Greetings ohh wise internet, full on noob trying to configure my pfsense router for the first time. Have tried for the last two days to get to the web gui without success.
Hardware
Modem- Arris TG1682G- In Bridged Mode (called to configure) (this is a business connection, not sure if this can cause issues)
Router- QOTOM MiniPC (Q555G6)- 6x intel I211 Nic’s, 2.5Ghz intel CPU, 8G RAM, 256gb ssd
Client PC- 2.5Gbe- I225-V
Hardware Route
Bridged Modem → Pfsense Router → Client PC
Problem
- Client PC cannot connect to LAN to access web gui
- Client PC cannot ping pfsense router when connected, despite getting a DHCP assigned IP from defined IPV4 range (CAN successfully ping that address from client PC (itself- 192.168.1.100), but i assume that’s a given once it has it’s address). Still cannot ping the actual lan 192.168.1.1 from client.
Diagnostics Attempted
- I’ve tried assigning static IP, and connecting to that without DHCP on client PC and on router.
- Multiple factory resets and fresh installs
- Assigning interfaces, creating opt1 interface and connecting PC to that instead of LAN with and without DHCP (was just trying stuff, have no idea if this is correct).
- Lot’s of other BS
- Wallowing in sorrow/kicking self
Current Router Config
- Fresh Install
- IGB0 = WAN
- IGB1= LAN – Pretty sure it’s correct port, as i get address from DHCP range only when connected to this port.
- IGB1/LAN- Used default 192.168.1.1 IPV4 IP, configured IPV4 connection with DHCP (START)192.168.1.100 - (END)192.168.254.
- Client PC shows start address and when ipconfg /all . When hitting “diagnose” PC will connect to network and show it’s connected for a brief moment (20 seconds or so with internet access) then drops the connection. Menu does sometimes show packets being received from router.
**Things that do work from router itself **
- Pinging router from console/ shell works.
- Pinging WAN IP works
- Pinging google works
- It’s just when i try to connect the client that i’m having issues. And without any solid relationship with all of these concepts, it’s rough lol.
Ethernet adapter Ethernet 2: – Client PC ipconfig/all
Connection-specific DNS Suffix . : home.arpa
Description . . . . . . . . . . . : Intel® Ethernet Controller (2) I225-V
Physical Address. . . . . . . . . : B4-2E-99-FB-47-34
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b17c:108e:aac3:363f%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, April 20, 2021 3:03:45 PM
Lease Expires . . . . . . . . . . : Tuesday, April 20, 2021 4:54:08 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 649342617
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-D0-D9-0E-04-33-C2-C5-D1-9A
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Questions
- Do i need a switch? Is my setup somehow affecting the way that the default gateway is accessed without a switch? - Have seen some say the qotom’s cant act as a switch, but didnt think i needed switching with a single client like this.
- When hitting the “diagnose” button on client, which is the only way it will briefly connect, it will fix the connection, showing that it resolved “default gateway is not available”
Long term goals for setup
- WAP - Have unifi long range on hand.
- Client PC- Main gaming rig/work station- Just built it super excite. Just want solid routing performance, maybe some buffer bloat stuff idk.
- Old machine (Dell XPS 8700) with Ubuntu ETX4 root and 2x 12TB in ZFS- Open VPN- Want to lock this one down. Wanted to sort my routing first.
Whining
- I wasnt trying to go “cheap” with the setup, just wanted a powerful router for the money, can buy a switch if i need to, but didnt think i’d need it for only two potential client PC’s, and a Unifi AP (with a few clients popping in and out). I downed my net and work from home, so i’m hot spotting rn due to my ignorance, which is rough.
There have been some topics that covered this on this forum, but i still can’t figure it out. Any help greatly appreciated. Can defiantly dig deeper but i’m at the limits of my technical capability to diagnose this :(. But willing to try/ learn with any suggestions.
First thing to try: cut the pfSense router out and connect the client directly to the modem. Does it work? If so, you don’t need to worry about that hardware.
Next step: connect client to pfSense box, w/o modem connected. Does it work? If it does, there’s probably a 2nd DHCP server in your setup somewhere. Find out where and shut it down/disable it.
Make sure you connect via the correct protocol: http or https. You can’t mix 
1 Like
Unfortunately i have tried multiple times without the WAN on fresh installs to no avail.
LAN is the only way I’m gonna be able to access the webgui correct? - I’m cool with trying diagnostics for WAN when i get there (although since i can ping google from router itself it seems ok).
Have tried both IGB0 and IGB1 configured as LAN to client PC with the same results.
To clarify, the only way to access the webgui is via client PC, with a working network connection, and a ping response to 192.168.1.1 on client PC?
No, you should be able to hook up a monitor and keyboard to the pfSense box and use the web-UI locally.
https://localhost:443 ← this should land you straight into the webUI if you access it from the pfSense hardware itself.
There are other options, like SSH, but for novice users not so well suited. Yet
1 Like
JeeZ, didnt know I could do it that way! Finishing up work and will give that a try, I already have a monitor and keeb hooked up, stoked to try it, will report back. Thanks for the help man!
