OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: tre4bax on September 09, 2018, 06:56:58 pm

Title: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 09, 2018, 06:56:58 pm

Hi All,

Numpty, newbie question necessitated as this is driving me made.  I'm trying to get my broadband working using a Opnsense firewall.  I am an IT professional and I have done a fair bit with networks before, just not with OpnSense and not with PPPoE and not for quite some time ;-)

Initially I connected it on a Networking level to my vodafone router.  This works fine, although the latency is noticable and there is the underlying double nating going on.  My vodafone router cannot be put in bridge mode, however in my loft I had a huawei HG612.

I configured a Vlan of 101 setup the Wan to use that and set up PPPoE with the passwords etc.  If I look in overview this link is up and working fine.  If I try to send packets from the Lan nothing happens.  Same happens if I try and use the ping tool on OpnSense to contact an external service. 

I appear to have connected to the vodafone broadband and yet I cannot pass packets so I am doing something wrong.  I've checked for a gateway etc.  I cannot find the IP address assigned to my broadband anywhere in OpnSense though so I think I may need to set something up here.

Anyone got time to give me some pointers on what I should be looking for? 

Title: Re: New at this and Struggling with PPPoE routing
Post by: eck on September 10, 2018, 01:29:58 pm

you have to create a bridge -> interfaces -> other type -> bridge

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 10, 2018, 02:45:12 pm

Ah, thank you.  That makes sense.  I will give it a try tonight.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 14, 2018, 10:23:21 am

I have tried this, no joy though.  I created a bridge between the PPOE connection and the local Wan port though so not sure if this was right.  Creating a bridge between the PPOE and the LAN seemed like a really bad idea.

Feels like something is just not configured correctly and I'm not getting it.  I note that the PPPoE connection itself does have an IPV6 address (although I wanted to turn off all IPV6 at this stage) however it has no IPv4, suggesting the connection is not getting DHCP.  I might try statically assigning an IPv4 address.

Challenge is I have to disconnect it all to look up solutions on the internet!

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 14, 2018, 05:13:36 pm

Who's your ISP? If you have an HG612 and you are using VLAN 101 on that it sounds like a UK system, is it?


If so, you  do not set up PPPoE on the HG612, It gets setup on OPNsense.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 14, 2018, 06:48:23 pm

Yep I am in the UK, using Vodafone broad band.

I have done exactly that on OpnSense.  I setup a VLAN interface on 101.  I plugged that into the WAN configured as PPPoE with the password etc for my link.  All of that works.  I get an "Up" status in the overview. All seems to be fine with this side of the link.  I just cannot get packets to travel over it.  Nothing happens.

If I look in the routes I can see IPV6 stuff (despite having put all IPV6 to none to try to reduce complications).  And I see an IPv4 address for the Lan.  I happily access my OpnSense box from here.  Nothing goes through it to the internet though.  I've tried bridges etc.   I just cannot figure out where the PPPoE connection actually is to setup a route to.  Not only that nobody else on the internet ever seems to have had that problem!

Today I have unlocked the DG612 so I can get on it and look at what it is doing.  It says it is connected.  It says it is using a PPPoE bridge.  So I have the same mystery there as on the OpnSense router.

Just stumped now.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 14, 2018, 07:44:39 pm

You don't need a VLAN on OPNSense for that, that's all handled by the 612. Just set OPNsense as a simple WAN interface, PPPoE on IPv4, enter your credentials in the PPPoE boxes and that's it. IPv6 should be set to dhcp6, use IPv4 connectivity. Like the images shown here.


(https://preview.ibb.co/f8XCn9/Capture.png)

(https://preview.ibb.co/dvyJS9/Capture2.png)

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 15, 2018, 10:42:12 am

Thanks Marjohn56. 

I had trouble getting the PPPoE to connect and the advice I found was that I had to do this.

I decided to go with a full factory reset on both this morning and setup from scratch and see if that helps.  At least it will be cleaner in the long run.  If I can get it going.

Really want to get some OpnSense goodness into my network...

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 15, 2018, 03:15:53 pm

Well doing a factory reset on both helped.

I now have a route out and I can manage to send stuff from one network to another.  What I need to understand now is why I cannot do that on a network level.  I can do an NSlookup and get back the ip address of the web site.  I cannot access the website though.

I have a LAN any rule in place at the moment so I thought anything on my LAN should be able to go in and out.  Doesn't seem to though and even though I can NSlookup from the OpnSense tools and Ping some addresses from there, I cannot run a tracert from there.

I guess I have loads more reading to do before I can make this work :-(   I naievly assumed that a basic setup would be easy and I could work it to be more complex from there.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 15, 2018, 11:50:50 pm

Sorry I haven't been able to reply earlier. Had to do some real work today.


OK, by default OPNsense works out of the box with very little required to get your LAN up and running and talking to the Internet.


Can you ping 8.8.8.8 from the diagnostics?

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 16, 2018, 08:56:39 am

No problem, certainly no reason to apologise.  Your help is gratefully received.

