hhf/pfatt
1
0
Fork 0
Code Issues 26 Pull requests Projects Releases Packages Wiki Activity Actions

opnsense fails to bring up pfatt interface on boot #10

New issue
Closed
opened 2020-06-06 15:09:12 +05:30 by briangordon · 7 comments
briangordon commented 2020-06-06 15:09:12 +05:30 (Migrated from github.com)
Copy link

Whenever I reboot my firewall, the WAN interface fails to come up. From /var/log/pfatt.log:

2020-06-05 21:37:53 :: [pfatt.sh] :: building netgraph nodes...
2020-06-05 21:37:53 :: [pfatt.sh] ::   creating ng_one2many... OK!
2020-06-05 21:37:53 :: [pfatt.sh] ::   creating vlan node and interface... OK!
2020-06-05 21:37:53 :: [pfatt.sh] ::   defining etf for bge1 (ONT)... OK!
2020-06-05 21:37:53 :: [pfatt.sh] ::   defining etf for ue0 (RG)... ngctl: send msg: No such file or directory

I guess the USB fast ethernet adapter isn't available yet when the /usr/local/etc/rc.syshook.d/early/ scripts run. Unfortunately if I move the pfatt script to the start directory then the firewall comes up with the wrong interface assigned to WAN.

If I put the pfatt script into the early directory then it partially runs until failure and I can SSH into the firewall and re-run the pfatt script manually. This works fine but it's hardly an ideal solution.

I'm using the exact ethernet adapter recommended in the readme, on an older (c. 2012) Dell PowerEdge server, running opnsense 19.7.10.

Has anyone else had this issue? If others have had this same problem then it might make sense to revise the README.

Whenever I reboot my firewall, the WAN interface fails to come up. From `/var/log/pfatt.log`: ``` 2020-06-05 21:37:53 :: [pfatt.sh] :: building netgraph nodes... 2020-06-05 21:37:53 :: [pfatt.sh] :: creating ng_one2many... OK! 2020-06-05 21:37:53 :: [pfatt.sh] :: creating vlan node and interface... OK! 2020-06-05 21:37:53 :: [pfatt.sh] :: defining etf for bge1 (ONT)... OK! 2020-06-05 21:37:53 :: [pfatt.sh] :: defining etf for ue0 (RG)... ngctl: send msg: No such file or directory ``` I guess the USB fast ethernet adapter isn't available yet when the `/usr/local/etc/rc.syshook.d/early/` scripts run. Unfortunately if I move the pfatt script to the `start` directory then the firewall comes up with the wrong interface assigned to WAN. If I put the pfatt script into the `early` directory then it partially runs until failure and I can SSH into the firewall and re-run the pfatt script manually. This works fine but it's hardly an ideal solution. I'm using [the exact ethernet adapter recommended in the readme](https://www.amazon.com/gp/product/B00007IFED), on an older (c. 2012) Dell PowerEdge server, running opnsense 19.7.10. Has anyone else had this issue? If others have had this same problem then it might make sense to revise the README.
Watanuki-kun commented 2020-06-07 22:13:23 +05:30 (Migrated from github.com)
Copy link

I know that in general, usb network adapters are a bit finicky. If your guess is right, it might just be a timing issue. Have you tried to putting in a boot delay to see if the nic needs more time to be visible/initialize?

I know that in general, usb network adapters are a bit finicky. If your guess is right, it might just be a timing issue. Have you tried to putting in a boot delay to see if the nic needs more time to be visible/initialize?
👍 1
maxfield-allison commented 2020-07-30 20:48:05 +05:30 (Migrated from github.com)
Copy link

You should be using the opnatt.sh script, not the pfatt.sh script

You should be using the opnatt.sh script, not the pfatt.sh script
briangordon commented 2020-07-30 20:55:31 +05:30 (Migrated from github.com)
Copy link

You should be using the opnatt.sh script, not the pfatt.sh script

I first set up the pfatt script before openatt.sh was split off, and I don't see anything that would make a difference. The old script had a variable for switching between opnsense and pfsense.