Just to temper your expectations: notice the word should 
Sorry for my noobness, but where would I enter that address? In the shell?
I tried doing this in shell with IP, http and https, also with “telnet” + IP and also with the https local host address, but I’m kinda just throwing stuff at the wall lol.
Bahah don’t worry man, I mentally prepared myself for this. I’ve been training at struggling for many years now.
1 Like
Oh dear, I may have overlooked something: there’s no webbrowser on a standard pfSense install, isn’t it?
Assuming you can log in locally on the router, see if you can install a text-based browser like elinks or, even better if it works, a gui-based browser like midori. For gui-based browsers, just click on the link I gave you. For text-based browsers, type something like this:
elink https://localhost:443
Press enter and it should open the web-ui. Navigate with arrows, tab and enter keys.
1 Like
Just because it’s “assigning” an IP doesn’t mean it actually is. I’ve had issues where my client NIC somehow pulls in an old IP address despite it not making a LAN connection. You could try resetting the NIC on your client. That said
WAN shouldn’t need to be connected for LAN to work (unless you’re mis-assigning the interfaces, but it sounds like you’ve tested that) so I would worry about LAN first and troubleshoot modem connection later. In fact, to remove variables, I’d unplug the modem entirely for now.
What happens if you change the client DNS server to something else, like 1.1.1.1 or something?
And just for the heck of it, have you tried different LAN interfaces on the server?
1 Like
Yea I’m seeing that too, whenever I’m connected to the wrong port, or haven’t used “diagnose” in a while to reset the client NIC windows ipconfig /all will show an old 169 IP address.
DHCP Router- Client on AUTO Trial
Ok, so i did try switching ports before, but i just tried again. Assigned LAN to igb3 this time, 192.168.1.1, DHCP 192.168.1.100-254. Behaves the same as before.
With DHCP Auto on client, hit “diagnose” – windows does shit, then the adapter comes up, shows the gateway message below, and 20 seconds or so later it goes back down.
Static IP Trial
Is this the right way to do a static IP? I set igb3 LAN to 192.168.1.1 on router, Disabled DHCP, disable IPV6. Enter same address for IPV4 IP in windows? Is this a problem to have the default gateway the same as the IP? Have tried many different combinations/ DNS’s and IP’s/ default gateways (usually 4.4.4.4 / 8.8.8.8). I’ve never gotten a connection when i dont have DHCP on. I’m sure I’m missing something.
This is what i just tried ^
It shows the irrelevant IP, and the one i assigned in IP config.
Then i enter the same thing into the fancy GUI non control panel menu.
And after that the IP I assigned in the control panel menu dosnt even show up anymore. It’s only the old “dummy” address.
To top it off, this 2.5gbe intel on the client PC is quirky, it works ok for me, never any performance problems really, but even just plugging it into my modem/gateway/router before all this it was a bit quirky. Sucks to have as a variable. I’ve tried another laptop as well though and no go so. Prolly not it’s fault.
Might give that local router browser install via shell a try lol. Thanks for all the help man. What an interface this forum has, expertly thought out.
Are you setting the client and the gateway to 192.168.1.1 at the same time? To set static IP of the client, you’d want to assign the client MAC address an IP via the router, and you’d want that to be different than the gateway IP. So for instance, on my network, my router LAN IP is 192.168.1.1 (which is my gateway), my switch is 1.2, my AP is 1.3, my desktop is 1.10, etc. And I set those through the DHCP server on the router. Setting the client and the gateway through .1.1 will make the client search for the WAN network on its own interface.
I believe by default, the router sets itself to have a static IP of 192.168.1.1/24. It’s probably worth double checking that your subnet mask matches your CIDR suffix. If your subnet mask is set to 255.255.255.0 you need to have the CIDR suffix set to 24 bits (hence the /24 at the end of the IP). If you changed that during setup, trying to connect with a subnet mask of 255.255.255.0 might not work.
1 Like
@Tanner_Pinney You are getting some good advice here, but I can’t resist kibitzing. @COGlory isn’t exactly wrong about a static IP address, but is describing a more permanent setup managed by the pfSense box. Your post sounds to me like you were looking for a quick configuration to get something, anything working.
As COGlory (almost) said, the only problem I see with your static IP setup is that the client IP address must be different from the router’s IP address (and the gateway’s, but the gateway is the router). Pick another address 192.168.1.N where N is from 2 to 254 (255 is reserved). Since you have set the DHCP server to provide addresses 100-254, it makes sense to use a static IP address where N is between 2 & 99.
The gateway is the device through which the WAN is accessed - your router; packets for destinations not on the local net will be forwarded via the gateway.
You say that the client “cannot ping”. Do you mean that ping runs, but all the packets are lost with no reply? Or is there an error message such as “network unreachable”?
Seems like you are almost there, even in your first posting. Good luck.
