OPNsense Forum

English Forums => General Discussion => Topic started by: jgriffith-ecs on October 26, 2020, 05:01:48 pm

Title: PPPoE Questions
Post by: jgriffith-ecs on October 26, 2020, 05:01:48 pm

Hi all,

I am troubleshooting some issues I have always had with PPPoE via OPNsense and I have some questions about the logic in the code. Wonder if anyone else experiences this also and agrees with what I'm seeing.

1. The code that generates the mpd_{iface}.conf file always forces IPv6 / ipv6cp regardless of settings in OPNsense. My ISP's RADIUS server or DSLAM or whatever is doing the DSL authentication for my PPPoE connection rejects ipv6cp. So I have to manually edit the code to take this out. I have a patch for this against the current version which only includes the ipv6cp config line if the interface IPv6 address is set to something

2. The negotiation with my ISP for my static IP address via PPPoE is weird. It looks like the device at the ISP end allows me to request an IP address, so mpd requests an IP, the authentication server then rejects it and supplies my correct static IP and gateway. There doesn't seem to be a method in OPNsense for me to provide my static IP and gateway IPs and skip this request/reject step - it looks like the code only stores local IP and gw IP if you are using L2TP or PPTP but not PPPoE. It seems to me like I have a use case for this here (even if it is only to stop my log files filling with errors).

3. For some reason the code that generates the config file does this:

  set link disable chap pap
  set link accept chap pap eap

and I cannot see the logic of that in the slightest. Surely you don't need the first line?

4. The resulting file contains a password in plaintext but is world readable. That probably isn't right.

The overall issue I have is that I seem to have to reconnect about 15 times before I get a connection that works. I think this is an issue between the ISP auth server or some routing setup they have for their static IPs and my reconnectiong, like they are not removing a static route when I disconnect and it remains in place at their end until a timeout is reached. But eliminating these PPPoE errors might make the issues clearer for me.

What do the community think?

Title: Re: PPPoE Questions
Post by: jgriffith-ecs on October 27, 2020, 10:43:47 am

More research done on the subject. I can answer my own point 3. Disable is for inbound requests, if we were the PPPoE server. Accept is what types of requests will be accepted when we are authenticating with a peer. So on the face of it the 2 lines do 2 different things and you need both. But in the config file we also implicitly disable inbound requests.