Screwed the Pooch Here..

  • Trying to clean up my Install and tie up loose ends somehow I inadvertently,some how screwed the pooch on the settings and bridged the LAN to OPT2 on my 4 port NIC. Box wouldn't reboot and hung, couldn't even get it up at the vgaconsole. So since I was basically going back to almost new install I just reburned the Nanobsd img and rebooted….......................everything was fine EXCEPT that now Pfsense cannot see the OPT1 (vge2) port on the nic. All the others (vge0, vge1, vge3) are fine.

    The clean install is not picking up all the ports......I am thinking that somehow the bad port is still bridged in the memory of the QuadNIC, but I have NO CLUE how to flush it so that PFsense can pick it up and add it to the Port listings.......................

    There's got to be a way to reset the NIC.....anybody know how....Help...Help.

  • Netgate Administrator

    The bridging in pfSense is all done in software, there are no changes at the hardware level. There's nothing to flush or reset on th NIC unless your card has some unusual features like lan-bypass or some advanced hardware off-loading. Exactly what NIC is it?
    Is there anything in the boot logs? Is the system seeing vge2 at all? It seems like it is because otherwise you would only see vge0-2. Do you see link LEDs?


  • @stephenw10:

    The bridging in pfSense is all done in software, there are no changes at the hardware level. There's nothing to flush or reset on th NIC unless your card has some unusual features like lan-bypass or some advanced hardware off-loading. Exactly what NIC is it?

    The board is a RouterBoard RB44GV….and according the the information I've dug up the VIA 6122 Chipset used on this board is programable to a great degree. It was used quite a bit in older MikroTik Routers. According to a Information I got from a Distributor the NIC is capable of PXE booting and one of the programs used to load the OS on the older MikroTik routers Uses the function to communicate with the Router and load the Router OS if the PC used is on the same Network or connected with a crossover cable to the NIC….It would let an IT Admin boot and install several Routers OS or Upgrade and OS from a remote console (  PFSENSE Dev's you listening?). That indicates to me that it has, at least some programing ability OR writable registers internally. Yes the Light on the Port is Green, but plugging anything (gigabit) in does change it to Yellow as it should. But the Box doesn't recognize it, neither does PC if plugged straight in. Both act like cable is unpluged.

    Is there anything in the boot logs? Is the system seeing vge2 at all? It seems like it is because otherwise you would only see vge0-2.

    The Pfsense Box is only seeing vge0-2, three ports out of 4 (on the NIC, the native is also recognized)…....I lost one to the wilderness only way to get box up was to reinstall, system was locked or in some kind of panic, either way couldn't get to any logs.

    Do you see link LEDs?

    Physically with nothing Plugged in, all 4 ports are Green


    By the way I have the Box back UP, all Firewall, NATs, etc configured and all the remaining ports are working great, no glitches with any systems yet that are attached. I some how got robbed of a port…........Instead of a 4-eyed Jack I got a 3-eyed Jack :'( :'(

    I do have a copy of the program ( Netinstall ) used to PXE boot the router and distributor "thinks" that might help..........but since the program is used to install an OS I'm NOT going to try it until I have time and a clean Unused Card AND a replacement NIC to to try it......especially as right now everything else works.

    I am open to any suggestions or any information on this Card and Chipset that Anyone might have........especially any software that would let me modify or possibly repair the missing Port.

  • Netgate Administrator

    Hmm, OK. So with something like the routerboard it may be possible to configure one port for IPMI or some other remote protocol, I'm not familioar with it so I can't can't say for sure. I can see how that could have been done from pfSense though.  :-\

    Edit: OK this isn't an actual router board just a PCI card. It's only 4 NICs and a PCI bridge chip. Hard to see how it could be programmed really. The NIC chips may have a register table held in eeprom that can be changed using the correct software but pfSense couldn't do that. Do all 4 NICs appear in the POST of whatever you have it plugged into?


  • You need to explain exactly what you did when the box first hung and made you rebuild. You also need to include what version you were running and what version you reinstalled.

  • Well my errant port finally made its way home….......

