Router - PFSense (beta 2.1)

From AAISP Support Site
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This is a WIP

pfSense with IPv4 and IPv6

I recently persuaded pfSense running on an ALIX based system with a Draytek Vigor 140 ADSL modem to connect up with IPv4 and IPv6 to AAISP. Here are some notes on how. Note that there are some minor faults with it but for the use case presented here it works fine and is due for release fairly soon. They have a Redmine bug tracker that you can follow and the forums are excellent for support. The developers are on the ball. There is a patch in there that a PFSense developer put in for me when my IPv6 default route wouldn't work, done the same day I posted - on my system.

Hardware

The example ALIX system I have is a bit pricey but it comes with pfSense already installed and three 100Mb interfaces. You can get just the board and do it yourself quite easily for a lot less. Make sure you have some way to access the RS232 based console in some way in case it all goes wrong if you use this box.

A very good alternative is an old PC. Either put several network cards in it or get a switch such as a Netgear 108 and learn about 802.1Q VLANs to make one NIC into several.

You need at least two interfaces, one of LAN and one for WAN

Software

At the time of writing (20 May 2012) you need a development snapshot from the 2.1 series. Make sure it is post the date of this write up.

Addressing

For IPv6, AAISP supply you with a /48 prefix from which you can create multiple /64 subnets for your use. There are over 65,000 /64 subnets in a /48 each with more addresses than you can eat! Click on the green "add /64" button on your control page to create them.

For IPv4, note down the single /32 address and additional subnet range that you should have been assigned. The single address is the router's external address and the subnet is your LAN.

Configuration

Vigor

Plug the Vigor into a PC and point a browser at it. Check the output of "netstat -r"/"ipconfig /all"/"ip r" to find out its address (probably 192.168.2.1/24). There is no username and password by default. Now give it a new address and admin password. Make sure that it gets SHOWTIME for ADSL. It wont be able to login yet but at least you can verify the ADSL bit.

pfSense

IPv4

First off, get IPv4 sorted out. Follow one of the many guides out there. It can be tricky to work out which interface is which, so plug one in, configure it at the initial console based interface setup stage, give it an IP address from your LAN range and set the mask. Then try and ping it after putting another address from the range temporarily on a PC or whatever. If it doesn't work then move the LAN cable into another NIC and see if that works. Once LAN is sorted, fire up a browser and point it at the LAN address and carry on the configuration from there.

Set a static IPv4 address on WAN that is in the same range as the Vigor. Create an outbound NAT rule from the LAN subnet to the WAN subnet. The Vigor has no routing table as such but pf can NAT you to it.

Create a PPPoE connection in Interfaces -> (assign) -> PPPs. Set your username and password.

Go to Interfaces -> (assign), add a new interface and assign the PPP to it. Call it something like AAISP.

If you prefer, you could rename your WAN to WANBASE and the PPPoE interface to WAN to avoid confusion when reading docs. However, if you use multiple ISPs then I suggest nameing the base interface to ISPBASE or ISPNIC and the PPPoE to ISP. It makes life a lot easier when you are managing it (my work one has six WANs on it!)

At this point you should be able to browse the internet and connect to the Vigor. The PPPoE interface should have the /32 address assigned to you by AAISP - check it in Status -> Interfaces.

IPv6

Notes

Do not be tempted by the Widescreen package until it has been ported - it removes the web GUI IPv6 related stuff.