Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.

DrSKiZZ

I have new Minisforum MS-01 and I am trying to install pfSense CE on it with the latest installer. Here are some issues I am having and could all be related to the same thing.

1. Install flow asks you to configure you WAN/LAN in 3 different spots.
   -The installer GUI
   -The console after first reboot possibly due to error on first reboot of install.
   'Warning: Configuration references interfaces that do not exist: em0 em1' Valid interfasces are: ix10, ix11, igc0, igc1
   -Again when you first login to the webconfigurator.

2. DHCP on IPv4 is broken on the LAN interface possibly due to the above. I only had it work 1 time in 6 fresh installs. IPv6 DHCP on LAN secondary is fine and any additionally created networks from VLANS IPv4 DHCP works.

3. Does not identify the LAN port it's plugged into as a 2.5Gb port. The 2.5 Gb WAN port is identified as 2.5Gb but that connected to my cable modem. I have even reinstalled with swapping ports and cables, The LAN side is connected to a Unifi 24w Enterprise PoE switch. I have not tested the 10Gb port yet as I'm waiting on a DAC SFP+ to come in. I have 2 other home wifi routers that work fine on this Unifi switch and 4 other Intel / Realtek 2.5Gb devices that identify just fine on this switch. DHCP protection and snopping is turned off..

4. I had it working on the second reinstall but made the grave error of forcing the port speed in pfSense and couldn't get back into the box so I reset it to default from the console and same issue. IPv4 DHCP would not work. The UNIFI device on my network stuck with 192.168.1.20 which is a sign DHCP isn't working as well as all the computers getting 169.254.x.x. Statically setting an IP on my computers allowed traffic to pass.

Let me know any other info or logs you need.

DrSKiZZ

I have not tried one of the previous full installers, ran out of time messing with it over 12 hours this weekend.

stephenw10

Hmm OK, so:

1. Yes there isn't yet any carried through configuration. It's planned for a future version to use the configured WAN/LAN setup from the installer in the installed version. But it's not present yet. We would also like to see the WAN/LAN config used from a recovered/restored config in the installer.
   So, yes, when you first boot it asks you to configure the interfaces as the default interfaces (em0/1) are not present. That's the same as the legacy installer.
   It should not ask you to re-assign the interfaces at the webgui though. It will run the Setup Wizard in order to configure those interfaces.

2. If the LAN is assigned and DHCP was enabled in the setup wizard (it is by default) I'd expect that to work. I'm not aware of any bugs in that. But there could be one.

3. The link detection during the assignment is dependent on the driver and can be variable. It should link at 2.5G though with the default settings. That could be related to....

4. The igc driver for i225/i226 NICs does not actually support fixed link/duplex settings. When you set a speed it simply restricts the auto-negotiation to only that speed. Whatever it's connected to must negotiate or it will fail to link.

Steve

DrSKiZZ

@stephenw10 said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

Hmm OK, so:

1. Yes there isn't yet any carried through configuration. It's planned for a future version to use the configured WAN/LAN setup from the installer in the installed version. But it's not present yet. We would also like to see the WAN/LAN config used from a recovered/restored config in the installer.
   So, yes, when you first boot it asks you to configure the interfaces as the default interfaces (em0/1) are not present. That's the same as the legacy installer.
   It should not ask you to re-assign the interfaces at the webgui though. It will run the Setup Wizard in order to configure those interfaces.

2. If the LAN is assigned and DHCP was enabled in the setup wizard (it is by default) I'd expect that to work. I'm not aware of any bugs in that. But there could be one.

3. The link detection during the assignment is dependent on the driver and can be variable. It should link at 2.5G though with the default settings. That could be related to....

4. The igc driver for i225/i226 NICs does not actually support fixed link/duplex settings. When you set a speed it simply restricts the auto-negotiation to only that speed. Whatever it's connected to must negotiate or it will fail to link.

