Initial setup issues

wizardofwhere · Mar 5, 2021, 7:23 PM

Looking for input if anyone has some time. I decided to set up a dedicated hardware firewall in my home and pfsense looks like a great piece of software. So...

I originally had a Linksys wrt3200 router I set up as a dedicated VPN as per the ExpressVPN instructions. I have 2 Access Points and a Netgear switch wired directly to the VPN with various computers, and wireless devices connected. Everything was connected and working well.

I then took an old system

AMD FX-9590 Eight-Core processr 3.4Ghz processor
32Gb RAM
1TB SSD
2 Intel chipset PCIe NICs (recommended in the setup instructions)

I wiped the SSD, installed a fresh copy of pfsense. I used the default settings during the command line installation. I then ran ETH cable from the WAN port of the cable modem to the WAN port I designated during the pfsense setup. I ran an ETH wire from the LAN port I designated during the pfsense setup to the WAN port of the Linksys wrt3200. I booted up the pfsense box again and when the command line interface showed up I could see it acquired an IP from the modem (the same one the linksys had 20 minutes earlier) and had a LAN IP of 192.168.1.1

So, I went to a PC behind the linksy wrt3200 (192.168.132.1/255.255.255.0) typed in 12.168.1.1, logged in using the pfsense default parameters and the start screen appeared. I walked through the default setup process, the parameters loaded and I was back at the Dashboard. I could see the WAN had a green UP arrow and it had acquired an IP to the world from the modem. The LAN showed a green UP arrow with the 192.168.1.1.

I went to the DHCP and it showed the default settings:
Subnet 192.168.1.0
Subnet mask: 255.255.255.0
Available range 192.168.1.1 – 192.168.1.254
Range 192.168.1.10 to 192.168.1.245

It worked for a while then nothing. I rebooted the modem, then the pfsense box then the linksys, logged back in to the pfsensse box and now the WAN alternates between N/A or nothing where when it was working it shows 1000baseT <full-duplex>

I’m not completely ignorant of tech as it is a hobby but I can’t figure it out.

Oh, the pFsense software 2.5.0
DNS server(s) 127.0.01, 1.1.1.1, 1.0.0.1
Firewall floating rules: none
Firewall WAN Rules were there when I ran through the default setup (red X to the left of both)

Source: RFC 1918 networks Description: block private networks
Reserved Not assigned by IANA, Description: Block bogon networks

Firewall LAN rules (green checks to the left of each):

LAN Address Port 443 and 80 description Anti-Lockout Rule
Protocol IPv4, Source LAN net, Description Default allow LAN to any rule
Protocol IPv6, Source LAN net, Description Default allow LAN IPv6 to any rule

Any help is greatly appreciated. If you provide an answer and I don't get back quickly, my job has nothing to do with tech and I'm at work. Thx in advance.

SteveITS · Mar 5, 2021, 7:36 PM

@wizardofwhere said in Initial setup issues:

then ran ETH cable from the WAN port of the cable modem to the WAN port I designated during the pfsense setup

Hopefully you mean the cable modem LAN port to the pfSense WAN?

I am unclear why you still have the Linksys involved? It sounds like you've added pfSense as a third router for some reason (counting the cable modem).

It sounds like the pfSense WAN is losing its connection? Did you try another patch cable?

kwirth01 · Mar 5, 2021, 7:55 PM

@wizardofwhere

What are you using the linksys for? That may be complicating things. Also, did you set the duplex settings or leave as automatic (default)? When I change mine from automatic, I have the symptoms you describe.

wizardofwhere · Mar 5, 2021, 8:01 PM

@teamits Yeah, sorry. What I meant is I connected the pfsense box to the only cat5 port on the modem. I used the same cables, I just inserted the pfsense box and moved the router back one position. I'm leaving the VPN in for two reasons. I paid for the software and hardware and I haven't figured out how to set up expressvpn within pfsense. I figured I'd chip away one step at a time. I actually put my network back the way it was and plugged the pfsense box into a switch and brought up the setup screen so I can look at it. I'm connected to it through the linksys so it acquired a local IP. When I set it up earlier today I went from the cable modem to the WAN port of the pfsense box with a brand new cable. I'm using that cable right now so I know it works. Thanks BTW

wizardofwhere · Mar 5, 2021, 8:03 PM

@wizardofwhere Oh, I missed part of your reply. Duplex? do you mean the WAN?

kwirth01 · Mar 5, 2021, 8:05 PM

@wizardofwhere yes,did you change it or leave default?

wizardofwhere · Mar 5, 2021, 8:10 PM

@kwirth01 Right now it is autoselect and I have it plugged in to a netgear switch. As I understand it, the pfsense box is reaching through the switch to the linksys router and acquiring an IP on the LAN. Interestingly, now it is 0.0.0.0 and it alternates from acquiring an IP on the LAN and reaching past the linksys to acquire an IP to the world (the same on the linksys has). Odd Anyhow. it is 0.0.0.0 as I write this.

kwirth01 · Mar 5, 2021, 8:14 PM

@wizardofwhere are you running dhcp on both routers? Make sure they are different segments. I would start by removing the linksys and focus on getting just pfsense working. All of your traffic you want to go through the pfsense I am guessing so get your basic network up first. After it is stable, then add the linksys later to add vpn.

wizardofwhere · Mar 5, 2021, 8:18 PM

@kwirth01 When I first set this up I set the pfsense box DHCP so it would only allocate 1 IP (the one the linksys needed). I did this as I noticed that initially, all of my devices were reaching past the linksys router to the pfsense box and acquiring an IP from it which kind of defeated the purpose of having a VPN. I wonder, if I turn off DHCP on the pfsensse box will it just act as a firewall and send all the traffic to the linksys router?

SteveITS · Mar 5, 2021, 8:19 PM

@wizardofwhere said in Initial setup issues:

the pfsense box is reaching through the switch to the linksys router and acquiring an IP on the LAN. Interestingly, now it is 0.0.0.0 and it alternates from acquiring an IP on the LAN and reaching past the linksys to acquire an IP to the world

Not sure I understand. If the pfSense WAN is plugged into the cable modem it can't communicate with the Linksys.

OTOH I have seen cable modems be rather picky about what router is plugged in, and need the cable modem booted after switching out routers.

kwirth01 · Mar 5, 2021, 8:23 PM

@wizardofwhere I would disable dhcp on one of them and hard code the addresses of both routers. You are going to need rules in place to forward the traffic. Both devices have firewalls and are also routers. Your best bet is to get pfsense working and then incorporate the vpn.

wizardofwhere · Mar 5, 2021, 8:24 PM

@teamits I have to have my network up for the next several hours so I have it back to its original configuration with the linksysVPN at the head end. TIl I can get back to the issue, it now goes from the modem to the linksysVPN. from there to a netgear 6 port switch, an access point is plugged into the switch as well as another cable that travels to another negtear switch. At that switch, several devices, another access point and the pfsense box are plugged in. Everything is working fine. Except the pfsense box. The WAN is alternating between 0.0.0.0, then to a LAN IP then to the WAN IP then back to 0.0.0.0.

kwirth01 · Mar 5, 2021, 8:28 PM

@wizardofwhere I think you have the pfsense plugged into the wrong place. I would have modem, to pfsense wan, pfsense lan to switch, vpn is going to take some work because that also needs wan access. You probably need the linksys plugged into same switch and rules on the pfsense to forward traffic for the vpn.