    Since my OpenVPN PIA wasn't working any more.........Now remember I couldn't get to any files to check anything so I Pulled the CF it with vganano 2.1.3........then I replaced the card. Now this where I lose my logic....Clean Image, install, reboot and..............Box can't see but 3 ports Quad Nic.
    It sees the internal port and ONLY 3 of the Quad Nic.........completely clean, fresh install..................So I cold booted it at least 2 more times, still only 3 found. Ok I finally said well screwed the pooch, take is like a man........cry a little in the corner...then get busy repairing what you can.

    So then I restored a config.xml file of the previous install.........boohoo still no 4th NIC.

    So tonight I'm playing with with OpenVPN, deleting client, All the Certs etc, etc........ happen to go over to Interface:assignments and try an figure out how to use what I have left,cause I can't put the VPN on the Home Lan as it screws up the other half's Soap Opera's and Hulu movies.
    LO and Behold......................I now have + in add interfaces......whaaaaaaaaaat! So I add it............the missing NIC port came home! And it works.....after Disabling the interfaces, rebooting, adjusting NAT and Firewall Rules, changing my Alias IP's (Love those Alias's) work ports work now.

    Now what I don't fully understand is how the Port could still be missing thru at least 3 Cold starts...on a new Clean install. I normally reboot at least twice anytime I replace hardware or major pieces of software and usually that clears most gremlin issue's up.

    What I don't know is why…(you notice, I just gotta know why a personality quirk I guess bugs the other half to death)
    the port wasn't detected on 3 different boots, but shows up after a backup (and complete reconfiguration) I am guessing that the Mac and information on the port was saved in something in config.xml or another file NOT in this file.

    So somehow when Box crashed the information was either deleted or scrabbled on the NIC card and the reinstall, rewrote the information to the registers, but OpenVPN was Hiding the information from the System and not making the Port available.

    So from what I'm seeing anybody that upgrades to 2.1.4 that has an OpenVPN client best delete it all…Certs, in bindings to NIC's,  and do a Cold Boot, etc .....BEFORE installing the update. Personally I'm going to wait a few more days or week or two to do any upgrade. I have noticed a lot of people having issues with OpenVPN Package and update and some of the other issues occuring my be related.......seems that new version and any bindings (I wouldn't know if this affects VLAN's and other Exotic tweak's) don't get along very well.

    Anybody got idea's ..............I just gotta know why!

  • @bryan.paradis:

    You need to explain exactly what you did when the box first hung and made you rebuild. You also need to include what version you were running and what version you reinstalled.

    Installed Version Was:    2.1.3

    Reinstalled Version Was  2.1.3

    Restored backup config.xml file (With OpenVPN still active)…......But this part I don't get.....the backup (I tried that before the clean install) should have undone the change I did....but it didn't.

    There must be another file that holds the OpenVPN and port bound to information .......probably would be good idea to code something in the backup process to include this info, this might help with the upgrade breaking so many things. Including (or giving the option to include) these files might make for a smoother upgrade or at least a less stressful recovery process if it doesn't work well.

    But that's just my opinion......I'm not a coding type person. But give me a schematic, the theory of operation of an item, a good soldering iron and a little time and I'll find and fix about any electronic item that's broken.

    Not going to do ANY version upgrade for week or two...........seen too many various glitches and things broken with new upgrade....goin give the dev's time to smooth out the bumps, the upgrade changes look great, but.........


    Went to Bridge vge2=OPT2(open) > vge1=OPT1(LAN) and crashed, couldn't access the system through WebConfig. ReBooted the system to get access to try and undo interface assignment and system was hung on Loading Pfsense and wouldn't complete Loading System…...tryed 2-3 times to get system to load no luck.

    After thinking about it and the fact that OpenVPN was evidently bound bound to that port, that was probably what threw the system into a panic and froze it.

    Have learned to do any Bridging or other Exotic Flavors of tweaking that might bind to an Interface at such a fundimental level.... BEFORE setting up OpenVPN. I had thought that OpenVPN was bound to and worked at the WAN interface.

    Thanks for asking.

  • Netgate Administrator

    When you say cold boot what exactly do you mean?
    If you didn't actually remove the power cable and you have an ATX power supply it's possiblem the NIC remained powered and kept some bad values that crashed it until all power was removed for whatever reason. I've not seen happen with a NIC but I have seen USB controllers do that. I once completely re-installed Windows, twice, in an attempt to get my USB ports back. Only when I actually pulled the power plug did they come back.


