Can't get pfSense router working with Mercury ISP

Forums › New Zealand Broadband › Can't get pfSense router working with Mercury ISP

Seasport

50 posts

Geek

#314975 4-Jun-2024 13:09

Hi all,

Been banging my head against the wall trying to get pfSense router (running on mini PC) working with Mercury ISP. Should be straight forward enough. Requirements from Mercury are:

DHCP with Dynamic IP enabled

NAT enabled

VLAN ID=10

I set the WAN I/F to DHCP, Set up VLAN ID 10 on WAN port. Default pfSense outbound NAT automatically translates internet bound traffic to the WAN IP address.

But I'm not getting a WAN IP address assigned by ISP DHCP and so zero traffic.

Would be grateful for any insights or guidance as to what I might be doing wrong.

SirHumphreyAppleby

2844 posts

Uber Geek

#3244386 4-Jun-2024 13:42

I set the WAN I/F to DHCP, Set up VLAN ID 10 on WAN port.

I suspect this is where the problem is. It may not be what you intended, but the order you describe setting this up is incorrect. Create the VLAN on the Interface first, then assign the VLAN as the WAN interface. Next, configure the WAN/VLAN interface to use DHCP.

evilonenz

/dev/urandom
287 posts

Ultimate Geek

ID Verified

Trusted

Lifetime subscriber

#3244390 4-Jun-2024 13:52

As above. Ensure you are setting the VLAN 10 interface under your WAN Assignments, and then continue to setup the WAN interface as required from there.

Smokeping

Referral Links:

Quic - Use code R536299EPGOCN at checkout for free setup
Contact Energy - Use code FRTQDXB for $100 credit

Ruphus

465 posts

Ultimate Geek

#3244393 4-Jun-2024 13:58

Did you change the WAN interface to use the VLAN (something like vlan01) in the assignments section? I'm running a virtualized OPNsense router on Mercury without any issues. Unfortunately, I can't show you my VLAN setup for the WAN as I have it configured on the VM interface.

Seasport

50 posts

Geek

#3244454 4-Jun-2024 15:57

Thanks for the tips all.

I did the following:

Disabled the WAN I/F
Created a VLAN with Tag 10 on the WAN I/F port
Enabled the WAN I/F using DHCP (MTU=1500, MSS=1492)

But no WAN IP address is being allocated. I have the network working fine with the supplied Eero 6+ router

What else can I do??

taneb1

516 posts

Ultimate Geek

ID Verified

Trusted

Mercury

#3244461 4-Jun-2024 16:48

While I'm not 100% across pfSense configurations, there isn't anything on our side that would be blocking you from setting this up.

The only thing to note is similar to other ISP's, there is a slight window (Believe its around 10 minutes) where you will need to wait for the old DHCP lease to expire, before it will issue you a new one on a new device.

Outside of that, possibly the config in this thread may help with the config if it differs to what you've already set up (May also want to enable DHCPv6 as well)

Any comments made are my personal views and does not represent those of my employer

shrub

775 posts

Ultimate Geek

ID Verified

#3244464 4-Jun-2024 17:05

Seasport:

Thanks for the tips all.

I did the following:

Disabled the WAN I/F
Created a VLAN with Tag 10 on the WAN I/F port
Enabled the WAN I/F using DHCP (MTU=1500, MSS=1492)

But no WAN IP address is being allocated. I have the network working fine with the supplied Eero 6+ router

What else can I do??

Its a while since I used pfsense but I dont think you should be disabling wan interface. On initial setup when it asks for vlan you set the port with the vlan_10 then assign to wan.

Id take the Eero router completely out of the setup until you have a solid wired link then add it in. Are you planning on using DHCP lan server on Pfsense or Eero?

MaxineN

Max
1772 posts

Uber Geek

ID Verified

Trusted

Subscriber

#3244466 4-Jun-2024 17:14

Vlan tagged interface needs to have DHCP plus whatever else is required.

Your wan interface is just a dummy to up the actual physical nic.

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

Seasport

50 posts

Geek

#3244479 4-Jun-2024 17:45

Thanks for the tips all.

I will try again and wait 10 minutes after disconnecting the Eero. Maybe that's the problem. I intend to use the pfSense box as the router (I run OpenVPN on it) and use the Eeros just as access points. But I am swapping between the Eero and pfSense box when testing to give everyone internet until I get it working.

I'll unassign the NIC from the WAN I/F, set up the VLAN and then assign the NIC to the WAN (and wait 10 minutes). Here goes.

MaxineN

Max
1772 posts

Uber Geek

ID Verified

Trusted

Subscriber

#3244482 4-Jun-2024 18:02

Nah you need the wan IF otherwise you can't bind the vlan.

Steps(I am typing this from a phone).

1. Ensure the WAN interface is completely blank, keep it enabled.

2. Create your VLAN tag interface and assign it to your WAN interface.

3. You will now have a VLAN interface to assign, assign it.

4. With your assigned VLAN interface set it up as if it's your WAN interface for realsies so DHCP + whatever is required for IPV6(probably don't care right now about this). Ensure your MTU is 1500.

5. Save it and apply.

6. You should have profit.

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

Seasport

50 posts

Geek

#3244487 4-Jun-2024 18:34

Success! It was a simple thing (as I suspected) and you were all on the right track. I was assigning the WAN port incorrectly to the NIC. When I looked at the drop down options to assign to the NIC, one of these was VLAN 10 on igc0. When I selected this option - Bam an IP address was assigned by the ISP. I then had some weird behaviour in browsing websites but a reboot of pfSense fixed that. So all good.

Thanks all for your help. Saved me tearing my hair out.