I went into diagnostics and tried to ping 8.8.8.8 and it failed.  I then pinged 1.0.0.1 and it worked.

Went into settings general and added 8.8.8.8 as a DNS server with the gateway set to the wan.

Back in diagnostics tried to ping 8.8.8.8 and it worked perfectly.

It would seem to be something going on within OpnSense to do with routing or firewalling that is stopping stuff not specifically configured from travelling. 

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 16, 2018, 10:53:24 am

One of the TR members runs a BT connection, I'll ask him to send a config over.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 16, 2018, 11:10:33 am

Thanks for that.  I am using an old 612 against a Vodafone broadband.  I am pretty sure though that Vodafone actually piggy back on BT anyway as they use the same VLan as BT hence why the whole shebang does seem to connect.

I did read a post somewhere that said something about the auto NAT rules not working and you needed to create a NAT rule.  This seemed weird and at this stage I wanted my config as default as possible.  Once I have something working, then I can save the config and look to start to implement some of the stuff that I wanted this to do in the first place ;-)

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 16, 2018, 12:03:53 pm

There is no funky stuff, it should just work.  :)


(https://i.imgur.com/93OWR5x.png)


(https://i.imgur.com/EWeNLPG.png)


(https://i.imgur.com/wqmzuMG.png)

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 16, 2018, 12:59:24 pm

Mine is identical to that and doesn't work :-( 

Could you show me what your System->Routes->status looks like?  Maybe there is something in there that will solve the issue for me.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 16, 2018, 01:40:55 pm

what's the wan ip showing up as, only give me the first two quartets, i.e 81.35

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 16, 2018, 01:45:08 pm

My Routes is empty, apart from a route to my test system, otherwise its automatic. If you have added any routes delete them and reboot.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 16, 2018, 03:05:19 pm

My IP is 90.255.x.x  Although that seems to be backed off by a 212.158 number.  I can't look at the moment as I have the 612 disconnected so there is no WAN in place on the firewall/router.

I have no routes either, I was looking to see what you get in the routing status, see if mine is similar.  I have Netif values of pppoe(), lo0, em2, em3.  The EM ones are the network ports on the device 3 is WAN and 2 is LAN.  pppoe() is presumably the broadband link, I just don't know what lo0 is.

Interestingly the 1.0.0.1 address has a gateway of the 212.158.x.x and a netif name of pppoe().  This is the only address that actually works and that makes sense as a route has been generated to achieve this.  What I am not sure of is why there is no ANY type route.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 16, 2018, 03:54:37 pm

lo0 is loopback.


Are you running this on a virtual machine?

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 16, 2018, 04:16:54 pm

Nope, it is running on a celeron J1900 powered device for the job.  It has plenty of RAM and disk and four network ports.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 16, 2018, 04:46:57 pm

Yeah, it was just the em*, thought it might be vmware.


Let's see if we can get more sense out of this. Go to firewall->Settings-Advanced. Select 'Prefer Dpinger over Apinger', Allow IPv6 should be ticked. save and Apply. Reboot.


When it comes back up, post a snapshot of your Interfaces & Gateways widgets. And tell me whether the dpinger status's are green in the lobby Services widget.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 16, 2018, 10:14:59 pm

Okay I have done that.  I won't be able to test till tomorrow morning though as Son is deep into internet gaming right now and turning off the internet would not go down well ;-)

At present it is running and connected to the 612, but that is not connected to the broadband.  This is why I am currently using 192.168.0.1 as its address so that I can attach too it from this machine with a second address added to this machines IP4 setup.

Looking at it curretly there is no Dpinger at all.  I assume because there is no internet connection.  Will swap first thing tomorrow and see what happens and let you know.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 17, 2018, 09:22:06 am

Blast did this.  No difference from a functioning point of view and the routing table is below, however I forgot to check the dpinger so will need to do that tomorrow.

Proto   Destination   Gateway   Flags   Use   MTU   Netif   Netif (name)
ipv4   1.0.0.1   212.158.250.36   UGHS   32   1492   pppoe0   wan
ipv4   8.8.8.8   212.158.250.36   UGHS   0   1492   pppoe0   wan
ipv4   90.255.226.54   link#9   UHS   0   16384   lo0   
ipv4   127.0.0.1   link#6   UH   0   16384   lo0   
ipv4   192.168.0.0/24   link#3   U   1214   1500   em2   lan
ipv4   192.168.0.1   link#3   UHS   0   16384   lo0   
ipv4   212.158.250.36   link#9   UH   32   1492   pppoe0   wan
ipv6   ::1   link#6   UH   0   16384   lo0   
ipv6   fe80::%em2/64   link#3   U   0   1500   em2   lan
ipv6   fe80::ee8:5cff:fe68:bac2%em2   link#3   UHS   0   16384   lo0   
ipv6   fe80::%em3/64   link#4   U   0   1500   em3   
ipv6   fe80::ee8:5cff:fe68:bac3%em3   link#4   UHS   0   16384   lo0   
ipv6   fe80::%lo0/64   link#6   U   0   16384   lo0   
ipv6   fe80::1%lo0   link#6   UHS   0   16384   lo0   
ipv6   fe80::%pppoe0/64   link#9   U   0   1492   pppoe0   wan
ipv6   fe80::ee8:5cff:fe68:bac0%pppoe0   link#9   UHS   0   16384   lo0   

Note both DNS servers are the only things accessible from anywhere and both have their route set as via the gateway 212.  it feels like a default route out for the rest is not being added.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 17, 2018, 11:53:51 am

There appears to be no default route being set. I've never seen that happen before. Can backup your config and send me the resultant *xml file. I'll run it up on my test unit and see what gives. Can you make sure that the root password is opnsense. You can change the PPPoE login so it's not yours, but leave something there.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 17, 2018, 12:16:42 pm

Yeah, no probs.  I will do that tonight and send it through to you.  is there a good way to do that from this site or better to share from onedrive or something?

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 17, 2018, 09:48:31 pm

Ah, I see click below to attach.

Have attached the XML.  I've done this with the internet route off though.  Reasoned that it should still hold the setup.  If you need one with it active let me know and I'll do it when the family are asleep.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 18, 2018, 12:22:33 am

OK... Loaded your config. I'm sending it back to you with some changes


1. Deleted the extra gateway you've added.
2. Enabled the dhcp server so your lan devices will get no addresses.
3. Set the gateway targets and enabled monitoring.
4. Set dhcpc6 to use v4 connectivity.
5. Remove the LAN alias.


I've made a few other changes too, like enabling powerd, and a few other tweaks.

Note, I cannot test the PPPoE settings as to do that I would need to take my live unit offline, and that would be under pain of death from others.


When I first brought it up I could get squat, even setting WAN to dhcp got nothing, it works on dhcp now, so it should work on pppoe.


So what you need to do is import the attached config, change the WAN IPv4 type to PPPoE and set your username and password, save and apply. That should get you up and running. Once you have v4 up and running, set  dhcp6c to use V4 Connectivity, save and apply and that should bring up IPv6 too.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 18, 2018, 09:29:47 am

Hi Majohn

That gateway adds itself, I wasn't quite sure why.  I've deleted it a few times but it comes back on its own.

Turned off the DHCP server deliverately as I currently have this box on my network along with the Vodafone router and if this is offering DHCP it breaks everything else ;-)  Once I have it routing the Vodafone router is history and this will be the only DHCP ;-)

Thanks for your help with this I will give it a go tonight.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 18, 2018, 09:40:15 am

Was it the GW_LAN gateway you deleted.

I have just had a thought about where that is coming from.  I currently have my Vodafone connect doing the internet.  I also have the opnsense box plugged in using 192.168.0.1 as its network, so essentially not connected to the other devices subnet wise.  I then have multi homed my PC to have 192.168.0.99 as a second address so I can see the opnsense box live while allowing the rest of the network to work.  I wonder if somehow the GW_LAN route is a route to the vodafone connect via my PC that the opnsense box has figured out?

I only started doing this when it would not work though so should not alone be the issue.  Just curious really as to where this stuff is coming from as it aids understanding. 

I will let you know how it goes tomorrow morning when I can apply it.  With luck tomorrow night the opnsense box will be my main router.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 18, 2018, 10:08:41 am

When doing things like that it's best to start with a simple basic WAN<>LAN firewall. Get that working, then start doing funky stuff.

Title: Re: New at this and Struggling with PPPoE routing
Post by: marjohn56 on September 18, 2018, 11:57:59 am

Quote from: tre4bax on September 18, 2018, 09:29:47 am

Hi Majohn

That gateway adds itself, I wasn't quite sure why.  I've deleted it a few times but it comes back on its own.

Turned off the DHCP server deliverately as I currently have this box on my network along with the Vodafone router and if this is offering DHCP it breaks everything else ;-)  Once I have it routing the Vodafone router is history and this will be the only DHCP ;-)

Thanks for your help with this I will give it a go tonight.

Then in that case you will need to manually set gateways and DNS servers in the client PC, and you cannot just add a secondary IP address else it will continue to use the primary DNS and gateway

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 18, 2018, 12:55:31 pm

Hopefully your new config will work and I can just go back to a nice simple arrangement.  Only did this so that I can look at the config in response to a question without plugging and unplugging etc.

Really wanted as basic as I could get and that was how I first had it and it didn't work :-(  With luck if I can get packets to travel I can be really simple again...  will let you know how I go.

Title: Re: New at this and Struggling with PPPoE routing
Post by: tre4bax on September 19, 2018, 09:59:55 am

marjohn56:  Many thanks for your help.  My opnsense firewall is now up and running :-)  Worked perfectly happily with Netflix this morning so I judged it okay for the family use.  If it is not then I will probably not survive my arrival home tonight.

Trev