[pfSense] 2.2.2-RELEASE bridge not setting STP

[Mark S.]

Hi Folks,

I wanted to report a configuration problem with PFSense 2.2.2 with 
bridged interfaces.  Specifically, this case involves a bridge 
configured with two members.  I'm able to set advanced options for stp, 
edge, and ptp on each interface as needed, and they are properly stored 
in /conf/config.xml.


When this PFSense box is rebooted, the edge and ptp options are applied 
to the bridge members, but not the stp option.  See the following example.


...relevant snipped from config.xml...

bridges
bridged
memberslan,opt1/members
descr/
maxaddr/
timeout/
stplan,opt1/stp
maxage8/maxage
fwdelay5/fwdelay
hellotime/
priority/
protorstp/proto
holdcnt/
ifpriority/
ifpathcost/
edgeopt1/edge
autoedgelan,opt1/autoedge
ptpopt1/ptp
autoptplan,opt1/autoptp
bridgeifbridge0/bridgeif
/bridged
/bridges

Note that STP is enabled on both lan and opt1.  After a reboot, see 
the following where STP is not enabled on either bridge port.


: ifconfig bridge0
bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 
1500

ether 02:20:c8:8c:f9:00
nd6 options=1PERFORMNUD
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: igb1 flags=2a3LEARNING,DISCOVER,EDGE,PTP
ifmaxaddr 0 port 6 priority 128 path cost 200
member: igb0 flags=3LEARNING,DISCOVER
ifmaxaddr 0 port 5 priority 128 path cost 200


A manual fix-up to enable STP on both ports, followed by the expected 
output from ifconfig:


: ifconfig bridge0 stp igb0 stp igb1

: ifconfig bridge0
bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 
1500

ether 02:20:c8:8c:f9:00
nd6 options=1PERFORMNUD
id 00:1b:21:45:1a:b8 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:1b:21:23:64:20 priority 32768 ifcost 200 port 5
member: igb1 flags=2a7LEARNING,DISCOVER,STP,EDGE,PTP
ifmaxaddr 0 port 6 priority 128 path cost 200 proto rstp
role disabled state discarding
member: igb0 flags=7LEARNING,DISCOVER,STP
ifmaxaddr 0 port 5 priority 128 path cost 200 proto rstp
role root state forwarding

Best Regards,
Mark S.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 1 of 8 phase2 tunnel will not come up

[Christoph Hanle]

On 28/04/15 22:34, Christoph Hanle wrote:
 Hi,
 we are getting crazy with one tunnel
 our system pfSense 2.2 failover cluster
 other side a bigger Juniper.
 VPN with 6 tunnels was up.
 the 7th tunnel (10.2.2.55) fails.
 the afterwards created 8th tunnel is OK again.

Problem is gone, don't ask why.
I seems that on our side or at the other side a child SA process was not
proper released.


bye
Christoph
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 1 of 8 phase2 tunnel will not come up

[Chris Buechler]

On Wed, Apr 29, 2015 at 1:22 PM, Christoph Hanle
christoph.ha...@leinpfad.de wrote:
 On 28/04/15 22:34, Christoph Hanle wrote:
 Hi,
 we are getting crazy with one tunnel
 our system pfSense 2.2 failover cluster
 other side a bigger Juniper.
 VPN with 6 tunnels was up.
 the 7th tunnel (10.2.2.55) fails.
 the afterwards created 8th tunnel is OK again.

 Problem is gone, don't ask why.

My guess is this:
https://redmine.pfsense.org/issues/4665

It might not be, but the symptom seems like it could match.

If you see a similar symptom, check the output of ipsec statusall
for the reqid values. They should be unique for each P2. If any of
them are duplicated, that's #4665.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold