A deep concern over PFS security challenges.
A deep concern over PFS security challenges.
I've recently assembled a PFSense router using a repurposed Fujitsu Primergy server. It's an older Opteron model equipped with DDR3 RAM, an SSD, and a 4-port gigabit NIC. Prior to PFSense, this machine remained idle for months, and before that, it consistently ran Windows Server 2012 R2 without interruption for several months (likely longer than the trial duration). No problems occurred. About ten days ago, I installed PFSense. Apart from configuring the WAN and LAN ports, leaving the remaining ports untouched, I didn't make any changes. I connected the WAN to the IPS router, while using Ethernet ports throughout my home. Suddenly, everything functioned properly. I'm concerned (after numerous online searches) that I haven't added any add-ons or mods—just a straightforward download, using Rufus to create a USB image, installing it, and plugging in cables. The issues began a few days later: intermittently, connectivity would drop on Ethernet connections. Internet remained stable (Wi-Fi still active), but I couldn't access the PFSense interface or the internet via Ethernet. Once restored, both connections worked fine, though it sometimes took a couple of seconds to reconnect. I'm eager to explore more about PFSense configuration and test its capabilities, but currently it's only performing reliably. It's frustrating because I can reproduce the problem intentionally, yet I lack clear steps to resolve it. Have others faced similar challenges? What might be causing this? If helpful, my setup includes: ISP modem → single Ethernet → PFSense → LAGG (2 Ethernet in LACP) → Cisco Switch (really), then 2 Ethernet in LACP to the main PC; PFSense also linked directly to two Ethernet jacks elsewhere in the house, which were unused before. Before installation, the setup was: ISP modem → single Ethernet → Cisco Switch (really) → 2 Ethernet in LACP to the main PC → single Ethernet to another PC, all working smoothly.
What is this, exactly, and what does your LACP configuration look like?
Catalyst Express 500G, likely the 500G-12TC model with an 8+4 port setup. When flipping the switch, the relevant "Etherchannel" setup appears as follows: The main issue is a critical failure where the switch doesn’t always recognize the fan spinning, even though it does spin. On the router side, all IPs are configured statically. The lagging device is assigned to the "LAN" connection. After recent adjustments, I checked if connections bypassing the switch were affected and discovered DHCP was completely inactive for those interfaces (configured as OPT1 and OPT2). Now DHCP is enabled in those ranges, and they receive valid IPs. However, DNS remains unresolved—whether using Resolver or Forwarder services, changing between them affects which static DNS entries must be applied on the connected computers. The computers not passing through the switch still get incorrect DNS addresses regardless of settings. This seems to be the core problem, aside from the previous DHCP changes. I haven’t used the machines much since those last (DHCP-related) updates.
I didn't really find a better option. I discovered another driver for the Realtek NICs I'm using, but it's only a temporary fix. I'll need to swap out my whole Pfsense setup with something else, since those tiny boards don't have any PCI-E slots or compatible Intel NICs. *groan* Connect to Pfsense's command line and look at the dmesg output to see what's going wrong during connection problems. This tool shows kernel logs, so the recent lines might help identify the issue.
I just ran the command and reviewed the final output. The last few lines indicate:
- IPv6 addresses on igb2 were removed before being added to avoid scope violations.
- Link states changed multiple times, with some going down and others staying up.
- The system is currently in a stable state, though no recent changes.
- Broadcom and Intel confirmed via pciconf that certain configurations are active.
The specific lagg members are igb1, igb2, and igb3. The process didn't terminate immediately, but no ongoing issues were detected.
Notably, the same problem appeared with my Realtek NIC, where the driver failed to function correctly and the device kept failing. I was mistaken about Intel NICs being reliable; I wasn’t sure what to do beyond possibly trying alternative Intel cards on eBay to test their performance.