable hardware vlan filtering because of the driver bug.Steve
My interfaces are showing as igbx, so what options or steps do I need to take if I decide to push my upgrade to snapshot?
-
Then you will need to run:
ifconfig igb0 -vlanhwfilter
Assuming your WAN is igb0.
You can run that at every boot using shellcmd:
https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html#shellcmd-optionSteve
-
Thank you Steve, I will give it a try probably this weekend and report back.
Is this something that will be permanetly fix in the final release of 2.7 or we will need to still use this workaround?
-
Hi All,
I have frontier and use the netgraph script to get my IP from dhcp. I noticed Frontier has a very short dhcp lease so I devised a couple of upgrade plans. I have two upgrade plans. Would like to get opinions on which one is better or if anyone thinks I need to add or change anything. Thanks
Plan 1
-
Set WAN DHCP to static IP (Should have 30min before disconnect).
-
Change interface from ngeth0 to ix0. Verify internet connectivity.
-
Disable shellcmd to run netgraph script.
-
Reboot
-
Proceed with upgrade.
-
If all goes well change WAN interface from static to dhcp.
Plan 2
-
Clean install of 2.7.0
-
Edit backup config.
a. Change WAN interface from ngeth0 to ix0.
b. Disable shellcmd or remove -
Restore config - reboot
-
-
@cucu007 said in How to get pfSense WAN to accept VLAN 0:
Is this something that will be permanetly fix in the final release of 2.7 or we will need to still use this workaround?
The actual driver issue is still outstanding upstream as far as I know so it would ionly be in 2.7 once that's fixed. It might be possible to include a gui option to disable it as a workaround.
Though reviewing the open bug the referenced FreeBSD bug is now closed but also doesn't fit this exactly.
Steve
-
@michaellacroix
Your plan one there would likely fail because netgraph would still be running and attached to ix0. I would disable the NG shellmd and reboot first. Then reconfigure WAN and test/upgrade.Steve
-
@stephenw10
Thanks so much Stephen. I will amend my plan. With that said, do you think plan 1 is better than plan 2?
Thanks again -
I would go with plan 2. Reviewing plan 1 again I can't see how that would work unless it's only DHCP that fails? If so then I guess a static IP might work for some time.... it might not though!
-
@stephenw10
Yeah, I was leaning on that myself. The only two things I need to edit in the config are:- remove the shellcmd section.
- Replace wan interface from ngeth0 to ix0
Thanks again
-
Hi Stephen, I did some testing last weekend importing my config to a test machine and editing the config file. Everything went fine except for the app packages not loading during the restore. If I manually install the packages they work except for HAProxy. I could not get that package to work with 2.7.0. All my interfaces looked good and other config settings imported just fine. I attached some of the log files hoping you might be able to see something I missed. Thanks
PHPError2.7.0.zip -
There are a number of known php issues with HAProxy though I didn't see that one so I opened a new report: https://redmine.pfsense.org/issues/13684
But the WAN successfully pulled a DHCP lease?
-
@stephenw10
Yes! The wan pulled ip no problem. All other config settings and interfaces came through fine also. The issue with the packages is very similar to this:
https://redmine.pfsense.org/issues/12105 -
@michaellacroix
Its also worth mentioning this happens whether I restore the config during install or after install and use the "Backup & Restore" utility in pfsense. -
@stephenw10
This is odd, I did a fresh install pfsense dev on hyper-v and I get an interface mismatch message. This is a fresh install no config restore or anything like that. -
That's expected. There's no default interface config for hnX NICs so it asks you to assign them at first boot.
Steve
-
@stephenw10
Thanks Stephen.
By the way, I was able to get my test machine working with my current edited config file by changing one of my backend servers from its dns name to its IP address in HAProxy. After painfully going over all the lines of the haproxy install script I realized this one server on the backend was the only one I entered with its dns name instead of using its IP address. A restore to my live firewall probably would work since it could reach my local dns.
Only other issue so far is when trying to restore the config during install I get this warning "configuration references interfaces that do not exist : em1" and I get a network interface mismatch message and need to assign my interfaces and the config file does not apply. There is no reference to a "em1" interface anywhere in my config so I'm a little confused about the message. Thanks again for all your help
Mike