mercoledì 3 febbraio 2016

pfSense on XenServer: enable VLAN Support for xn ethernet adapter

I was migrating my PfSense boxes from vmware to xenserver and I was disappointed when trying to create a VLAN the XenServer xn interface wasn't listed as capable.

I lurked in forums in search for a solution and found that in stock BSD the xn interface is reported working fine with VLANs, even the vlanmtu is not reported as capable at driver level.

So my idea is to cheat pfsense and report xn network devices as VLAN capable.

Here's the trick:

Go to Diagnostic -> Edit File
Load file /etc/inc/interfaces.inc

Locate the function is_jumbo_capable ( in pfsense 2.2.6 starts at line 5181) end edit as is:

/****f* interfaces/is_jumbo_capable
 * NAME
 *   is_jumbo_capable - Test if interface is jumbo frame capable.  Useful for determining VLAN capability.
 * INPUTS
 *   $int             - string containing interface name
 * RESULT
 *   boolean          - true or false
 ******/
function is_jumbo_capable($iface) {
$iface = trim($iface);
$capable = pfSense_get_interface_addresses($iface);

if (isset($capable['caps']['vlanmtu']))
return true;

// hack for some lagg modes missing vlanmtu, but work fine w/VLANs
if (substr($iface, 0, 4) == "lagg")
return true;

        // hack for XenServer xn interfaces
if (substr($iface, 0, 2) == "xn")
return true;


return false;
}


Then go to Interfaces->Assign->VLAN and create your VLAN interface on your xn network!


Refers To: Pfsense issue 4103

7 commenti:

  1. Hi there, how it's working after changes ? did you find some issue to remark ?

    RispondiElimina
    Risposte
    1. In some case it works fine and in some case there's some issues passing traffic from non tagged lan to tagged ones.
      Needs extensive testing

      Elimina
  2. Questo commento è stato eliminato dall'autore.

    RispondiElimina
  3. In my case i have configured this setting but when i made this changes then pf sense found issue not open in browser.

    RispondiElimina
  4. Ok, work for me. And what about Firewall > Traffic Shaper > By Interface ?

    This firewall does not have any interfaces assigned that are capable of using ALTQ traffic shaping.

    Have this notifications. Please help, thank you

    RispondiElimina
  5. Please note that you need to set mtu of the physical interface (pif) in xenserver to 1504 to allow the vlan header to fit in to the frame.
    This also means that the interface should not be the same as the management-interface.

    RispondiElimina
  6. didnt work w/ pf 2.5.1 xenserver 7.6

    RispondiElimina