5. WLan<->LAN Bridge not working after reboot

WLan<->LAN Bridge not working after reboot

  • J

    Hi I have been experiencing this problem for a long time.
    I am running 2.0 Beta full install on an Alix
    The set up has a Wireless interface configured as Access Point.
    I have set up a bridge between the wireless interface (WLAN in my setup) and LAN.
    Firewall has rules to pass everything on both LAN and WLAN interface.

    After this setup everything works well, Wireless client get theit IP from the LAN DHCP server, can connect to LAN computers and seamlesly pass traffic through the WAN interface. Everything is ok at this point, however if I reboot the firewall, the wirelexx clients can still obtain an IP from the LAN DHCP server, can connect to the LAN computers without problems but internet traffic through the WAN interface is blocked. The firewall logs do not show the dropped packets.

    If I delete and recreate the bridge everything is ok until next reboot.

    This behaviour is quite bizzarre. The bridge should be working because traffic between WLAN and LAN is happening. I do not know the internals of pfsense but it seems like there is a hidden bridge between LAN WAN and WLAN that does not get initialized properly on reboot but properly on WLAN-LAN bridge creation.

    WAN is set to DHCP doing NAT with LAN.

    0
  • Rebel Alliance Developer Netgate

    Can you show the output of:

    ifconfig -a

    When it works and when it doesn't work?

    0
  • J

    @jimp:

    Can you show the output of:

    ifconfig -a

    When it works and when it doesn't work?

    Here is the output

    Working bridge

    
$ ifconfig -a
vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:00
	inet6 fe80::20d:b9ff:fe12:7100%vr0 prefixlen 64 scopeid 0x1 
	inet 76.4.31.173 netmask 0xfffff800 broadcast 76.4.31.255
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vr1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	options=82809 <rxcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:01
	inet 192.168.100.250 netmask 0xffffff00 broadcast 192.168.100.255
	inet6 fe80::20d:b9ff:fe12:7101%vr1 prefixlen 64 scopeid 0x2 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vr2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
	options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:02
	media: Ethernet autoselect (none)
	status: no carrier
ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
	ether 00:80:48:54:8b:96
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33200
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=3 <rxcsum,txcsum>inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=3 <performnud,accept_rtadv>ath0_wlan0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	ether 00:80:48:54:8b:96
	inet6 fe80::280:48ff:fe54:8b96%ath0_wlan0 prefixlen 64 scopeid 0x9 
	nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
	ssid pf channel 11 (2462 MHz 11g) bssid 00:80:48:54:8b:96
	country US ecm authmode WPA1+WPA2/802.11i privacy MIXED deftxkey 3
	TKIP 2:128-bit TKIP 3:128-bit txpower 24.5 scanvalid 60
	protmode RTSCTS burst dtimperiod 1 -dfs
ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
	options=80000 <linkstate>inet6 fe80::20d:b9ff:fe12:7100%ovpns1 prefixlen 64 scopeid 0xb 
	inet 192.168.200.1 --> 192.168.200.2 netmask 0xffffffff 
	nd6 options=3 <performnud,accept_rtadv>Opened by PID 28469
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	ether a2:ed:a4:4c:ac:bd
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: ath0_wlan0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 9 priority 128 path cost 370370
	member: vr1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 200000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></hostap></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></broadcast,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>