Steve

1. Annoying, but I get it in the name of progress. Just wasnt aware it would do that and when your 12 hours deep in troubleshooting everything is getting on your nerves. Probably the most trouble I have ever had in the 15ish years of using pfSense and for that I thank you.
   Where can I upload the config? I'll try to get it after everyone goes to bed since I reverted to my backup router.

2. Yes, default settings did not work nor did my adjusted settings. There was 1 or 2 other threads I found on reddit with this issue as well and the second install fixed it for this user and myself. Unfortunately I locked myself out of the firewall and had to reinstall and still couldn't get IPv4 dhcp to work again after 5 or 6 more re-installs.

3. /4. Both default auto detect and forcing did not work. Forcing is how I locked myself out because in Unifi's infinite wisdom there isn't a 2.5 option to force a link which is why it locked me out and didn't work,

Wait it just came to me. My switch only has 2.5 ports on the second half of the switch. Port 13-24. Duh, I'll confirm it works on another reinstall.

https://techspecs.ui.com/unifi/switching/usw-enterprise-24-poe

stephenw10

@DrSKiZZ said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

Where can I upload the config?

You can upload it into the webgui after install. It should ask you reassign the interfaces at that point (if they don't exist) before rebooting into the config.

You can put the config on the install USB drive and select it during the install.

You can recover a config from a USB stick at any boot using the external config locator:
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-using-the-external-configuration-locator-ecl

How is your LAN configured? Just using one of the igc ports directly?

Ah so was it linking at 1G in the other ports?

DrSKiZZ

@stephenw10 said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

@DrSKiZZ said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

Where can I upload the config?

You can upload it into the webgui after install. It should ask you reassign the interfaces at that point (if they don't exist) before rebooting into the config.

You can put the config on the install USB drive and select it during the install.

You can recover a config from a USB stick at any boot using the external config locator:
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-using-the-external-configuration-locator-ecl

How is your LAN configured? Just using one of the igc ports directly?

Ah so was it linking at 1G in the other ports?

This was a fresh install with no previous config uploaded and DHCP was not working from the get go. I wanted to start from scratch cause of old rules I didn't need and some other things I wannted a fresh base for.
WAN - IGC0 to a 2.5G port on the cable modem
LAN - IGC1 to port 1 on the Unifi switch. I'm assuming plugging it into to an actual 2.5G port will work fine at this point.

About to head to the gym, I have to wait till the wife is asleep because she is studying for a huge certification test on Wednesday and is watching videos online. I can hopefully grab the existing config to look at it and then reinstall with the ISO and see if that clears it up.

stephenw10

Hmm, well if you can replicate the LAN DHCP issue and note the steps I can try to replicate it. I'm not aware of any issues with that but there might be some bug there. Something hardware dependent maybe.

DrSKiZZ

@stephenw10 said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

Hmm, well if you can replicate the LAN DHCP issue and note the steps I can try to replicate it. I'm not aware of any issues with that but there might be some bug there. Something hardware dependent maybe.

Basically, Install, next, next next.

I just got back from a family vacation and swapped back to the MS-01 but DHCP is not working on the LAN interface. The additional VLANS it works fine. I thought it was working but its just the leases from the backup device havent expired from swapping. Refresh and renewing Windows 11 DHCP does not pull a DHCP. I can confirm the 2.5G does work. Waiting on another 10Gb DAC because they sent the wrong length and I don't have any rackspece next to the switch to test.

Any logs or anything I can pull before I wipe it again?

stephenw10

So you can ping the LAN IP from clients still in the subnet but you can't pull a new lease?

