Hello,
I'm running out of idea and don't know where to find hints.
I was running 25.1.12 and launched an upgrade to 25.7.
After the reboot there was no connection.
Infortunately i forgot to take a snapshot.
So i reinstalled 25.1 from usb and uploaded a config file. I don't which exact version was that config file (was from july 18th).
My provider is tango (luxembourg) and i have only ipv4 through pppoe on vlan 35.
Here is system log general filtered on ppp
2025-08-01T20:32:47 Warning opnsense /usr/local/etc/rc.routing_configure: The required WAN_PPPOE IPv4 interface address could not be found, skipping.
2025-08-01T20:32:47 Warning opnsense /usr/local/etc/rc.routing_configure: Skipping gateway WAN_PPPOE due to empty 'gateway' property.
2025-08-01T20:32:47 Warning opnsense /usr/local/etc/rc.routing_configure: Skipping gateway WAN_PPPOE due to empty 'monitor' property.
2025-08-01T20:32:47 Warning opnsense /usr/local/etc/rc.routing_configure: ROUTING: refusing to set interface route on addressless wan(pppoe0)
2025-08-01T20:32:00 Warning opnsense /usr/local/sbin/pluginctl: The required WAN_PPPOE IPv4 interface address could not be found, skipping.
2025-08-01T20:32:00 Warning opnsense /usr/local/sbin/pluginctl: Skipping gateway WAN_PPPOE due to empty 'gateway' property.
2025-08-01T20:32:00 Warning opnsense /usr/local/sbin/pluginctl: Skipping gateway WAN_PPPOE due to empty 'monitor' property.
2025-08-01T20:31:48 Warning opnsense /usr/local/sbin/pluginctl: The required WAN_PPPOE IPv4 interface address could not be found, skipping.
2025-08-01T20:31:48 Warning opnsense /usr/local/sbin/pluginctl: Skipping gateway WAN_PPPOE due to empty 'gateway' property.
2025-08-01T20:31:48 Warning opnsense /usr/local/sbin/pluginctl: Skipping gateway WAN_PPPOE due to empty 'monitor' property.
2025-08-01T20:31:43 Warning opnsense /usr/local/sbin/pluginctl: The required WAN_PPPOE IPv4 interface address could not be found, skipping.
2025-08-01T20:31:43 Warning opnsense /usr/local/sbin/pluginctl: Skipping gateway WAN_PPPOE due to empty 'gateway' property.
2025-08-01T20:31:43 Warning opnsense /usr/local/sbin/pluginctl: Skipping gateway WAN_PPPOE due to empty 'monitor' property.
2025-08-01T19:58:20 Notice kernel <118> WAN (pppoe0) ->
2025-08-01T19:58:16 Warning opnsense /usr/local/etc/rc.bootup: The required WAN_PPPOE IPv4 interface address could not be found, skipping.
2025-08-01T19:58:16 Warning opnsense /usr/local/etc/rc.bootup: Skipping gateway WAN_PPPOE due to empty 'gateway' property.
2025-08-01T19:58:16 Warning opnsense /usr/local/etc/rc.bootup: Skipping gateway WAN_PPPOE due to empty 'monitor' property.
2025-08-01T19:58:13 Warning opnsense /usr/local/etc/rc.bootup: ROUTING: refusing to set interface route on addressless wan(pppoe0)
2025-08-01T19:58:13 Warning opnsense /usr/local/etc/rc.bootup: interface_ppps_configure() waiting threshold exceeded - device pppoe0 is still not up
2025-08-01T19:57:52 Notice kernel <6>ng0: changing name to 'pppoe0'
2025-08-01T19:45:50 Notice kernel <118> WAN (pppoe0) ->
2025-08-01T17:45:45 Warning opnsense /usr/local/etc/rc.bootup: The required WAN_PPPOE IPv4 interface address could not be found, skipping.
2025-08-01T17:45:45 Warning opnsense /usr/local/etc/rc.bootup: Skipping gateway WAN_PPPOE due to empty 'gateway' property.
2025-08-01T17:45:45 Warning opnsense /usr/local/etc/rc.bootup: Skipping gateway WAN_PPPOE due to empty 'monitor' property.
