Hi
I am new to Opnsense, trying to connect to a Ultrafast Fibre Broadband connection by the local telco called Spark (formally Telecom).
The settings to make the connection are found here: https://www.spark.co.nz/help/internet/set-up/non-spark-modem/ (https://www.spark.co.nz/help/internet/set-up/non-spark-modem/). The list of New Zealand telcos pre-configured within Opnsense includes Telecom, which hasn't existed for over 10 years.
It has been years since I have had to configure any router to connect with a telco. I am having difficulty setting up the home WAN connection. I have scanned through the settings and options available on the Opnsense GUI and set what I can.
Please advise how I configure Opnsense to connect to a Spark UFB.
How do I request the setup Wizard be updated for Spark?
Any assistance would be appreciated.
I've been using Spark with Opnsense for quite a few years now.
Spark uses PPPOE over VLAN 10. Setting up a VLAN over the the WAN connection is very important. Interfaces -- Other Types -- VLAN. Then set up PPPOE (under point-to-point) over the VLAN.
Username and password are not used, but Spark recommends you put 'some' value in there to keep software happy. MTU they recommend 1500, which seems to be fine for me. The other parameters on the Spark web page aren't important.
I'm running steadily at 300 Mbps, which is my assigned line speed.
Hi
OK I will give the PPPOE setup a try when I can take down the connection (working from home).
Hi
Not working yet.
I only have the option of changing a few settings. These are:
PPP protocol : PPPoE
PPP username : user@spark.co.nz
PPP password : password
VLAN : 10
MTU : 1500
Apart from not being able to get onto the Internet, it all seems to be working perfectly 😉! I can't ping 8.8.8.8.
If I trying pinging from the opnsense CLI, I get a message $>ping sento: Host is down.
pinging from the laptop running the GUI gets a nil response. I am not seeing any obvious error messages.
Maybe I need to adjust the firewall rules??
All of the above settings are accessible on the opnsense GUI. I think they should be enough to get connected. I am probably missing something small but really important.
FYI I would rate my own skill level as intermediate, meaning I am comfortable on the CLI, writing scripts, delving into config and log files. I am definitely not a Linux guru.
Firstly, I wouldn't be playing with the firewall rules. The defaults should work fine.
In Lobby:Dashboard, look under Gateway. Is there an IP address and a green light for WAN_PPPOE?
Just below Gateway is Interfaces. Is WAN up (green arrow) and does it have an IP address?
Have a look at the log file under Interfaces --> Point-to-Point --> Log file. Put the top right drop down box to 'debug'.
Does Interfaces --> Diagnostics --> Netstat --> Interfaces show PPPOE?
Finally, is PPPOE down and needs to be started the first time? I think this done when you save the settings. I can't remember.
HI Dazz, I would have replied in GZ but that is now too PC.
I Agree with @pouaki, leave the default rules and it should just work fine,
you need to make sure that you are resolving a IP from the Spark Radius server, and also need to make sure you have tagged the interface with the VLAN (I still dont knwo why here in NZ they are using a VLAN on the WAN)
Also who is your LFC? is it UFF or Chorus?
On the Wan interface i would leave the MTU blank as Opnsense Should Calculate this for you.
Have you assigned the PPPoE to the interface with the VLAN? then selected the correct interface with all 3 items in the assignments tab?
We run alot of Opnsense and have alot out in the Wild, and highly rate it!! ita an awesome Appliance!
If you are in the tron i could help out if needed, Feel Free to DM Me
Quote from: pouakai on April 14, 2022, 10:49:05 AM
Firstly, I wouldn't be playing with the firewall rules. The defaults should work fine.
I haven't touched any firewall rules. They look OK to me for now.
Quote from: pouakai on April 14, 2022, 10:49:05 AM
In Lobby:Dashboard, look under Gateway. Is there an IP address and a green light for WAN_PPPOE?
No (see screen shots)
Quote from: pouakai on April 14, 2022, 10:49:05 AM
Just below Gateway is Interfaces. Is WAN up (green arrow) and does it have an IP address?
Yes & No
Quote from: pouakai on April 14, 2022, 10:49:05 AM
Have a look at the log file under Interfaces --> Point-to-Point --> Log file. Put the top right drop down box to 'debug'.
Does Interfaces --> Diagnostics --> Netstat --> Interfaces show PPPOE?
There are 2x ppoe interfaces. The one I have configured for Spark, and another that is automatically generated with default settings. It is like the software isn't finding the config it needs to associate the Spark pppoe with the port.
Quote from: pouakai on April 14, 2022, 10:49:05 AM
Finally, is PPPOE down and needs to be started the first time? I think this done when you save the settings. I can't remember.
pppoe has been restarted multiple times.
I am not seeing any error messages indicating a fault. I think I have incorrectly configured something, but it is not clear to me what that something is.
