Protectli VP4630

elspoon

Hi all! I'm new here, so don't kill me. I'm A) not sure this is the right section of the forum to post/ask this and maybe more importantly B) if this is even the most appropriate forum to be asking about, say, non Netgate specific hardware and running PFSense. But, it appears there's a variety of non-Netgate topics so I'm giving it a try.

I'm just getting deeper into networking, trying to learn. I currently work on a help desk and have picked the brains, when I can, of network engineers. I just got a Protectli 4630: link text and trying to install and run PFSense for the first time. It's been a mess and I can't even get past what I think is the initial install process and into the "web" GUI interface and actually see and interact with PfSense.

I am trying to move away from my current ISP modem - ASUS GT-AX11000 w/ Merlin WRT setup to something like ISP modem - Protectli 4630 w/ PfSense - ASUS router turned into AP mode (for now).

I watched a ton of YouTube videos and followed every basic step of downloading and installing PfSense on a USB stick, booting up and running through the process. What none of the videos I've seen so far bothered to mention was initial WAN/LAN assignments during setup? If that's my issue, I can't tell. All the stuff I watched, you didn't need to physically connect ethernet cables (yet) during initial installation and setup? But maybe I'm wrong. I think now I'm stuck in this sort of endless loop that I can't get to go away. It acts like PfSense has installed correctly and I have sort of the following options i.e. ideally 0) Logout (SSH only), 5) Reboot system, or either 11) Restart webConfigurator or 16) Restart PHP-FPM. It doesn’t matter what option I select, it just doesn’t do ANYTHING. Whatever I select and enter, it just shows the same menu over and over. I have to like, physically power off the Protectli.

I tried, changing the webConfigurator default pw credentials. I tried Assigning interfaces etc. Which is another thing. Unlike other appliance products out there, no ethernet port on the 4630 is labeled LAN or WAN to make it easy. I assume it doesn’t matter and can configure whatever you want, but still… I have no idea what I’m doing, obviously. I Just set igc0 as WAN and igc1 as LAN. I did NOT want to nor think I need to set up VLANs at this stage.

I literally just want to get PfSense installed and how the hell do I then get to or access the full PfSense GUI to start playing with stuff?
Additionally, I’m not even sure I can run my ASUS router in AP mode now. I don’t know. I mean, I did configure it to only be Access Point mode successfully. But I’m not sure if there will be any issues because it’s running custom Merlin WRT and not stock standard ASUS? And/or, if it’s mandatory that I will need a switch? I mean, I do plan to run some Unify AP(s) down the road. And what’s the deal with why I need a managed switch and unmanaged is a no go for this kind of setup? POE considerations? VLANs? I thought PfSense was great at that without needing too much extra hardware. I don’t understand.
FWIW I have a 1200down/100up ISP plan. I got this Protecli 4630 specifically because I wanted to have a little overkill hardware beast that’s 2.5gbe capable all around.

Thanks in advance!

PS: trying to figure out a way to post photos and screenshots that are an acceptable size for the limitations imposed here.
PPS: if this is totally the wrong place to be asking this stuff, can anyone direct me to a more appropriate forum? Thanks :)

cybrnook

Just a quick drive by, but I am currently using a CWWK barebones setup, somewhat similar to you. The two main points I want to call out is that Netgate is using the "Netgate Installer" now for installations. So, with that you for sure at least need the WAN plugged in for it to be able to connect to the internet and check the licensing server to see if you get pf + or ce edition, which it will then download and install. The second point that I have run into before with these barebones boxes is that they come with both HDMI and DP ports. I have had better luck overall using the HDMI port. What I have seen happen in the past is that while it's booting up it'll swap to a different output and you end up in lala land looking at a non-updating screen.

For port assignments, it's smart enough to figure out what ports you have something plugged into during install (WAN or LAN cable) and it will ask you to confirm. You can change/rearrange assignments and all after install.

The Party of Hell No

https://duckduckgo.com/q=installing+pfsense+on+a+surplus+computer&t=brave&iax=videos&ia=videos&iai=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DQ0JFfpG4BWI

When I started out .... a long time ago this is the link I used. I believe you have loaded pfsense and are ready to get online. At about the 5 minute mark is when you start actually customizing your pfsense box. You should have a patch cable between your computer and the pfsense box so you can get to the WEB GUI. In this video it shows how to assign the LAN Interface an IP and range so you can then get to the WEB GUI and the setup wizard. This is a great basic setup, but it is old so some of the packages no longer exist.