Can pfSense ping out from the LAN?

the other

@DrSKiZZ hey,
Have you read this post?
https://forum.netgate.com/topic/188141/cannot-get-dhcp-functioning-on-2nd-interface

DrSKiZZ

@the-other said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

@DrSKiZZ hey,
Have you read this post?
https://forum.netgate.com/topic/188141/cannot-get-dhcp-functioning-on-2nd-interface

Yes, I have. I'm just doing a baremetal install with just WAN (igc0) and LAN (igc1) configured on default with 192.168.1.1/24. I dont really follow what he did to get it to work.

stephenw10

@the-other said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

https://forum.netgate.com/topic/188141/cannot-get-dhcp-functioning-on-2nd-interface

Hmm, that seems familiar. IIRC there were some devices which had a shared remote management port enabled in the BIOS by default that prevented DHCP working. I don't recall if it was this but check that.

stephenw10

Ah, yes, this: https://forum.netgate.com/post/1108479

DrSKiZZ

@stephenw10 said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

Ah, yes, this: https://forum.netgate.com/post/1108479

I'll do some more digging and report back. I'm beginning to think the time it worked my WAN was IGC1 and my LAN was IGC0. I have my 10Gb DAC cable coming to which is where I really wanna end up anyways and hopefully that solves my issue.

DrSKiZZ

I finally had time to dig. Turning off AMT doesn't fix the issue. Reversing the ports does. WAN as igc1 and LAN as igc0 fixed the issue. I just wanted to report back in case anyone else came across this.

knight-of-ni

@DrSKiZZ Just deplyed an MS-01 and experiencing the same results. As the link posted earlier explains, this seems to be an issue with 226-LM chipset. Seems the vPro feature blocks dhcp offers. It works fine as a dhcp client.

Swapping the lan and wan nics around, allows dhcp server to function normally, but I'm not sure I want to expose the vPro nic to the Internets.

Googling, this seems to be a known issue with all the 225/226-LM nics.

Indeed, ASRock even has a comment in their FAQ:
https://www.asrockind.com/en-gb/index.php?route=newsblog/faq&faq_id=91

They added the ability to turn off the vPro feature in their BIOS, which according to that link, should allow a dhcp server to function on the nic.

I've reached out to minisforum support, but so far they seem unconvinced this is a problem they can fix with a new bios. I just sent them that link, hoping that might get them to reconsider.

Anyways, this has given me enough incentive to turn off both the built-in nics, and just use the SFP+ ports.

DrSKiZZ

@knight-of-ni said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:

@DrSKiZZ Just deplyed an MS-01 and experiencing the same results. As the link posted earlier explains, this seems to be an issue with 226-LM chipset. Seems the vPro feature blocks dhcp offers. It works fine as a dhcp client.

Swapping the lan and wan nics around, allows dhcp server to function normally, but I'm not sure I want to expose the vPro nic to the Internets.

I don't disgree but I changed default password and turned it off.

Googling, this seems to be a known issue with all the 225/226-LM nics.

Indeed, ASRock even has a comment in their FAQ:
https://www.asrockind.com/en-gb/index.php?route=newsblog/faq&faq_id=91

They added the ability to turn off the vPro feature in their BIOS, which according to that link, should allow a dhcp server to function on the nic.

Unfortunately this didn't fix it on the MS-01 for me.

I've reached out to minisforum support, but so far they seem unconvinced this is a problem they can fix with a new bios. I just sent them that link, hoping that might get them to reconsider.

If there is anything I can do for the cause let me know.

Anyways, this has given me enough incentive to turn off both the built-in nics, and just use the SFP+ ports.

My SFP DAC cable should be here Sunday according to Amazon so I'll be moving my WAN to igc0 and my LAN to one of the SFP ports.

knight-of-ni

@DrSKiZZ Maybe I missed something... when you say you turned it off, can you explain how?

I can see in the BIOS, right off the main setup screen, where the default password can be changed, and I can see under Advanced -> OnBoard Devices, where one can completely turn off the 226-LM chip. However, I don't see an option to turn off just the vPro feature set, in the same manner as shown with ASRock.

Does that setting appear after changing the default password? I know you said that didn't work for you, but perhaps I should try.

knight-of-ni

@knight-of-ni

To answer my own question, additional options do indeed appear, once you change the default password of "admin". The new password needs to be complex too, which explains the unexpected results I received the last time I tried this.

Relevant BIOS screenshots can be found here:
https://forums.servethehome.com/index.php?threads/getting-vpro-remote-kvm-working-on-minisforum-ms-01.43269/post-413075

DrSKiZZ

This post is deleted!