It appears to me that igb0 is being identified as a new (undefined) interface that needs to be associated with vlan10 or pppoe1(igb0)-spark.
I did start by associating the interfaces i.a.w the instructions, including the WAN.
My firewall is a fanless 4x LAN PC. igb0 is the assigned WAN port and doesn't work. igb1 is the Red LAN port, and that works OK.
Quote from: Fuk_Baey on April 14, 2022, 11:24:51 PM
HI Dazz, I would have replied in GZ but that is now too PC.
I Agree with @pouaki, leave the default rules and it should just work fine,
you need to make sure that you are resolving a IP from the Spark Radius server, and also need to make sure you have tagged the interface with the VLAN (I still dont knwo why here in NZ they are using a VLAN on the WAN)
Also who is your LFC? is it UFF or Chorus?
I am not getting an IP from Spark.
Chorus
Quote from: Fuk_Baey on April 14, 2022, 11:24:51 PM
On the Wan interface i would leave the MTU blank as Opnsense Should Calculate this for you.
Done
Quote from: Fuk_Baey on April 14, 2022, 11:24:51 PM
Have you assigned the PPPoE to the interface with the VLAN? then selected the correct interface with all 3 items in the assignments tab?
I thought I had (followed the instructions) but I think this part of the config is broken.
Quote from: Fuk_Baey on April 14, 2022, 11:24:51 PM
We run alot of Opnsense and have alot out in the Wild, and highly rate it!! ita an awesome Appliance!
If you are in the tron i could help out if needed, Feel Free to DM Me
tron ??
Thanks for the help.
Hi Dazz,
I'm away in the Central North Island (Tongariro) now for the break, so I can't see my own setup for comparison. And I'm not from the Tron (aka Hamilton) ;)
I can see you've got two PPPOE when you should have one only. Neither of them are on the VLAN 10, which you seem to have (good). Looks like WAN is there too.
I would delete both PPPOE and create a new one on 'VLAN 10 on igb0'. I think after that you should be good, but let us know how it's going (or not).
Quote from: pouakai on April 16, 2022, 09:44:26 AM
Hi Dazz,
I'm away in the Central North Island (Tongariro) now for the break, so I can't see my own setup for comparison. And I'm not from the Tron (aka Hamilton) ;)
I can see you've got two PPPOE when you should have one only. Neither of them are on the VLAN 10, which you seem to have (good). Looks like WAN is there too.
I would delete both PPPOE and create a new one on 'VLAN 10 on igb0'. I think after that you should be good, but let us know how it's going (or not).
Hi
OK so I only created one PPPOE (the Spark one). The other one gets created for me. I have already tried what you said. The unwanted PPPOE keeps coming back, so I think there is something wrong with my config that makes opnsense think the Spark PPPOE is invalid but I am not getting any error messages to tell me why a PPPOE is being created. I probably need to be able to turn on a debug mode.
Hi
I have had another go at setting up a connection with Spark UFB.
I have used this blog as a template: https://homenetworkguy.com/how-to/configure-vlans-opnsense/ (https://homenetworkguy.com/how-to/configure-vlans-opnsense/)
It basically defined the process I had already followed, with the same results. I am not getting a DHCP IP lease from Spark.
Part of the problem may be the setup of the interface ip. I need a static address assigned from my network side. The Spark side will allocate a ip lease. I see ambiguity related to DHCP. Does that option consume or produce leases? I don't see the option of receiving a IP from a DHCP server (Spark).
This has been much more difficult than it should be. Something is wrong with my configuration, but I am not seeing info that might help me to find the problem. I have a working knowledge of network configuration. I know about vlans and dhcp servers etc.
Any help would be appreciated.
Is this any help? https://www.geekzone.co.nz/forums.asp?forumid=39&topicid=193692
Hi
Thanks for taking the time to post. Unfortunately it hasn't helped.
I should be able to look in the log files to see why the connection is failing to connect. When I look, the contents are corrupted and unreadable. I haven't investigated to find out why.
I am probably doing some small detail incorrectly. I am not seeing anything to help me find the problem.
I don't see anything that allows the log levels to be turned up to provide debug info.
Spark doesn't use DHCP. Spark uses PPPOE. When you get a successful PPPOE connection, an IP address will be assigned as part of the PPPOE negotiation.
For debugging PPPOE logs have a look at my earlier post.
I can see from your screenshots provided that you didn't have PPPOE on VLAN 10 then. Also the two PPPOE interfaces is very odd. Time to do a system reset and start over?
Hi
I am now getting a connection to Spark UFB. I can see the IP and gateway on the dashboard.
I have only configured two interfaces. Spark and a LAN.
The problem I now have is that I can't ping the Internet. (8.8.8.8). My previous firewall software allowed me to specify a static gateway ip that was routed out to the WAN. I had 4 ports. WAN, Red, Orange, Blue. Each port was on a separate subnet and each had a gateway ip.
