Installation Issue



  • I first tried to install pfsense using the 2.0.3 version which installed fine but failed to locate an realtek on-board lan to complete the setup, after reading some posts on here i downloaded the new version 2.1 to try and see if the new installer would have the drivers for the nic but now the installer hangs on the boot up process and says root mount failed, start up aborted. this is right after it detects the cd drive properties which it had no problems with on the 2.0.3 version. any help would be appreciated at this point cause i am dead in the water


  • Netgate Administrator

    Trying the newer 2.1 is the correct thing to do here. Is your Realtek NIC an RTL8111? Do you know it's exact model type?

    What 2.1 image did you try exactly? Is your CD drive connected via USB?

    Steve



  • yes it is a Realtek 8111F, and i tried the 8/12/20313-1627 and the 8/18/2013-1910 2.1 images and the cd drive is connected via usb but didnt seem to be a problem when using 2.0.3


  • Netgate Administrator

    If it's connected via USB then try this: http://doc.pfsense.org/index.php/Boot_Troubleshooting#Booting_from_USB
    2.1 is significantly different to 2.0.x.

    Steve



  • thanks for your help I followed your guide and got it installed and working, maybe you can help me with another issue. after getting it all setup i plugged a access point into the switch to provide wireless, the setup manual says to go to 192.168.0.50 for the web configure page, but it will not open is there anyway to look up connected devices in pfsense like there is on a traditional router?

    also is there a way where you can assign certain devices an ip that wont change ie wireless printer, home thermostat and such?


  • Rebel Alliance Global Moderator

    And is your pfsense lan 192.168.0 ??  It defaults to 192.168.1 does it not.. So if your AP lan IP is on 192.168.0 then no you would not be able to access it if your machine your trying to access it is on 192.168.1

    Either change your pfsense lan to be 192.168.0 or change your client to be 192.168.0 and then change your AP to be on the pfsense lan network.

    Keep in mind that pfsense has little to do with devices talking to each other on the same lan - other then handing out dhcp to this lan, providing dns, etc.  Just sounds like your device your trying to connect to your AP on is on the wrong network


  • Netgate Administrator

    Yes there is a possible IP conflict here.
    As Johnpoz says the pfSense LAN defaults to 192.168.1.1. If your access point is defaulting to 192.168.0.50 and is not getting it's IP from pfSense then you will have to manually change the address of something in order to access it.
    Is your wifi device actually a router? If it's doing NAT and has its own DHCP server then you have another issue.

    @stryker221982:

    is there anyway to look up connected devices in pfsense like there is on a traditional router?

    Yes. In Status: DHCP Leases:

    @stryker221982:

    also is there a way where you can assign certain devices an ip that wont change ie wireless printer, home thermostat and such?

    Yes. You can add a static DHCP mapping either directly from the leases table (the little '+' button) or from the Services: DHCP: page.

    Steve



  • You guys have been awesome thanks for all your help everything is up and running now, thanks again


  • Netgate Administrator

    Check out the brand new 'thanks' feature! No pressure.  ;)

    Steve



  • Wanted to follow up on the static mapping, worked for about a week then all the devices that had a static setup quit getting access to the internet unless i removed them from the static table, is this an issue where the lease is expiring and not renewing? is there a work around to getting this issue fixed. This is esp important for my wireless printer and wireless home thermostat.


  • Netgate Administrator

    Hmm, no it's not expected behaviour. I have a few static devices configured here and they've been fine for months/years one of which happens to be a wireless thermostat. That is running 2.0.3 though. I've not read any reports of broken static leases in 2.1 but it would be worth a look in the subforum.
    What is stopping them getting internet access? Anything in the firewall logs? Are they still receiving the reserved IP via DHCP if you renew the lease?

    Steve



  • i reset the static setup to see if the problem comes back, as for the firewall log i dont see anything in there that stands out. when i lost internet the devices still had their assigned ip and appeared to be connected to the network but would not communicate. my main desktop was connected to the network but said had no internet access, removed the static mapping and everything that wasnt working started working again.

    another problem i have seen still i started using pfs is my vpn on a wired connection wont stay connected very long, on the netgear router i used before trying pfs i could connect my vpn for days at a time basically until i discod it, but now i am finding it will run for 16 mins then drop or another time it was at 33 mins.


  • Netgate Administrator

    The firewall may be closing the connection if no traffic is seen for a while over the VPN, this can be a problem for some VoIP setups. You may have a 'keep alive' option in your vpn client or you can try setting 'firewall optimization' to conservative in System: Advanced: Firewall/NAT: That's a 2.0.3 setting I'm not sure about 2.1.

    Are you using pfSense as the client?

    Steve



  • "The firewall may be closing the connection if no traffic is seen for a while over the VPN, this can be a problem for some VoIP setups."

    This happens alot with or without VPNs that a connection times out.

    I have gotten into the habbit of having my SIP devices re-register as often as the provider will tolerate without bouncing me.

    Currently, thats about every 15 or 30 seconds vs the 300 or 3600 second timeouts that are often default.

    Simply changing (low as possible) the timeout has cured most of my disco problems most of the time.

    It has a "keep alive" effect on the connection.



  • @stephenw10:

    The firewall may be closing the connection if no traffic is seen for a while over the VPN, this can be a problem for some VoIP setups. You may have a 'keep alive' option in your vpn client or you can try setting 'firewall optimization' to conservative in System: Advanced: Firewall/NAT: That's a 2.0.3 setting I'm not sure about 2.1.

    Are you using pfSense as the client?

    Steve

    i replaced a few year old netgear wireless router with a built system loaded with pfsense after watching a video on youtube about building a bullet proof router replacement i currently have comcast as an isp with a moto surfboard 6141 d3 modem supplying service to the pfsense rig which outputs to a 16 port gigabit switch and I have a dlink air premier access point plugged into the switch for wireless, so basically the pfsense rig is handling all the traffic and has a lot more advanced features then I am used too with a basic store bought router. i would like to replace the access point with a built in wireless adapter so any recommendations on a good one to use with this setup would be great as well.



  • Yeah - Don't do that…  Use an AP.


  • Rebel Alliance Global Moderator

    ^ Agree, no reason to install a wireless card in pfsense to provide wireless.  An AP is the way to go.. You can add multiple if needed - strategically placed around the location for best coverage if you need more than 1, or just centrally locate the 1 which allows for router to be anywhere.

    Very simple to put the AP on its own segment or vlan to isolate from your wired network and leverage pfsense firewall for control, etc.


  • Netgate Administrator

    I too would recommend an extrenal AP if only to get 802.11N support. Siting the AP for best coverage is also an advantage.
    Many people will have older wifi cards already in which case why not do both? I have an old mini-pci card in my home box. If nothing else it provides out of band access to the pfSense box after I've locked myself out via whatever I've been playing with.

    Steve



  • I have been playing with different settings trying to get the vpn to work better as there is no keep alive setting I can find with the vpn software. I tried to turn the firewall complete off and after I did that all devices wouldnt connect to the internet and soon as i turned the firewall back on they could access the net again? I also increased the default lease time way up and that seems to have helped a lot


  • Netgate Administrator

    How did you disable the firewall? It probably stopped NAT working at the same time.
    Interesting the lease time helped. Do your clients generally keep the same address across a lease renewal?

    Steve