> You should be using the opnatt.sh script, not the pfatt.sh script I first set up the pfatt script before openatt.sh was split off, and I don't see anything that would make a difference. The old script had a variable for switching between opnsense and pfsense.
👍 1
maxfield-allison commented 2020-07-30 22:54:08 +05:30 (Migrated from github.com)
Copy link

Have you tried using the new opnatt.sh instead? You could try to put pfatt.sh in /usr/local/etc/rc.syshook.d/early as 99-pfatt.sh

Have you confirmed that the needed modules are loaded by doing kldstat -v?
If not, you may need to add /boot/loader.conf.local with the following:

netgraph_load=”YES”
ng_UI_load=”YES”
ng_async_load=”YES”
ng_bpf_load=”YES”
ng_bridge_load=”YES”
ng_car_load=”YES”
ng_cisco_load=”YES”
ng_deflate_load=”YES”
ng_echo_load=”YES”
ng_eiface_load=”YES”
ng_ether_load=”YES”
ng_frame_relay_load=”YES”
ng_hole_load=”YES”
ng_iface_load=”YES”
ng_ksocket_load=”YES”
ng_l2tp_load=”YES”
ng_lmi_load=”YES”
ng_mppc_load=”YES”
ng_one2many_load=”YES”
ng_pipe_load=”YES”
ng_ppp_load=”YES”
ng_pppoe_load=”YES”
ng_pptpgre_load=”YES”
ng_pred1_load=”YES”
ng_rfc1490_load=”YES”
ng_socket_load=”YES”
ng_tcpmss_load=”YES”
ng_tee_load=”YES”
ng_tty_load=”YES”
ng_vjc_load=”YES”
ng_vlan_load=”YES”

You shouldn't need to on that version of OPNsense but it couldn't hurt to try.

Have you tried using the new opnatt.sh instead? You could try to put `pfatt.sh` in `/usr/local/etc/rc.syshook.d/early` as `99-pfatt.sh` Have you confirmed that the needed modules are loaded by doing `kldstat -v`? If not, you may need to add /boot/loader.conf.local with the following: ``` netgraph_load=”YES” ng_UI_load=”YES” ng_async_load=”YES” ng_bpf_load=”YES” ng_bridge_load=”YES” ng_car_load=”YES” ng_cisco_load=”YES” ng_deflate_load=”YES” ng_echo_load=”YES” ng_eiface_load=”YES” ng_ether_load=”YES” ng_frame_relay_load=”YES” ng_hole_load=”YES” ng_iface_load=”YES” ng_ksocket_load=”YES” ng_l2tp_load=”YES” ng_lmi_load=”YES” ng_mppc_load=”YES” ng_one2many_load=”YES” ng_pipe_load=”YES” ng_ppp_load=”YES” ng_pppoe_load=”YES” ng_pptpgre_load=”YES” ng_pred1_load=”YES” ng_rfc1490_load=”YES” ng_socket_load=”YES” ng_tcpmss_load=”YES” ng_tee_load=”YES” ng_tty_load=”YES” ng_vjc_load=”YES” ng_vlan_load=”YES” ``` You shouldn't need to on that version of OPNsense but it couldn't hurt to try.
briangordon commented 2020-07-30 23:05:14 +05:30 (Migrated from github.com)
Copy link

Yes, that's the directory (and file name) where I've put the pfatt script. And I'm sure that the right modules are loaded; I suspect that it's just the interface that's not available yet when the early scripts run.

Thanks for your help though.

Yes, that's the directory (and file name) where I've put the pfatt script. And I'm sure that the right modules are loaded; I suspect that it's just the interface that's not available yet when the `early` scripts run. Thanks for your help though.
MonkWho commented 2020-08-02 00:20:23 +05:30 (Migrated from github.com)
Copy link

I saw previously that someone had success running the script in /early if they named it 99-opnatt.sh. I believe that made it execute last but I don't know if they were using a USB NIC or not.

You might also want to look into a supplicant mode if your ATT RG is one of the easily rootable models like BGW210. This method eliminates a need for a secondary NIC and you can put your RG away completely.

I saw previously that someone had success running the script in /early if they named it 99-opnatt.sh. I believe that made it execute last but I don't know if they were using a USB NIC or not. You might also want to look into a supplicant mode if your ATT RG is one of the easily rootable models like BGW210. This method eliminates a need for a secondary NIC and you can put your RG away completely.
MonkWho commented 2020-09-12 05:33:29 +05:30 (Migrated from github.com)
Copy link

There hasn't been any activity in this thread for a while so I'm going to go ahead and close the issue.

There hasn't been any activity in this thread for a while so I'm going to go ahead and close the issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
supplicant
supplicant_OPNsense_testing
No results found.
Labels
Clear labels   
bug

Something isn't working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
bug
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: hhf/pfatt#10
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?