  • Complete power down…..this Box is built on an older Wyse Thin Terminal XL3455, 550Mhz Via Proc, 1 gig of ram and a 4gig CF card on an IDE cable adapter. Has a small switched 12 v input power supply, not the typical ATX But it Does have a PXE boot bios onboard. But to be sure I shut it down...pulled power plug...removed Quad Nic....reinstalled a single port NIC....reboot read that OK (I was trying to make the Box and Pfsense remake any config files and hopefully get rid of any old setting so it could get a good scan on the Quad.
    So shut it down pulled the Plug....R/R Quad NIc and rebooted....Still no port, thats when the decision to nuke the existing install and go clean....

    I am pretty sure that the OpenVPN module was storing the Port Information in some config file somewhere...I know not where as I'm not a "Unix" guy. Because after reinstalled the backup Config.xml and that didn't appear to fix it, I just went to uninstalling nearly all the previous configuration. As soon as I deleted the Openvpn Client...Bingo my Port was really never went anywhere, just into hiding in the OPenvpn config files somewhere.

    There must be a file in the Openvpn module that when you setup the Interface it stores the Mac info and then shows you the opvpn interface AND must do something else (maybe set a registar digit oddball ) as even after a clean burn of CF and reboot...the Port was still missing...the Pfsense inital scan couldn't find and I rebooted twice from the clean the Radio business we used to call these type Gremlins............FM.  Use your imagination on the F and the M...a tad spicey.

    Now I'm having trouble getting my PIA Openvpn setup,,,,,setup again. I can't seem to get the certs setup right, and then the NAT has to be setup and a few firewall rules. Being very cautious on exact setup as I don't want to setup myself for another fall.

    Would rather setup the VPN client bound to the WAN not anyoher interface's and then setup a firewall rule for the one or two PC's and Tablet that would be using it. Only PC I really want using the VPN is mine and my tablet and my laptop....thats it. The other half can't use the VPN as Hulu and CBS are blocking PIA's IP's......(unless I can figure out how to somehow Proxy the VPN IP and move it off the known PIA IP list.

    But remaking the Certs is giving me fits.......keep getting a "soft authorization error of some kind" and the connection resets and fails again, and again.

    I really am confused on why with a totally clean reburned card that the Box failed to pick up all four ports, its these kind of weird quirks that drives an old electronic tech the battle's on between ME and IT !!.........unless it did but somehow the port maybe showed as a USB port or com port on boot up scanning and I didn't catch the difference.

    Sooooo I'll probably be posting on there real soon.


  • If you still have copies of the config.xml that drops one of the ports (but has working PIA) you can try and compare the OpenVPN section with the currently working config.xml.

    It might point at the difference in the OpenVPN configs that are causing the drop. With a little experimentation you should be able to manually pull out the OpenVPN stuff from the "bad" config.xml that causes the problem. At worst it should give you the info you need to get your PIA back again.

    Playing in the config.xml file is not the prettiest way to solve issues, but it will give you a good idea of what actually goes on behind the WebGUI in many places.  A better text editor that handles XML (I like notepad++, it's free) is very helpful in these cases.  It lets you "minimize" all the sections of .xml you don't want to examine making your work a little clearer.

    Glad you're back on the path to a working system (again)  :)

  • Sounds like a plan to me…I did download Notepad++ and played with it some....I think I might have one or two backups, that might help.
    Not sure why Openvpn is being so ..... reluctant.

    Everyone thanks for the input...sometimes others can get you out of a (off the wall) groove your in.......expand the thinking so to say.

    Now if Notepad++ could do compare of two files........................

    2 days now and except for Openvpn being stubborn everything working smoothily

    Thanks all

  • @saytar:

    Now if Notepad++ could do compare of two files….....................

    It can… just open the 2 files (you will have 2 tabs), then select Plugins -> Compare (or press Alt+D)  ;)

  • Netgate Administrator

    Yes, +1 for Notepad ++, fantastic tool if you're running Windows. The hexedit pluggin is also great  :)


Log in to reply