The other recommendation before starting to customize spend a day thinking about names, formats labels and note taking. It is really difficult to decided on many of these things and then later realize the length is to long, it doesn't describe what you want etc. and then go backwards. Notes is great so you can remember what you did so you can back out if you need, (Save config files regularly)

stephenw10

This section is fine for posting questions like this.

That device has Intel igc NICs so I would expect to need to assign the interfaces. There is no default mapping for igc NICs.

Which image exactly are you using to install?

It looks like that device has a USB console port so will probably be seen as a serial console by pfSense. I would try using that before the video consoles.

elspoon

Already replying to my own post, not even sure if anyone has seen it yet, haha. I was googling like a madman and watching videos all over when I first encountered this problem to no avail. And lo and behold I just found this info on Protectli's website. Duh. How didn't I see this sooner? Describes exactly my situation. I haven't tested it yet though, but will do so soon. Just not sure if I should put my ASUS router into AP mode before or after I confirm access to the PfSense WebGUI. .

Protectli first time setup instructions duh

Looks like I had LAN and WAN ports configured correctly already. Good to know.

Only thing on my mind now, maybe a mute point. But, currently I have my ISP modem (Arris S34) connected to my ASUS router via ethernet to USB 3.0 adapter. I did this a long time ago because I was trying to get my full ISP plan 1200mbps speed plan. And I was running into the inability for my GT-AX11000 to do this, despite having a 2.5gbe ethernet port. Like, I could bring up to 2.5gbe into the router, great, but everything else was just 1gbps. Anyway at the time the USB adapter seemed like and was sort of a solution for that. I think it increases a little latency though vs ethernet cables.

If I'm going to use the ASUS router as an AP only for the time being, now I'm wondering if I should still be connecting into it with that same idea in mind (ethernet CAT6+ to USB 3.0 adapter) or not. But if I can just get things to work up to that point I'll be happy for getting that far lol.

protectli firs time.png

stephenw10

Can the wifi actually pass more than 1Gbps?

I would just connect it with Ethernet directly at least to start off with.

elspoon

@stephenw10 said in Protectli VP4630:

Can the wifi actually pass more than 1Gbps?

I would just connect it with Ethernet directly at least to start off with.

Absolutely. See screenshot of Speedtests on phone. All the 1000mbps+ speeds you see were at home on WiFi. Which kinda leads me to my other, next problem... see next post. Not sure if it's better to start a new thread or not.

elspoon

So, for anyone still following and curious, not sure if this is the best place to post this or if I should find a better sub-section to post this. Or entirely abandon this and try a Home Networking or ASUS forum? Although I will say I've never had much success on ASUS forums. Less tech savvy people it seems, idk.

So, I got PfSense up and running, hooray! I feel very thrilled. I got it up, changed default credentials, changed default IP from the normal 192.168.1.1, started some basic normal configuration etc... think I got as far as setting DNS to Cloudfare and Google, respectively, so 1.1.1.1. and 8.8.8.8. I was following NetworkChuck's YouTube video to the Tee for about the first 15min... your home router SUCKS!! (use pfSense instead)

Now, enter my world of new problems. Suffice to say, I can't get my ASUS GT-AX11000 to work as an Access Point. Or at least, once I set it to AP mode, I can't get back to its WebGUI to modify or interact in any way. So the hardware I'm working with currently is:

Arris S34 modem (Comcast/Xfinity ISP)
Protectli VP4630 w/ PfSense
TP-Link TL-SG105-M2 5-port 2.5G unmanaged switch
ASUS GT-AX11000 router/WiFi access point
all good, new at least CAT6+ cables (tested in variety of configurations and ports, verified it's NOT the cables problem)

So I had the basic setup initially, ISP modem to Protectli WAN in, then Protectli LAN out to my PC for initial PfSense setup and configuration. I thought, great, now I can get this setup to the ASUS GT-AX11000 as AP and go from there. It's not a forever setup as I plan to eventually upgrade to either Omada or Unifi AP. I assume I'll probably need or want a better, managed PoE switch when I do that later down the road. But for now....