2025-08-01T17:45:43 Warning opnsense /usr/local/etc/rc.bootup: ROUTING: refusing to set interface route on addressless wan(pppoe0)
2025-08-01T17:45:42 Warning opnsense /usr/local/etc/rc.bootup: interface_ppps_configure() waiting threshold exceeded - device pppoe0 is still not up
2025-08-01T19:45:22 Notice kernel <6>ng0: changing name to 'pppoe0'
␀␀␀
Your PPPoE isn't coming up:
> interface_ppps_configure() waiting threshold exceeded - device pppoe0 is still not up
Which likely points to it not being able to negotiate. What network card are you using?
Are there any "ppp" logs available too?
Cheers,
Franco
I don't see the ppp "lines" in the logs.
the network card is a i226v (opnsense device is a chinese one with 6 i226v and a intel N100)
Was working fine until the reboot after the 25.7 upgrade.
i use igc0 for wan.
When i reinstalled 25.1 it was also working as by default it provided lan interface on igc0.
But i will look at other settings.
edit: add the mpd_wan.conf
default:
pppoeclient:
create bundle static wan
set bundle enable ipcp
set bundle disable ipv6cp
set iface name pppoe0
set iface disable on-demand
set iface idle 0
set iface enable tcpmssfix
set iface up-script /usr/local/opnsense/scripts/interfaces/ppp-linkup.sh
set iface down-script /usr/local/opnsense/scripts/interfaces/ppp-linkdown.sh
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
create link static wan_link0 pppoe
set link action bundle wan
set link disable multilink
set link keep-alive 10 60
set link max-redial 0
set link disable chap pap
set link accept chap pap eap
set link disable incoming
set link mtu 1492
set auth authname "XXXXXXXXXX"
set auth password XXXXXXX
set pppoe service ""
set pppoe iface vlan01
open
i took a capture on vlan01 interface.
I can see a chap authentication failure right after sending username.
vlan01 2025-08-02
10:03:11.319567 a8:b8:e0:06:31:fb ff:ff:ff:ff:ff:ff PPPoE D, length 36: PPPoE PADI [Host-Uniq 0x001A410302F8FFFF] [Service-Name]
vlan01 2025-08-02
10:03:12.297162 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE D, length 56: PPPoE PADO [Service-Name] [AC-Name "BNGLUBETSR2S-0"] [Host-Uniq 0x001A410302F8FFFF]
vlan01 2025-08-02
10:03:12.297174 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE D, length 54: PPPoE PADR [Host-Uniq 0x001A410302F8FFFF] [AC-Name "BNGLUBETSR2S-0"] [Service-Name]
vlan01 2025-08-02
10:03:12.299841 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE D, length 56: PPPoE PADS [ses 0x1] [Service-Name] [Host-Uniq 0x001A410302F8FFFF]
vlan01 2025-08-02
10:03:12.299932 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE S, length 38: PPPoE [ses 0x1] LCP (0xc021), length 18: LCP, Conf-Request (0x01), id 102, length 18
vlan01 2025-08-02
10:03:12.300298 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE S, length 56: PPPoE [ses 0x1] LCP (0xc021), length 21: LCP, Conf-Request (0x01), id 22, length 21
vlan01 2025-08-02
10:03:12.300431 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE S, length 41: PPPoE [ses 0x1] LCP (0xc021), length 21: LCP, Conf-Ack (0x02), id 22, length 21
vlan01 2025-08-02
10:03:12.302018 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE S, length 56: PPPoE [ses 0x1] LCP (0xc021), length 8: LCP, Conf-Reject (0x04), id 102, length 8
vlan01 2025-08-02
10:03:12.302075 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE S, length 36: PPPoE [ses 0x1] LCP (0xc021), length 16: LCP, Conf-Request (0x01), id 103, length 16
vlan01 2025-08-02
10:03:12.303365 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE S, length 56: PPPoE [ses 0x1] LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 103, length 16
vlan01 2025-08-02
10:03:12.303369 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE S, length 87: PPPoE [ses 0x1] CHAP (0xc223), length 67: CHAP, Challenge (0x01), id 1, Value redacted, Name BNGLUBETSR2S-0
vlan01 2025-08-02
10:03:12.303467 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE S, length 61: PPPoE [ses 0x1] CHAP (0xc223), length 41: CHAP, Response (0x02), id 1, Value redacted, Name redacted
vlan01 2025-08-02
10:03:12.317899 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE S, length 56: PPPoE [ses 0x1] CHAP (0xc223), length 33: CHAP, Fail (0x04), id 1, Msg CHAP authentication failure
vlan01 2025-08-02
10:03:12.317906 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE S, length 56: PPPoE [ses 0x1] LCP (0xc021), length 6: LCP, Term-Request (0x05), id 23, length 6
vlan01 2025-08-02
10:03:12.317991 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE S, length 26: PPPoE [ses 0x1] LCP (0xc021), length 6: LCP, Term-Request (0x05), id 104, length 6
vlan01 2025-08-02
10:03:12.318021 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE S, length 26: PPPoE [ses 0x1] LCP (0xc021), length 6: LCP, Term-Ack (0x06), id 105, length 6
vlan01 2025-08-02
10:03:12.319089 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE D, length 56: PPPoE PADT [ses 0x1]
vlan01 2025-08-02
10:03:12.319093 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE S, length 56: PPPoE [ses 0x1] LCP (0xc021), length 6: LCP, Term-Ack (0x06), id 104, length 6
vlan01 2025-08-02
10:03:12.319102 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE D, length 38: PPPoE PADT [ses 0x1] [Generic-Error "session closed"]
vlan01 2025-08-02
10:03:13.319596 a8:b8:e0:06:31:fb ff:ff:ff:ff:ff:ff PPPoE D, length 36: PPPoE PADI [Host-Uniq 0x80A40A0302F8FFFF] [Service-Name]
vlan01 2025-08-02
10:03:14.297134 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE D, length 56: PPPoE PADO [Service-Name] [AC-Name "BNGLUBETSR2S-0"] [Host-Uniq 0x80A40A0302F8FFFF]
vlan01 2025-08-02
10:03:14.297146 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE D, length 54: PPPoE PADR [Host-Uniq 0x80A40A0302F8FFFF] [AC-Name "BNGLUBETSR2S-0"] [Service-Name]
vlan01 2025-08-02
10:03:14.299942 5c:83:82:8c:95:84 a8:b8:e0:06:31:fb PPPoE D, length 56: PPPoE PADS [ses 0x1] [Service-Name] [Host-Uniq 0x80A40A0302F8FFFF]
vlan01 2025-08-02
10:03:14.300025 a8:b8:e0:06:31:fb 5c:83:82:8c:95:84 PPPoE S, length 38: PPPoE [ses 0x1] LCP (0xc021), length 18: LCP, Conf-Request (0x01), id 106, length 18
is it possible that the provider made a change and it revealed at the reboot ?
I took several captures. Each time connection failed at chap challenge.
I read about chap protocol and tried to compute myself the chap response to the challenge but it doesn't match the response sent by my router.
The response sent seems to be an md5 hash but the value is not what i would expect using my ppp password.
From what i figured out:
The ont send a challenge with :
01: indicate it's a challenge
01: id of the challenge
XXXX: a random value
name: the name of the ont
I extracted these values with wireshark
the response has to be:
O2: indicating challenge response
01: id of the challenge
the md5 hash of:
-name
-my_ppp_password
-the random value
followed by a field containing my ppp username.
The hash sent by my router doesn't match that. Either the password used is not what i entered or the name of the ont is not correctly used.
I'm stuck.
No matter what i try i always have a chap authentication failure.
Is there a way to troubleshoot that?
By the way if you are in luxembourg i strongly advise you to avoid tango provider. The support only tells you to reboot and asks about the fritzbox led even if you don't have a fritzbox.
I've finally been able to check with the support.
My router is not blacklisted and connections parameters have not changed.
That leave me with my router unable to establish a pppoe connection.
This started after the last reboot after 25.7 upgrade.
I tried to reinstall 25.1 from usb: no success
I tried to change the physical interface (keeping the registered mac address): no success.
No matter what i try i always have the same result : chap authentication failure.
I'm not sure of my calculation but i feel like the response from my router to the chap challenge is not right.
I tried to compute it with an online md5 hash generator and i don't obtain the same as my router sends.
If you have any idea that can help me to move on ....
