Pfsense issue, i cant decide where the problem is



  • firstly, i have deployed pfsense firewalls at several customers in the past few years, and they have always worked flawlessly.  this is the first one that has ever given me any issues.  so, here goes…

    customer has a verizon T1, Adtran router, crappy trendnet wireless router (that keeps rebooting, thus why ive been called in to remediate).  i build up and compeltely configure pfsense 2.0, and pull cables from the trendnet and plug into the pfsense... everything is fine.  so im happy and ready to wrap up, the final thing i always do is make sure the donor computer can reboot on its own (with just a monitor plugged in so i can see, but no keys or mouse).  if it cant reboot, obviously i cant leave this for the customer.

    so here is where the problem really starts.  when pfsense boots, it brings up the WAN so fast, while the adtran take 10-15 seconds to light up the link.  by the time the link is up, the pfsense is hung at OpenNTP, where it stays for 20-30 seconds... to my dismay because this means were not routing to the internet.

    if i pull the cable and plug it back to the trendnet, or my laptop (configured with the proper IP) it routes just fine.

    is there a way to delay starting the WAN and routing so that i can give the Adtran time to bring up its interface?  looking at the command reference of the adtran, im not seeing 'spantree port-fast' type of behavior which is really what i want.



  • the other thing i cant decide about, is why if i boot the pfsense cold with no cables, and then plug it in does it work (obivously the openNTP hang is there, because there is no internet).

    why does it work after a complete boot and cable change, whereas if i leave it all plugged in and boot it that way, it refuses to find the internet and route traffic?

    unfortunately ive not tried it with 1.2.3, as i need the features in 2.0 in order to accomplish multiple cisco vpn clients to the same VPN concentrator (a customer's requirement… and this part works fine in 2.0-RC3).


Log in to reply