Messages

Yep this ist working.-

I am also using pppoe with vlan.

Just create a vlan interface and use this as the pppoe parent interface.

GIF0 vor reload:

Code Select Expand


gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        options=80000<LINKSTATE>
        tunnel inet 46.244.220.176 --> 216.66.80.30
        inet6 2001:470:1f0a:1252::2 --> 2001:470:1f0a:1252::1  prefixlen 128
        inet6 fe80::213:3bff:fe0f:cfd6%gif0 prefixlen 64 scopeid 0x10
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: gif


und danach:

Code Select Expand


gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        options=80000<LINKSTATE>
        tunnel inet 46.244.220.176 --> 216.66.80.30
        inet6 2001:470:1f0a:1252::2 --> 2001:470:1f0a:1252::1  prefixlen 128
        inet6 fe80::213:3bff:fe0f:cfd6%gif0 prefixlen 64 scopeid 0x10
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: gif


öhh.. ist unverändert... :(

neither dnsmasq or unbound allow dynamic dns updates

in my case, i am using a windows dns for this task.

i have also seen that powerdns may allow dynamic dns updates.

Resolver is always(or in most cases) slower  than just redirecting.

Resolver is asking all the nameservers from the root ones down to the authoritative ones for a record.
This is slow.

If you need this to be done faster(resulting in faster DNS Resolution) you could stick with the DNS-Server of your provider or the googles ones.

these public nameserver are heavily used and are caching the responses for some time so they can answer without going all the way for name resolution for every query.

You still can use unbound without using its resolving features by enabling the forwarding mode and setting the correct DNS Servers in the system settings.

Ich habe einen HE.Net tunnel, der nach der Einrichtung super funktiert hat.
Nun habe ich das Problem, dass nach einem Neustart der Tunnel nicht funktioniert(Gateway down laut WebIf)

Wenn ich jetzt unter Interfaces=>"Tunnelbroker_V6" auf speichern und anschließend auf übernehmen drücke,
funktioniert es sofort ohne probleme.

Das Tunnelbroker_V6 ist dem GIF tunnel zugewiesen.
Dieser hat als Parent das WAN-Interface welches einem PPPoE Interface zugewiesen ist.

Ich tippe hier mal auf ein Timing-Problem nach dem Hochfahren... bin aber etwas ratlos, da ich keine möglichkeit finde, die Reihenfolge festzulegen in der die Interfaces initialisiert werden.

LG,
jwe

Hello

I am facing strange problem that I did not manage to resolve yet, so I am asking for your help.
I have fresh install of OPNsense 17.7. (never before have I used OPNsense, only pfSense). WAN connection type is PPPoE and it is established (ONPsense get public IP), but from PC I can not ping domain name or access any web page. I can ping IP (8.8.8.8, 8.8.4.4,...) without any problem.
Both pings (domain name and IP) works from OPNsense GUI.

OPNsense is connected to ISP's modem and if I setup PPPoE on modem and change WAN connection type on OPNsense to DHCP (OPNsense gets local IP from modem) internet access and pings works fine.

Any idea what am I doing wrong with PPPoE connection on OPNsense?

Assuming you are using a windows client:

Code Select Expand

ping 8.8.8.8 works. -?
what is the output of

Code Select Expand

ipconfig /all ? is it showing a defined dns server?

I am not 100% sure how "Tracking" works,
but maybe you can set the correct DNS Servers in radvd and DHCPv6?
(Services=>DHCPv6=>Advertisements for radvd and Services=>DHCPv6=>Server for DHCPv6)

Thats what i did, but i am not using the tracking feature so... not sure if it works for you, but worth a try :)

https://[pfsense-ip]/system_advanced_admin.php

But it's the opnsense-ip :D

Oh my... sure.. opnsense :) correcting it now...

YOu could build up a central DNS Server for all you networks.
Then you can tell the DHCP Server to update this dns server with dynamic dns.

In OPNSense this setting is in DHCP-Server Settings, named:
"Enable registration of DHCP client names in DNS."

Damn :( Tell me plz, how can I enable ssh or sftp or ftp?

If it is working in your webinterface, you can try to enable ssh
under system=>Settings=>Administrator or under the following url:
https://[pfopnsense-ip]/system_advanced_admin.php

jwe, will you mark it solved? Thanks!

done  :)

Very nice!

Thanks for all the help, patches and images.

The new image is here:

https://pkg.opnsense.org/snapshots/OPNsense-17.7-test3-OpenSSL-vga-amd64.img.bz2


Cheers,
Franco

Hi Franco,

this seems to work, but as i did not always see the other AC,
and i cant load the img into my hyper-v to watch network traffic via wireshark, it would be nice if someone else can confirm this work.

Or - if you have some time for it- you could create the test image as an iso...

Hyper-v really sucks not beeing able to load img's :(

In the provider field, simply fill with "ac4.nue3\", the trailing backslash is important. The Host-Uniq field must be empty.

I dont have the provider field in my web-interface. Is there an option to make it visible?
(Looked in Interfaces/Point-to-Point/Devices(Interface type=pppoe))

Since blocking one AC seems to have fixed the issue, it'd be interesting to see if blocking the another one produces the same result.

It seems like the 2nd AC is only showing up after the session to the first AC is established.
This might be because the original router from my ISP is building a second pppoe session for voice and i assume that the second AC is for the voice connection. So i cant test using only the second AC as it is not responding to my PADI. It sends its PADO always about 1 second after the session with AC(1) is established.

Ok,
i think i have identified the problem.

What i have seen in the packetcapture:
Router sends PADI (Offer) | 585 in image
AC(1) sends PADO to Router |586
Router sends PADR to AC(1)|587
AC(1) send PADS to Router |588
=====Session is established, i also already have an ip via pppoe device=====
AC(2) sends PADO to router|589
=====Router crashes====


Thats what i have seen in the wireshark log.

AC(1) and AC(2) are sending the PADR's but the one from AC(2) is coming really late... as far as i could seen always after i have an established session with AC(1)

I can differntiate both AC's by their MAC-address.

So i blocked the MAC-address from the second AC on my switch.

Et voilà, problem solved.

I have attached a screenshot of the relevant captures.

so. by the RFC, if there are multiple AC's the client should be able to switch between them.
Possible workarounds for opnsense are, in my view:
1. a diagnostic 'pppoe -A' which sends the PADI to the ether and list the possible AC's
2. a possibility to select the AC to use in the configurator (for pppoe its parameter -C)

both commands are from https://www.freebsd.org/cgi/man.cgi?query=pppoe

hope that helps.




Edit:
I also noticed that the AC(2) (Cisco whatever by its MAC) has some more Vendor Specific PPPoE Tags(Cirguit ID and Remote ID, the Remote ID also contains my name in its value... 0o)