2 Likes
you can run nmap https://nmap.org
and see what ports are open on your router.
nmap 192.168.1.0/24
should find it.
but if its masking your router claiming all ports are blocked or host is down.
use
nmap -Pn 192.168.1.0/24 --system-dns
once you see the range of devices on your network router you can drill down to see what is on each live ip in the range is doing.
by using nmap -O -Pn 192.168.1.*** --system-dns
will tell you whats running on the ports of that ip.
and one of them should be your router gui.
once done open a web page and type the ip and port number in the address box… it should open your gui. if it doesnt check the http:// header in the address and see if its trying to access http or https … if its https try switching it to http or vice versa (sometimes works).
2 Likes
Kabitz to your hearts content! I was definitely misunderstanding things, thank you guys SO much for learnin me da puter. I have, however, tried it this way before, but now I’m more certain the client pc has the right values.
Ok so, basically, pfsense should work exactly out of the box for me. Since DHCP is enabled by default. With a range between 192.168.1.100-199(docs said i think) my PC receives the 1st in that list. Re-defining igb1’s IP isnt needed ATM since by default pfsense dosnt assign it’s gateway to an IP in the DHCP range? So i just started from scratch again lol.
Current Config – Wiped everything again
Default/ Untouched Router IP 192.168.1.1
Client PC Gets DHCP Address Below
I enter that address here, with the default gateway 192.168.1.1
And overall, i get almost identical behavior to what i was describing above with these settings. Hitting “diagnose” cycle’s the client PC NIC, the utility reports
The connection comes up for a second, it says “internet”, it shows received packets here
But then it goes down again in 20 seconds or so. Will try my work laptop next now that I’m more confident in the IP values. Still am not able to ping 192.168.1.1 on client windows PC.
@anon7678104 - Do i need to install nmap on my router or on the client PC with sudo or something? I tried those commands in both shells with no success, but it aint sayin much as i’m monkeying around over here.
Thanks again guys, really didn’t expect that it’d take me 3 days to get to minute 3 of all the tutorials I’d been pawning over bahaha. But this surely is one way to memorize the terminology better lol.
YO, WUB, ALUB, ADUB DUB, IM FREaKIN LIVE SON! I’d like to officially say horrible things about Intel® Ethernet Controller (2) I225-V’s momma and ancestors.
Motherboard= Z490 Giagabyte Aurus Ax Pro
I plugged in my work laptop (thinkpad) again after the above clean start^. It has a small little “hub” with an ethernet port. The thing just instantly connected. Didn’t have to do anything. Thank you guys a lot, gave me confidence in the IP configuration and prompted me to try other hardware again.
Today was supposed to be the day i got my sleep schedule normal. Will be tired and happy at work tomorrow, and will hopefully have a nice WIFI AP setup soon enough. So stoked. Not sure what is going on with my PC’s NIC, but IDC, CUZ I IZ LIVE.
2 Likes
Perfect. Glad it’s working. Obvious next step is to try a USB to Ethernet adapter or something and see if that fixes it. (Or try reinstalling your NIC or updating drivers or whatever you may not have tried yet). Or hell, even the cabling.
1 Like
Congratulations! Good luck sorting out the issue with the PC.
1 Like
Thanks fellas! I’m still wondering what my PC would do if I got a switch, will most likely bite the bullet and just snag an 8port unifi or something. I think the PC nic is on 1.0.28 (had a bunch of problems post PC build until I updated str8 from intel). Checked for new driver version throughout this process and I think I’m still on the latest. Unless you were referring to updating router nics.
I still don’t quite understand the utility in a switch when I have this many router ports, or how the switch could impact IP/network/gateway assignment that’s happening. Gotta do some more readin as to what the utility would be for my use case (outside of just the connectivity issue I’m have with PC).
It’s weird that the laptop + thinkpad doc connected instantly, but the PC direct into router just wouldn’t connect. Not sure if I have a laptop that has an ethernet directly on it to test, but would be interesting. I wonder if theres some sort of switching like functionality happening in the thinkpad doc. (for lack of better term).
on your pc client.
it has other uses too if you want to look them up.
such as scanning your network for known vulnerability’s. which you can then mitigate.
but fair warning. if some one compromises your network and see nmap on the system. its basically a win for them.
so remove it once your done using it 
for your own security.
1 Like
Well, it is unlikely that a switch will help (but see below). AFAIK, there isn’t yet much evidence that your PC Ethernet works at all. Have you used the same cable with the PC and the laptop? If not, try that and verify your cable is good.
Early on, @Dutch_Master suggested connecting the PC directly to the modem. If you haven’t done that, it would be a way of testing basic operation. (You will have to set the PC to use DHCP.)
There is an unlikely, weird way a switch might help. Way back in the day, Ethernet cables only worked between a computer and a switch; to connect two computers directly, a special “crossover” cable was needed to connect the wires correctly. But for years now, (nearly) all computers automatically detect whether crossover is needed and do that automatically in the computer. If that circuitry were faulty, and everything else working correctly, then connecting to a switch could make it work. But that seems v-e-r-y unlikely to be the case.
Of course, you get to choose your own adventure. Good luck!
