Router - PFSense: Difference between revisions
Content deleted Content added
m PPPoE and PPPoA Tags: Mobile edit Mobile web edit |
m PPPoE Tags: Mobile edit Mobile web edit |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 44: | Line 44: | ||
== Dlink DSL-320B == |
== Dlink DSL-320B == |
||
I also tried with a Dlink DSL-320B modem and it worked fine too although it had to be setup in RFC1483 IP LLC bridge mode and the default VCI number had to be changed to 38 (there did not seem to be any |
I also tried with a Dlink DSL-320B modem and it worked fine too although it had to be setup in RFC1483 IP LLC bridge mode and the default VCI number had to be changed to 38 (there did not seem to be any PPPoE passthrough option over PPPoA). |
||
Now, even in bridge mode, it will still be an idea to change the default admin password and disable management services on the WAN side. |
Now, even in bridge mode, it will still be an idea to change the default admin password and disable management services on the WAN side. |
||
| Line 72: | Line 72: | ||
Then click on the WAN interface name (i.e. click on "WAN" if you have called it like that) and enable it. |
Then click on the WAN interface name (i.e. click on "WAN" if you have called it like that) and enable it. |
||
For the IPv4 configuration type select " |
For the IPv4 configuration type select "PPPoE". And for the [[IPv6 Configuration]] Type select "DHCP6". |
||
Ensure that "Use IPv4 connectivity as parent interface" is selected. |
Ensure that "Use IPv4 connectivity as parent interface" is selected. |
||
In the |
In the PPPoE configuration section enter your username and password (as given by A&A) and ensure that "dial on demand" is validated and that the idle timeout is set to 0. |
||
You should get a configuration screen similar to this: |
You should get a configuration screen similar to this: |
||
| Line 86: | Line 86: | ||
Finally, click on the save button. |
Finally, click on the save button. |
||
''Note: In previous versions of pfSense (2.1.0 and 2.1.1) this was a bit buggy and pfSense was getting mixed up in the |
''Note: In previous versions of pfSense (2.1.0 and 2.1.1) this was a bit buggy and pfSense was getting mixed up in the PPPoE interface assignment. So you often had to manually define the PPPoE interface by creating it in the PPP tab of the "Interfaces -> (assign)" page. But this seems to work reasonably well now.'' |
||
=== Updating the LAN settings === |
=== Updating the LAN settings === |
||
| Line 112: | Line 111: | ||
=== Enable DHCPv6 === |
=== Enable DHCPv6 === |
||
At this stage your |
At this stage your PPPoE WAN interface will have obtained an [[IPv6]] address from AAISP (something in the range of 2001:8b0:1111:1111::/64 but it is not visible unless you connect to the router via ssh and do an "ifconfig"). |
||
Your LAN network will in turn use the [[IPv6]] range you have been assigned by AAISP (remember, in [[IPv6]] there is no NAT and the like, all your devices are directly routable and this is why the [[IPv6]] range you have been given applies inside the LAN, and not outside. This is also why your |
Your LAN network will in turn use the [[IPv6]] range you have been assigned by AAISP (remember, in [[IPv6]] there is no NAT and the like, all your devices are directly routable and this is why the [[IPv6]] range you have been given applies inside the LAN, and not outside. This is also why your PPPoE interface get its address from a completely different range. It is just a "hop" to your network). |
||
Now we had to use a bit of that range for the LAN address of the router itself (the 2001:8b0:XXXX:YYYY::1 address set previously). So whilst we are at it, let's reserve some of the address for static use (i.e. not DHCP6). The easiest is to say that all addresses in the 2001:8b0:XXXX:YYYY:0000:://80 range are statically assigned. This means the static range has 2^48 addresses available, which could seem a bit excessive, but who cares, with [[IPv6]] we have more addresses than atoms in the universe :-) |
Now we had to use a bit of that range for the LAN address of the router itself (the 2001:8b0:XXXX:YYYY::1 address set previously). So whilst we are at it, let's reserve some of the address for static use (i.e. not DHCP6). The easiest is to say that all addresses in the 2001:8b0:XXXX:YYYY:0000:://80 range are statically assigned. This means the static range has 2^48 addresses available, which could seem a bit excessive, but who cares, with [[IPv6]] we have more addresses than atoms in the universe :-) |
||
| Line 141: | Line 140: | ||
''Note: On some old hardware/OS it is not impossible you could have to unplug/plug the network cable for the machine to pick up the change.'' |
''Note: On some old hardware/OS it is not impossible you could have to unplug/plug the network cable for the machine to pick up the change.'' |
||
=== Check the firewall rules for outgoing from LAN === |
=== Check the firewall rules for outgoing from LAN === |
||
| Line 153: | Line 151: | ||
=== Fix the |
=== Fix the PPPoE DNS problem === |
||
The problem is that the |
The problem is that the PPPoE stuff is still a bit flaky in 2.1.2, and although the PPPoE negotiation itself is fine, it seems pfSense will often lose the ISP DNS settings (this seems to be a timing related issue of some kind, so sometimes it works and sometimes it does not. You can even get into situations where the DNS setting is there and then it suddenly disappear!). |
||
Arghhhh!!!!! |
Arghhhh!!!!! |
||
| Line 162: | Line 160: | ||
[[File:System - General setup.png|800px]] |
[[File:System - General setup.png|800px]] |
||
=== Testing internet access === |
=== Testing internet access === |
||
| Line 173: | Line 170: | ||
Although you can now go on the internet fine, If you look at the RRD graphs or consult the gateway status page you will notice the status is either marked as offline or unknown. |
Although you can now go on the internet fine, If you look at the RRD graphs or consult the gateway status page you will notice the status is either marked as offline or unknown. |
||
This is a case because the script currently configuring apinger (the process that monitors the gateways) is buggy and currently does not cope very well with |
This is a case because the script currently configuring apinger (the process that monitors the gateways) is buggy and currently does not cope very well with PPPoE (when it used to be perfectly fine in pfSense 2.0.x). |
||
Another problem is that for [[IPv6]] the AAISP gateway will currently not reply to pings on its local link address (and it is the one used for routing the traffic, so it is reachable!). So you have to manually set the monitor address to be 2001:8b0:0:81::51bb:51bb (which is the [[IPv6]] address of clueless.aa.net.uk). But even that won't initially work because even if you set the routable address, apinger is told to use the local link address as the source, meaning you will never get the response... |
Another problem is that for [[IPv6]] the AAISP gateway will currently not reply to pings on its local link address (and it is the one used for routing the traffic, so it is reachable!). So you have to manually set the monitor address to be 2001:8b0:0:81::51bb:51bb (which is the [[IPv6]] address of clueless.aa.net.uk). But even that won't initially work because even if you set the routable address, apinger is told to use the local link address as the source, meaning you will never get the response... |
||