No matter what I do, I can't get the AP set up. I've tried a variety of connections i.e. from Protectli LAN out to TP-Link switch, then out from switch into ASUS WAN. FWIW, on the GT-AX11000, you can the WAN port to either the 2.5g, the 1g, or even USB. I read some forums somewhere maybe just skip the WAN and plug the Protectli or switch into any of the LAN ports on the ASUS. I tried that too.

Then I tried removing the switch entirely, as I noticed there were some ports not lighting up. So I think that thing may be toast and only have 2 or 3 functional ports? So I just tried straight to the ASUS from Protectli. Whether with the switch or ASUS, each time I had my PC hardwire connected to either and I was always able to access my PfSense WebGUI from my assigned IP (changed from default). I made sure to use something completely different from the standard 192.168.1.1 to something like 10.27.x.x. and like I said, I was always able to get back to the PfSense.

I tried hard resetting the ASUS router, you name it. I don't know if there's something like messed up in DHCP or DNS? I really didn't go beyond basic initial wizard setup configuration with the PfSense. I just mean, if there is some conflict between the PfSense and ASUS dishing out IP? Or is because the ASUS WebGUI IP changed and I just can't find it anymore to get to it in AP mode and change settings? Maybe a stupid question, why would the WebGUI or even the "asusrouter.com" not bring me back to the web interface to change AP mode settings? Because the Protectli assigned a different IP to the ASUS in AP mode?

Thoughts/opinions? I'm so frustrated, I'm half tempted to try something different like OPNsense, but I don't think this is PfSense's fault at all.... or do I give up the dream of being a network nerd and put my money towards the Unifi Dream Machine world? I work in IT and am trying to learn more about network and security (recently passed the Sec+ cert), so I think PfSense would be better for learning and tinkering... but the simplicity and ease of setup and use of Unifi reminds me why some people prefer that Apple-style eco-system experience sometimes :/
Other reasons for wanting to stick with PfSense: more add-ons or services it seems like. I want to play around with a way to set up something to see URLs visited by each device on my network, broken down. Heck, I can already kinda do that with my ASUS, but it just shows high level web traffic history by device and not granular full URL style i.e. what you might want for parental control setup. Something like idk, Pihole? Or a reverse proxy or something? I digress.

Or maybe, I need to get a Gigabit smart managed switch (with Poe) i.e. TP-Link and then a TP-Link Omada wifi AP... and just give up the breaking 1gbps barrier despite having a 1200mbps ISP plan (hence why I was shooting for at least 2.5gbe hardware). I could save money and get a lower, cheaper model Protectli for just 1gb ports.... but I wanted something beefier and more future proof.

Help a brother out. I want to ask the network engineer dudes where I work who I've briefed talked about PfSense with and they encouraged me to give it a go, but it's kinda not work related and I don't know if it's appropriate to take these guys time out of work to help me set up my home network, lol ya know? That's what the interwebs is for.

Any input appreciated, or direct me where I need to go.

stephenw10

@elspoon said in Protectli VP4630:

Maybe a stupid question, why would the WebGUI or even the "asusrouter.com" not bring me back to the web interface to change AP mode settings?

You can't use the asusrouter.com fqdn because that only works for clients using the Asus router for DNS where it can resolve it to the correct IP address.

When you set it to AP mode I would expect it to have a single IP address and may be dhcp by default. In which case check the DHCP lease table in pfSense and see if there is some unknown device there. Or something using the asus hostname. Try to connect to that IP if it's there.

Gertjan

@elspoon said in Protectli VP4630:

was following NetworkChuck's YouTube video to the Tee for about the first 15min... your home router SUCKS!!

At this moment, he, Chuck, is given totally non important setup information.
He didn't tell you that :
From now on, all your private ( ?!) DNS info goes to 'some' companies. Why would he advise you (us) to use these, or any other DNS server(s) ?
These DNS servers entries can be left empty.
pfSense, out of the box has a working SNS setup.
pfSense resolves !

DNS was working just fine for decades before 8.8.8.8, 1.1.1.1 etc came along.
I do not say 8.8.8.8, 1.1.1.1 etc make things worse ... but not better neither.
So, again, ask the question : why are they there, what is there ultimate goal ?