"Cannot reach the Netgate Servers" - DNS problem
-
I'm trying to re-install pfSense on a netgate 2100 that suffered an "EFI partition too small" problem during an upgrade.
I have successfully run
pfSense Installer - 24.06-beta-7, but it fails when trying to connect to Netgate's servers. Dropping back to shell I can ping 8.8.8.8, but can't run ntp or ping domain names.Reading multiple threads on this forum, it's my understanding that this is a failure of DNS. From the threads, it's my suspicion (based on this comment from @stephenw10) that this is because the 2100 is on a 192.168.1 subnet, and so is my network, which is structured as:
WAN -> Ancient pfSense Appliance (192.168.1.10) -> New(ish) 2100That is, my connection to the outside world is going through another pfSense appliance that's providing DHCP addresses in the 192.168.1.* space (it's given the 2100 an address of 192.168.1.135). I checked the firewall logs, it isn't blocking anything from the 2100 that I can see.
If I'm barking up the wrong tree, please let me know, and I'm happy to provide any other info that might be useful (daemon.log attached below, plus ifconfig). If this is, however, because I need to change the subnet on the 2100 ... I'm not really sure how to change my subnet, and any guidance would be appreciated.
Thank you for your time, and thank you for helping to secure the internet!
-CATdaemon.log.txt
ifconfig:root@pfSense-install:~ # ifconfig mvneta0: flags=1008a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:c4:71:6e inet 192.168.1.135 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::2e0:edff:fec4:716e%mvneta0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> mvneta1: flags=1008a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 options=bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM> ether 00:e0:ed:c4:71:6f inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::2e0:edff:fec4:716f%mvneta1 prefixlen 64 scopeid 0x2 media: Ethernet 2500Base-KX <full-duplex> status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> enc0: flags=0 metric 0 mtu 1536 options=0 groups: enc nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> pflog0: flags=0 metric 0 mtu 33152 options=0 groups: pflog pfsync0: flags=0 metric 0 mtu 1500 options=0 maxupd: 128 defer: off version: 1400 syncok: 1 groups: pfsync -
Yes, that's the issue. You can change the LAN subnet temporarily during the install:
https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html#configure-lan-interfaceSet it to any other subnet like 192.168.2.1/24
Steve
-
@stephenw10 Thank you!
I struggled to reassign the LAN interface. I was told that I could not set it to a 192.168.2.1/24 subdomain. I thought I had taken notes of that episode, but I can't seem to find them. It would not surprise me if I was mistyping something (I'm not dyslexic, but I sure seem to be when it comes to correctly choosing "LAN" or "WAN").
However, after re-reading the link you provided I was able to set the LAN interface toNone, which allowed installation to proceed.
Thank you for your assistance! I have a new struggle getting my legacy settings installed, but I want to wrestle with that a bit more before returning here.