Right now, I can't ping from the firewall PC CLI out to the internet (keyboard and display interface) or through the LAN interface. I can ping the Spark DNS server ip. I can't ping the internet (8.8.8.8) The pppoe setup allows me to enter local gateway ip but these are forgotten even after saving.
Shouldn't that be 8.8.8.8 and not 8.8.8? However if you can ping Spark's nameserver by IP address, I'd say you've got internet connectivity. The gateway and route are set during PPPOE negotiation.
You can play with routing tables, use extra interface and create separate subnets on the device, but I've not had reason to do this.
Quote from: pouakai on April 20, 2022, 09:24:13 AM
Shouldn't that be 8.8.8.8 and not 8.8.8?
Yes 8.8.8.8 typo.
Quote from: pouakai on April 20, 2022, 09:24:13 AM
However if you can ping Spark's nameserver by IP address, I'd say you've got internet connectivity. The gateway and route are set during PPPOE negotiation.
Yes got that but I think I should be able to setup a local static ip in my network for the the gateway.
Although I can ping the Spark DNS, I still cannot ping Google dns 8.8.8.8 on the internet over my LAN, or from the keyboard connected to the firewall. That rules out a problem with the LAN setup. So the remaining problem seems to be that I can't setup a local IP gateway address (eg. 192.168.0.1) on the pppoe.
Quote from: pouakai on April 20, 2022, 09:24:13 AM
You can play with routing tables, use extra interface and create separate subnets on the device, but I've not had reason to do this.
I have the most basic setup at present. WAN and 1x LAN. By using a keyboard and display connected to the firewall pc, the LAN is out of play.
I know what I want to do, I just haven't found where to do it.
I haven't explored routing tables, but I am thinking for the current basic setup, the default should work.
Hi
My problem is very close to this topic https://forum.opnsense.org/index.php?topic=9653.15 (https://forum.opnsense.org/index.php?topic=9653.15) but also slightly different.
I am also an engineer with over 40 years computer experience. I am also running a opnsense dedicated 4xLAN fanless PC. I am also trying to get a very basic setup talking to the Internet. I can also ping the ISP dns server, but not 8.8.8.8. I cannot get out onto the Internet. Very frustrating.
Hi
I think I have exactly the same bug described here: https://github.com/opnsense/core/issues/2186 (https://github.com/opnsense/core/issues/2186)
I need to do some checking to see if the routing is off, but the description matches my symptoms.
Quote from: dazz on April 21, 2022, 12:45:27 PM
Hi
I think I have exactly the same bug described here: https://github.com/opnsense/core/issues/2186 (https://github.com/opnsense/core/issues/2186)
I need to do some checking to see if the routing is off, but the description matches my symptoms.
OK I have confirmed that I have the exact bug. When I force a ping as described in the link above, I get a ping from 8.8.8.8. A ping from the CLI returns nothing.
For me, this raises the following issues:
1. The bug was reported 5 years and over 4 versions ago and is still not fixed, but the issue is closed after timing out, unresolved.
2. The Telecom NZ changed to Spark over 10 years ago, and it still appears in the opnsense wizard.
3. The opnsense documentation that I have referred to has been sparse.
4. A comment in the github indicate higher priority was placed on scheduled releases than QA. That is scary and has shaken my confidence in opnsense.
As a security product, it seems that security should be THE priority. A key enabler of security is QA to minimize the risk of bugs and security holes.
It appears this bug applies to pppoe connections in-general, not just to my isp. I don't think it is unreasonable to expect a fix. I have not tried to reconfigure the routing yet. I can provide logs and the results of commands to help find a solution.
From a skim of the GH issue it seems the problem is only with the setup through the wizard, but manual setup of PPPoE is OK? Have you tried manual setup? I guess it hasn't been worth anybody's while, including Telecom NZ/Spark users, to update the wizard.
Quote from: Greelan on April 21, 2022, 11:39:32 PM
From a skim of the GH issue it seems the problem is only with the setup through the wizard, but manual setup of PPPoE is OK?
I couldn't use the wizard for telecom, even if I wanted to, because the settings are different. My entire setup is manual.
I have the additional symptom that I can't ping from the CLI running on the firewall. No LAN in the middle of that. That could still be a routing issue, but it eliminates the LAN as part of the problem.
Quote from: Greelan on April 21, 2022, 11:39:32 PM
Have you tried manual setup?
As above, manual setup is my only option.
Quote from: Greelan on April 21, 2022, 11:39:32 PM
I guess it hasn't been worth anybody's while, including Telecom NZ/Spark users, to update the wizard.
Although I can code in a number of languages, they don't include PHP or Python. If no one can or will fix this problem, noting that it affects more than just Telecom NZ/Spark users, then at least there should be a note in the documentation. I have spent well over a week to end up at a known bug.
Hi
I regret to advise that I have abandoned attempts to get opnsense running. It just isn't working out for me. I have spent too many hours not making progress.