Cannot get plugins working using VLAN interface

[mhollis60]

Hi,

I have an Intel 1000CT NIC in an HP Microserver 40L running FreeNAS 8.3.0-RELEASE-p1-x64 (r12825). I have the server connected to a Netgear GS108Tv2 VLAN capable switch. I intend to use VMWare ESXi in future (NFS/iSCSI) so currently using a VLAN trunk between the switch and the FreeNAS server to pass vlan10 for my internal LAN (10.1.2.0/24). FreeNAS has been working fine until recently using VLAN10 on physical NIC em0, until I tried configuring plugins. I followed the instructions on the FreeNAS wiki for installing the Jail software and plugins. Each time I'd start the plugin I could ping the Jail IP from the FreeNAS shell and also could ping the FreeNAS IP and default gateway from within the Jail. DNS resolution was also working. The problem was the transmission plugin icon would not appear in the plugins tree menu. The console showed the following:


Dec 21 15:08:36 freenas kernel: bridge0: Ethernet address: 02:79:15:d1:df:00
Dec 21 15:08:36 freenas kernel: epair0a: Ethernet address: 02:33:00:00:0c:0a
Dec 21 15:08:36 freenas kernel: epair0b: Ethernet address: 02:33:00:00:0d:0b
Dec 21 15:08:36 freenas kernel: epair0a: link state changed to UP
Dec 21 15:08:36 freenas kernel: epair0b: link state changed to UP
Dec 21 15:08:36 freenas kernel: epair0a: promiscuous mode enabled
Dec 21 15:08:36 freenas kernel: bridge0: error setting interface capabilities on vlan10
Dec 21 15:08:36 freenas kernel: em0: promiscuous mode enabled
Dec 21 15:08:36 freenas kernel: vlan10: promiscuous mode enabled
Dec 21 15:10:13 freenas manage.py: [freeadmin.navtree:416] Couldn't retrieve http://10.1.2.2/plugins/transmission/_s/treemenu: timed out


I then reconfigured FreeNAS to enable DHCP on em0 (physical NIC). The port on the Netgear switch was reconfigured to untagged with a PVID of 10. I rebooted FreeNAS and em0 got the correct IP (10.1.2.2.) via DHCP in the same network range as the Jail IP. I was able to ping the Jail from FreeNAS and vice-versa as before. After stop/start of the plugins under control services, the transmission icon appeared ok in the tree menu. I have also been able to successfully install minidlna which also now appears in the tree menu.

I would like to know if there are any known issues with using plugins on a VLAN interface (not default em0)?

The interesting message when using a vlan interface seems to be "error setting interface capabilities on vlan10". I can't seem to find any more information on what capabilities are trying to be set.

Any help would be much appreciated!

Cheers,
Mark.

 

[Ef57uiKnN6]

I can confirm this issue.

 

[Ef57uiKnN6]

Dirty hack that works for me:

View attachment 1750

What id does:
If the default route applies to a vlan device then the ip address from that device gets moved to the bridge device.

Not tested very well!

 

[jpaetzel]

We'll try to look at this today. I was planning on doing 8.3.1-BETA3 today but if we can't get this fixed today we'll hold off on the next beta.

 

[Ef57uiKnN6]

There was a route missing that prevents accessing menue nodes of plug-ins.

View attachment ix-jail-vlan.patch.zip

 

[jpaetzel]

That's not the issue. We are testing out a fix to the vlan interface code. Would you be willing to test it?

 

[Ef57uiKnN6]

Sure! Just let me know if I can be of any assistance.

 

[mhollis60]

Thanks guys for the responses to the VLAN issue I raised. I'd be more than happy to try out a new version too.

 

[jpaetzel]

I have a new kernel you can drop in on a running FreeNAS 8.3.1-BETA2 box that should fix the issue. Are you running the x64/amd64 version?

 

[Ef57uiKnN6]

I'm running amd64 architecture.