    After reboot and not working anymore

    
$ ifconfig -a
vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:00
	inet6 fe80::20d:b9ff:fe12:7100%vr0 prefixlen 64 scopeid 0x1 
	inet 76.4.31.173 netmask 0xfffff800 broadcast 76.4.31.255
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vr1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:01
	inet 192.168.100.250 netmask 0xffffff00 broadcast 192.168.100.255
	inet6 fe80::20d:b9ff:fe12:7101%vr1 prefixlen 64 scopeid 0x2 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vr2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
	options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:02
	media: Ethernet autoselect (none)
	status: no carrier
ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
	ether 00:80:48:54:8b:96
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33200
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=3 <rxcsum,txcsum>inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=3 <performnud,accept_rtadv>ath0_wlan0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	ether 00:80:48:54:8b:96
	inet6 fe80::280:48ff:fe54:8b96%ath0_wlan0 prefixlen 64 scopeid 0x9 
	nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
	ssid pf channel 11 (2462 MHz 11g) bssid 00:80:48:54:8b:96
	country US ecm authmode WPA1+WPA2/802.11i privacy MIXED deftxkey 2
	TKIP 2:128-bit TKIP 3:128-bit txpower 24.5 scanvalid 60
	protmode RTSCTS burst dtimperiod 1 -dfs
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	ether aa:04:d2:a3:5b:7c
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: ath0_wlan0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 9 priority 128 path cost 370370
	member: vr1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 200000
ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
	options=80000 <linkstate>inet6 fe80::20d:b9ff:fe12:7100%ovpns1 prefixlen 64 scopeid 0xb 
	inet 192.168.200.1 --> 192.168.200.2 netmask 0xffffffff 
	nd6 options=3 <performnud,accept_rtadv>Opened by PID 31961</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></hostap></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></broadcast,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>

    After deleting and recreating bridge between LAN and WLAN and working again

    
$ ifconfig -a
vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:00
	inet6 fe80::20d:b9ff:fe12:7100%vr0 prefixlen 64 scopeid 0x1 
	inet 76.4.31.173 netmask 0xfffff800 broadcast 76.4.31.255
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vr1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	options=82809 <rxcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:01
	inet 192.168.100.250 netmask 0xffffff00 broadcast 192.168.100.255
	inet6 fe80::20d:b9ff:fe12:7101%vr1 prefixlen 64 scopeid 0x2 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vr2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
	options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:71:02
	media: Ethernet autoselect (none)
	status: no carrier
ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
	ether 00:80:48:54:8b:96
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33200
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=3 <rxcsum,txcsum>inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=3 <performnud,accept_rtadv>ath0_wlan0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	ether 00:80:48:54:8b:96
	inet6 fe80::280:48ff:fe54:8b96%ath0_wlan0 prefixlen 64 scopeid 0x9 
	nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
	ssid pf channel 11 (2462 MHz 11g) bssid 00:80:48:54:8b:96
	country US ecm authmode WPA1+WPA2/802.11i privacy MIXED deftxkey 2
	TKIP 2:128-bit TKIP 3:128-bit txpower 24.5 scanvalid 60
	protmode RTSCTS burst dtimperiod 1 -dfs
ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
	options=80000 <linkstate>inet6 fe80::20d:b9ff:fe12:7100%ovpns1 prefixlen 64 scopeid 0xb 
	inet 192.168.200.1 --> 192.168.200.2 netmask 0xffffffff 
	nd6 options=3 <performnud,accept_rtadv>Opened by PID 31961
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	ether ea:69:24:8a:78:fe
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: ath0_wlan0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 9 priority 128 path cost 370370
	member: vr1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 200000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></hostap></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></broadcast,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>

    From a quick look it seems identical

    0
  • E

    Seems your txcsum is present after reboot on vr1!

    0
  • Rebel Alliance Developer Netgate

    Yeah, the txcsum being there will definitely break bridging on vr(4) NICs. That's probably the most likely culprit.

    I thought we fixed the ordering of that to be fixed on 2.0 a long time ago. I know it was fixed on 1.2.3 quite a long time ago.

    0
  • J

    The same set up worked well on 1.2. There was a bug reported on redmine some time ago (http://redmine.pfsense.org/issues/88) about the same problem of txcsum being set on boot and  breaking the bridge, however it was felt txcsum was a problem only on certain driver of freebsd 7 and would not affect freebsd 8 so the fix may not have been commited to the non RELENG 1_2 code.

    0
  • E

    I have vr1 in a bridge with my wireless and it is working fine with txcsum enabled, but I'm using a different type of bridge configuration.  I have an IP address assigned to the bridge and no address assigned to vr1 or my wireless.  I haven't seen this type of connection issue with that configuration when I had one of my Atheros-based cards in it and I haven't seen it with the current non-Atheros card I'm using in it either.

    0
  • J

    Should I file a bug about this?

    0
  • Rebel Alliance Developer Netgate

    @jjstecchino:

    Should I file a bug about this?

    One already exists:
    http://redmine.pfsense.org/issues/88

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy