OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: slashterix on June 25, 2016, 03:31:27 pm

Title: WAN problems
Post by: slashterix on June 25, 2016, 03:31:27 pm
Having signed up with a new ISP, naturally I want to keep using my OPNsense router.

I am used to setting up PPPoE but this time I've been provided with a VDSL modem+router combo device that connects using "Dynamic IP" in the TP-Link gui. I'm assuming this is referring to DHCP as it doesn't require any configuration.

My difficulties start when I attempt to put the modem+router in bridge mode so I can let my OPNsense box do the routing. Neither my OPNsense nor other directly attached devices get an IP address when I connect to the bridging modem.

Is there something I'm missing here? Do I have another option to set up my network without double NAT?
Title: Re: WAN problems
Post by: fabian on June 25, 2016, 10:24:12 pm
Did you set up a PPPoE on OPNsense as it has to do it by itself when your router is in bridge mode?
Title: Re: WAN problems
Post by: slashterix on June 26, 2016, 09:48:41 am
Thank you for your reply.

My ISP doesn't appear to use PPPoE here.

I've uploaded some images of my router configuration to make it clearer: https://imgur.com/a/gNpdQ (https://imgur.com/a/gNpdQ)

Alternatively, if it's not possible to use the modem in bridge mode, would it be possible to disable NAT on the TP-Link and set up OPNsense in such a way to do the NATing instead?
Title: Re: WAN problems
Post by: bartjsmit on June 26, 2016, 01:19:51 pm
You can use OPNsense as a transparent bridge https://docs.opnsense.org/manual/how-tos/transparent_bridge.html but you'll lose the automatic link between NAT and firewall rules, making it a bit more fiddly.

Your router will work as a bridge - http://www.tp-link.com/res/down/doc/TD-W9980_V1_UG.pdf page 35, which will let OPNsense act as the PPPoE client to your ISP. However, this will block the router's WiFi, printer and media sharing, since these all depend on NAT taking place on the TP-Link.

Title: Re: WAN problems
Post by: slashterix on June 26, 2016, 02:05:22 pm
I set the router up as a bridge again and disabled the DHCP server. This time I managed to get an IP address assigned to a computer directly attached to one of the LAN ports on the router.

For some reason I can't get any packets out to the internet. Wireshark shows a lot of TCP retransmissions, pings don't get answered.

Curiously the IP address assigned to the router when in Dynamic IP mode is not the same I get when using bridged mode, not even in the same subnet, even when using the same DHCP client ID.