The alternative is to order a fritzbox from isp and put my router in dmz of the fritzbox. And i think that fritzbox don't even have a 2,5Gbs lan port :(
Did this start with 25.7 or 25.7.1 specifically? (also because we should move this to the right forum then)
Maybe we're looking at a partial upgrade and sone shared library incompatibility? Can you post a health audit from the system?
Cross-referencing GitHub: https://github.com/opnsense/core/issues/9039
Cheers,
Franco
based on the log:
FreeBSD 14.3-RELEASE-p1 stable/25.7-n271606-9af17f0102ca SMP amd64
My system isn't the same anymore. I reinstalled it with 25.1 image and still have the authentication problem.
Before upgrading to 25.7 i had 25.1.12 version.
I can post the full log of the upgrade process if necessary.
The previous pcap i posted were from fresh 25.1 with a restored config.
This morning i also tested a live 25.7 with same result.
the result of audit on current 25.1 system:
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 25.1 (amd64) at Mon Aug 4 14:30:57 CEST 2025
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 25.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 25.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
No plugins found.
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 25.1 has 69 dependencies to check.
Checking packages: .
beep-1.0_2 has no upstream equivalent
Checking packages: .
ca_root_nss-3.104 has no upstream equivalent
Checking packages: .
choparp-20150613_1 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20241008 has no upstream equivalent
Checking packages: .
dhcrelay-1.0 has no upstream equivalent
Checking packages: .
dnsmasq-2.90_4,1 has no upstream equivalent
Checking packages: .
dpinger-3.3 has no upstream equivalent
Checking packages: .
expiretable-0.6_3 has no upstream equivalent
Checking packages: .
filterlog-0.7_1 has no upstream equivalent
Checking packages: .
flock-2.37.2_1 has no upstream equivalent
Checking packages: .
flowd-0.9.1_5 has no upstream equivalent
Checking packages: .
hostapd-2.11_1 has no upstream equivalent
Checking packages: .
ifinfo-13.0_1 has no upstream equivalent
Checking packages: .
iftop-1.0.p4_1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.3P1_2 has no upstream equivalent
Checking packages: .
kea-2.6.1_2 has no upstream equivalent
Checking packages: .
lighttpd-1.4.77 has no upstream equivalent
Checking packages: .
monit-5.34.3 has no upstream equivalent
Checking packages: .
mpd5-5.9_18 has no upstream equivalent
Checking packages: .
ntp-4.2.8p18_1 has no upstream equivalent
Checking packages: .
openssh-portable-9.9.p1_1,1 has no upstream equivalent
Checking packages: .
openvpn-2.6.13 has no upstream equivalent
Checking packages: .
opnsense-25.1 has no upstream equivalent
Checking packages: .
opnsense-installer-25.1 has no upstream equivalent
Checking packages: .
opnsense-lang-25.1 has no upstream equivalent
Checking packages: .
opnsense-update-25.1 has no upstream equivalent
Checking packages: .
pam_opnsense-24.1 has no upstream equivalent
Checking packages: .
pftop-0.10_1 has no upstream equivalent
Checking packages: .
php83-ctype-8.3.15 has no upstream equivalent
Checking packages: .
php83-curl-8.3.15 has no upstream equivalent
Checking packages: .
php83-dom-8.3.15 has no upstream equivalent
Checking packages: .
php83-filter-8.3.15 has no upstream equivalent
Checking packages: .
php83-gettext-8.3.15 has no upstream equivalent
Checking packages: .
php83-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php83-ldap-8.3.15 has no upstream equivalent
Checking packages: .
php83-pcntl-8.3.15 has no upstream equivalent
Checking packages: .
php83-pdo-8.3.15 has no upstream equivalent
Checking packages: .
php83-pear-Crypt_CHAP-1.5.0_1 has no upstream equivalent
Checking packages: .
php83-pecl-radius-1.4.0b1_2 has no upstream equivalent
Checking packages: .
php83-phalcon-5.8.0 has no upstream equivalent
Checking packages: .
php83-phpseclib-3.0.42 has no upstream equivalent
Checking packages: .
php83-session-8.3.15 has no upstream equivalent
Checking packages: .
php83-simplexml-8.3.15 has no upstream equivalent
Checking packages: .