 

[jpaetzel]

The kernel is here:

http://download.freenas.org/8.3.1-vlan-fix/x64/kernel.gz

What you want to do is:

cp /tmp/
fetch "http://download.freenas.org/8.3.1-vlan-fix/x64/kernel.gz"
mount -uw -o noatime /
mv /boot/kernel.gz /mnt/volname/
mv /tmp/kernel.gz /boot/kernel/

reboot the system without that rc patch.

Let me know if it works.

 

[Ef57uiKnN6]

Unfortunately the system crashes when starting the Plug-Ins-Jail.

 

[jpaetzel]

Ok, sorry about that. We'll set up an environment for testing here and get it sorted out. It's just not going to be an easy fix.

 

[mhollis60]

I noticed there was an errata section in the latest 8.3.1 release notes:

"The plugin jail currently doesn't work properly if the external interface is a vlan pseudo-device."

Does this mean there is still no fix in sight?

 

[shaithis]

Also suffering this, just updated to 8.3.1 p2 and it's still there :(

I am surprised it isn't more of an issue considering the practice of vlaning iscsi traffic.....I presume it's because the bridge interface does not carry the VLAN_HWTAGGING option?

If so, can we not get an options in the GUI to choose a VLAN tag for when the interface is created?

 

[shaithis]

Just reconfigured with the new restriction of 1 subnet per interface......and it's still failling :(

Time to start looking for something that works......back to OMV me thinks.

 

[dlavigne]

If you get a chance to test this on a 9.1-BETA, let us know if this is still an issue or if the redesigned jail structure fixed it.

 

[andrboot]

Hi Guys,

Running "FreeNAS-9.1.0-RELEASE-x64 (dff7d13)"


Just setup Vlan's with freenas, and am encountering the same problems as above in regards to jails/plugins in Freenas.
When enabling the jail on the vlan interface (vlan0) the following error message appears in the logs:

Aug 6 23:41:02 nas kernel: epair0a: link state changed to UP​

Aug 6 23:41:02 nas kernel: epair0b: link state changed to UP​

Aug 6 23:41:02 nas kernel: bridge0: error setting interface capabilities on vlan0​

Aug 6 23:41:02 nas kernel: epair0a: promiscuous mode enabled​

Aug 6 23:41:04 nas manage.py: [common.pipesubr:57] Popen()ing: /usr/local/bin/warden list -v​

Aug 6 23:41:07 nas last message repeated 3 times​

Aug 6 23:41:12 nas manage.py: [freeadmin.navtree:473] Couldn't retrieve http://10.8.0.12/plugins/firefly/1/_s/treemenu: timed out​

Aug 6 23:43:54 nas manage.py: [common.pipesubr:57] Popen()ing: /usr/local/bin/warden list -v​

Not able to access/Edit the Plugin / Enable the service at all.
Nas can be pinged/access from both Vlan's without issue.

 

[Ef57uiKnN6]

After upgrading to 9.2.0 I gave vlan support for jails another try - what shall I say, it worsk! (with a little help)

The UI still lacks of a necessary feature: Select custom interface for bridging with jails epair device
Without a little help it always selects the device the default gateway corresponds to. What does not work, when one wants to have jails in a different vlan.

Fortunatelly the warden scripts are prepared for that already.
All I needed was to create a proper file including the desired vlan interface:

Code:

[root@freenas2] ~# cat /mnt/tank0/jails/.bacula-sd_1.meta/iface
vlan103
[root@freenas2] ~#

Second thing i need to assure was to move the IP address from the vlan interface to the 'IPv4 bridge address' setting of the jail.
The vlan interface may not have an IP address set! (At least not the same address)

Now I got:
vlan101 (FreeNAS UI, default gateway)
vlan103 (Jail applications)

working!

When there is a firewall between vlan101 and vlan103 one might need to add a rule from the jail's ip address to the the FreeNAS UI ip address and port.
That is necessary for updating the configuration menu from plugins.

 

[dlavigne]

Please create a feature enhancement request at bugs.freenas.org and post the issue number here.