Router - PFSense: Difference between revisions

← Older edit

Router - PFSense (view source)

Revision as of 07:13, 23 December 2024

4 bytes added , 23 December 2024

m

PPPoE

Adsb

editor

504

edits

Revision as of 07:09, 23 December 2024 (view source) Adsb (talk \| contribs) m (PPPoE) Tags: Mobile edit Mobile web edit ← Older edit		Latest revision as of 07:13, 23 December 2024 (view source) Adsb (talk \| contribs) m (PPPoE) Tags: Mobile edit Mobile web edit
(2 intermediate revisions by the same user not shown)
=== Enable DHCPv6 === At this stage your ~~PPoE~~PPPoE WAN interface will have obtained an [[IPv6]] address from AAISP (something in the range of 2001:8b0:1111:1111::/64 but it is not visible unless you connect to the router via ssh and do an "ifconfig"). Your LAN network will in turn use the [[IPv6]] range you have been assigned by AAISP (remember, in [[IPv6]] there is no NAT and the like, all your devices are directly routable and this is why the [[IPv6]] range you have been given applies inside the LAN, and not outside. This is also why your ~~PPoE~~PPPoE interface get its address from a completely different range. It is just a "hop" to your network). Now we had to use a bit of that range for the LAN address of the router itself (the 2001:8b0:XXXX:YYYY::1 address set previously). So whilst we are at it, let's reserve some of the address for static use (i.e. not DHCP6). The easiest is to say that all addresses in the 2001:8b0:XXXX:YYYY:0000:://80 range are statically assigned. This means the static range has 2^48 addresses available, which could seem a bit excessive, but who cares, with [[IPv6]] we have more addresses than atoms in the universe :-) ''Note: On some old hardware/OS it is not impossible you could have to unplug/plug the network cable for the machine to pick up the change.'' === Check the firewall rules for outgoing from LAN === === Fix the ~~PPoE~~PPPoE DNS problem === The problem is that the ~~PPoE~~PPPoE stuff is still a bit flaky in 2.1.2, and although the ~~PPoE~~PPPoE negotiation itself is fine, it seems pfSense will often lose the ISP DNS settings (this seems to be a timing related issue of some kind, so sometimes it works and sometimes it does not. You can even get into situations where the DNS setting is there and then it suddenly disappear!). Arghhhh!!!!! [[File:System - General setup.png\|800px]] === Testing internet access === Although you can now go on the internet fine, If you look at the RRD graphs or consult the gateway status page you will notice the status is either marked as offline or unknown. This is a case because the script currently configuring apinger (the process that monitors the gateways) is buggy and currently does not cope very well with ~~PPoE~~PPPoE (when it used to be perfectly fine in pfSense 2.0.x). Another problem is that for [[IPv6]] the AAISP gateway will currently not reply to pings on its local link address (and it is the one used for routing the traffic, so it is reachable!). So you have to manually set the monitor address to be 2001:8b0:0:81::51bb:51bb (which is the [[IPv6]] address of clueless.aa.net.uk). But even that won't initially work because even if you set the routable address, apinger is told to use the local link address as the source, meaning you will never get the response...