php83-sockets-8.3.15 has no upstream equivalent
Checking packages: .
php83-sqlite3-8.3.15 has no upstream equivalent
Checking packages: .
php83-xml-8.3.15 has no upstream equivalent
Checking packages: .
php83-zlib-8.3.15 has no upstream equivalent
Checking packages: .
pkg-1.19.2_5 has no upstream equivalent
Checking packages: .
py311-Jinja2-3.1.4 has no upstream equivalent
Checking packages: .
py311-dnspython-2.7.0,1 has no upstream equivalent
Checking packages: .
py311-duckdb-1.1.3 has no upstream equivalent
Checking packages: .
py311-ldap3-2.9.1 has no upstream equivalent
Checking packages: .
py311-netaddr-1.3.0 has no upstream equivalent
Checking packages: .
py311-numpy-1.26.4_2,1 has no upstream equivalent
Checking packages: .
py311-pandas-2.1.4,1 has no upstream equivalent
Checking packages: .
py311-requests-2.32.3 has no upstream equivalent
Checking packages: .
py311-sqlite3-3.11.11_7 has no upstream equivalent
Checking packages: .
py311-ujson-5.10.0 has no upstream equivalent
Checking packages: .
py311-vici-5.9.11 has no upstream equivalent
Checking packages: .
radvd-2.20 has no upstream equivalent
Checking packages: .
rrdtool-1.9.0 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
strongswan-5.9.14 has no upstream equivalent
Checking packages: .
sudo-1.9.16p2_1 has no upstream equivalent
Checking packages: .
suricata-7.0.8 has no upstream equivalent
Checking packages: .
syslog-ng-4.8.1_3 has no upstream equivalent
Checking packages: .
unbound-1.22.0_1 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.11_2 has no upstream equivalent
Checking packages: .
zip-3.0_4 has no upstream equivalent
***DONE***
Small step.
I installed a live openwrt on my router.
I have the same result: chap authentication failure.
I called support once again and i am waiting for my pppoe credentials, password and router mac address registered.
25 min to have them send a message and it's not even here.
I don't know if openwrt and opnsense use the same libraries for pppoe connexion.
But i'm quite certain the isp is bullshitting me. They only want fritzbox on their network.
> But i'm quite certain the isp is bullshitting me. They only want fritzbox on their network.
If you have a stock 25.1 and you know it worked then I'm inclined to agree here. There's no one else with the same issue to my knowledge on 25.7 and a clean 25.1 should work for you either way.
FWIW, I also use a FritzBox in front of the OPNsense and it's perfectly fine. Mostly if you want to be reached from the outside that is a bit of a burden otherwise not really an issue.
Cheers,
Franco
i'm still waiting for my credentials. They told me they have a failure on their cms and can't send messages or mail to clients.
I deeply regret to have a contract with this provider.
In the end i'll probably go with a fritzbox (i hope they have one with 2,5Gbs lan port)
But i'm still a very angry at this provider. The technician who came to setup the line gave some wrong info (fqdn of voip proxy which doesn't exist).
And today after 9 calls, 1 chat and 2 tickets in their system i still couldn't have my credentials.
I had shitty providers in the past but nothing like that.
The only good thing a very stable 2Gbs/750Mbs connexion but only ipv4. They don't know ipv6.
I understand your frustration. Give them some time but stay firm though. Fingers crossed.
Cheers,
Franco
i had a good will technician on the phone (my 10th phone call) and could confirm that i have the right credentials.
The only thing that didn't match is the serial number registered in their crm which afaik isn't used in pppoe/chap.
For the serial they entered my router mac address with a mistake on the last character. It has been changed to match the real address but didn't change anything.
So they were not bullshitting me.
The last possibility i see is a change made by post which is the isp which owns the line and provides the ont.
To put an end to this trouble.
A tehcnician finally came to my house.
And guess what the isp changed my credentials without telling me and worse they confirmed me the old one.
As soon as i put the correct one the link came up.
Glad it's fixed now! :)
Cheers,
Franco
And thak you very much for your help. it's very appreciated.
I'll ask for closing the issue on github.
I have still unifi plugin to restore and after finally go for 25.7 upgrade.... or leave it to after holidays.