Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.
-
@stephenw10 said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:
Ah, yes, this: https://forum.netgate.com/post/1108479
I'll do some more digging and report back. I'm beginning to think the time it worked my WAN was IGC1 and my LAN was IGC0. I have my 10Gb DAC cable coming to which is where I really wanna end up anyways and hopefully that solves my issue.
-
I finally had time to dig. Turning off AMT doesn't fix the issue. Reversing the ports does. WAN as igc1 and LAN as igc0 fixed the issue. I just wanted to report back in case anyone else came across this.
-
@DrSKiZZ Just deplyed an MS-01 and experiencing the same results. As the link posted earlier explains, this seems to be an issue with 226-LM chipset. Seems the vPro feature blocks dhcp offers. It works fine as a dhcp client.
Swapping the lan and wan nics around, allows dhcp server to function normally, but I'm not sure I want to expose the vPro nic to the Internets.
Googling, this seems to be a known issue with all the 225/226-LM nics.
Indeed, ASRock even has a comment in their FAQ:
https://www.asrockind.com/en-gb/index.php?route=newsblog/faq&faq_id=91They added the ability to turn off the vPro feature in their BIOS, which according to that link, should allow a dhcp server to function on the nic.
I've reached out to minisforum support, but so far they seem unconvinced this is a problem they can fix with a new bios. I just sent them that link, hoping that might get them to reconsider.
Anyways, this has given me enough incentive to turn off both the built-in nics, and just use the SFP+ ports.
-
@knight-of-ni said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:
@DrSKiZZ Just deplyed an MS-01 and experiencing the same results. As the link posted earlier explains, this seems to be an issue with 226-LM chipset. Seems the vPro feature blocks dhcp offers. It works fine as a dhcp client.
Swapping the lan and wan nics around, allows dhcp server to function normally, but I'm not sure I want to expose the vPro nic to the Internets.
I don't disgree but I changed default password and turned it off.
Googling, this seems to be a known issue with all the 225/226-LM nics.
Indeed, ASRock even has a comment in their FAQ:
https://www.asrockind.com/en-gb/index.php?route=newsblog/faq&faq_id=91They added the ability to turn off the vPro feature in their BIOS, which according to that link, should allow a dhcp server to function on the nic.
Unfortunately this didn't fix it on the MS-01 for me.
I've reached out to minisforum support, but so far they seem unconvinced this is a problem they can fix with a new bios. I just sent them that link, hoping that might get them to reconsider.
If there is anything I can do for the cause let me know.
Anyways, this has given me enough incentive to turn off both the built-in nics, and just use the SFP+ ports.
My SFP DAC cable should be here Sunday according to Amazon so I'll be moving my WAN to igc0 and my LAN to one of the SFP ports.
-
@DrSKiZZ Maybe I missed something... when you say you turned it off, can you explain how?
I can see in the BIOS, right off the main setup screen, where the default password can be changed, and I can see under Advanced -> OnBoard Devices, where one can completely turn off the 226-LM chip. However, I don't see an option to turn off just the vPro feature set, in the same manner as shown with ASRock.
Does that setting appear after changing the default password? I know you said that didn't work for you, but perhaps I should try.
-
To answer my own question, additional options do indeed appear, once you change the default password of "admin". The new password needs to be complex too, which explains the unexpected results I received the last time I tried this.
Relevant BIOS screenshots can be found here:
https://forums.servethehome.com/index.php?threads/getting-vpro-remote-kvm-working-on-minisforum-ms-01.43269/post-413075 -
This post is deleted! -
@knight-of-ni said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:
To answer my own question, additional options do indeed appear, once you change the default password of "admin". The new password needs to be complex too, which explains the unexpected results I received the last time I tried this.
Relevant BIOS screenshots can be found here:
https://forums.servethehome.com/index.php?threads/getting-vpro-remote-kvm-working-on-minisforum-ms-01.43269/post-413075Yep, once you change the password you can disable AMT, but doesn't resolve the DHCP issue unless I'm missing something when I went through the settings.
-
But you still can't disable vPro entirely like you now can on the ASRock board?
-
@stephenw10 That's what it looks like.
If I find any new information or hear back from minisforum support, I'll post here.
-
-
@knight-of-ni said in Issues installing pfSense CE on a Minisforum MS-01 baremetal with new Beta7 installer.:
@stephenw10 That's what it looks like.
If I find any new information or hear back from minisforum support, I'll post here.
Thanks. Keep me posted.
-
I received a response back from Minisforum support this morning, and they are passing the request up to R&D.
Not big news, but at least they are considering this.
-
@knight-of-ni Just entering this because I ran into this issue too, after a week of trouble shooting, and I'm curious to find out if they get a fix out at some point.
I could easily switch the 2 for my configuration, but my WAN line comes from the left, LAN goes to the right, and it for some reason will keep bothering me to have it reversed in the back.
-
@Danyo Yeah, I know what you mean... I too want nic 0 to be WAN and nic 1 to be LAN. I manage several pfsense boxes, and it will mess with my head if the ports are swapped on one of them.
Note, however, there has already been one vulnerability against Intel's vPro. That made me think twice about exposing the i226-lm nic to the Internets.
Like @DrSKiZZ , I bought a twinax DAC cable and patched SFP port 1 into my switch instead.
-
@knight-of-ni I really hope R&D gets back to you! Thank you for trying to get them to understand how big of a problem this is for us! Proxmox and pfSense are main reasons for me to use it..
-
-
Sorry for the late reply.
For anyone interested in Minisforum releasing a bios fix for this issue, I'd recommend you email support@minisforum.com and voice your interest in this.
Hopefully they will not state a fix is not possible, but if they do, kindly point them to the following:
https://www.asrockind.com/en-gb/index.php?route=newsblog/faq&faq_id=91This is a competitor's board with an AMI bios and the same i226-LM chip. I am not a bios expert by any means (it probably is not as simple as this sounds), but that link did seem to get them to consider the possibility.