New ESXi setup, can't get PPPoE working

Started by Moredhel, January 27, 2025, 03:10:04 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 27, 2025, 03:10:04 AM Last Edit: January 27, 2025, 03:14:40 AM by Moredhel
Hi all,

I am testing out OPNSense to see if I want to use it going forward, but I am having some issues getting PPPoE working on my ESXI installation.  The system is set up below:

Fibre to the Premises NTU to Cisco switch on port Gi0/5.  Cisco switch port Gi0/5 is set up as a trunk allowing only VLAN 2, and also setting VLAN 2 as the native VLAN.
Cisco switch port Gi0/5 is a trunk to my ESXi host, allowing all VLANs
The ESXi host has a port group created for VLAN 2, and that is configured on the VMNic physical adapter to the switch, as well as configured for use by the OPNSense guest on Network Adapter 2

I then used one of the guides on this forum to set up the PPPoE, however when I go in to Interfaces > Point-to-Point > Log File, I can see an attempt is made to get a connection, but it times out.  I don't get an IP Address, and my ISP says they can't even see my device trying to make a connection to them.

Anyone got any ideas?
January 27, 2025, 03:20:52 AM #1
Also, I have another NIC on the OPNSense for my server VLAN, and that server also resides on the ESXi host.  They are on a different VLAN to my home computer.  I can access them just fine, so I know that the VLAN configuration on the ESXi host is working, the Cisco switch is working correctly, and the OPNSense VMNics are configured to the correct VLAN.
January 27, 2025, 10:06:19 AM #2
Since this is PPPoE, which is often done over a VLAN itself: Is it by any chance that your provider does that over VLAN 2?

If so, you would have to set Gi0/5 to untagged.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
January 28, 2025, 12:23:36 PM #3
I can try that.  Would seem weird that I would have even been told about vlan 2 if the port is untagged though. But at this stage I will try anything.  Will let you know how I get along once I try it out tomorrow.

If I am untagging the port going to the NTU, does that mean I don't need any vlan information on the opnsense? Since it is getting stripped off anyway?
January 28, 2025, 12:32:45 PM #4
Your description is rather unclear (to me, at least). Does your ISP require you to use VLAN 2 or not? You've stated that switch port Gi0/5 is the connection to the NTU, but then you've also stated that Gi0/5 is the connection to the ESXi server. It can't be both?

*If* your ISP requires that you use VLAN 2, it must *not* be the native VLAN on the switch port connected to the NTU. Use some other VLAN ID as the native VLAN on that port. It doesn't really matter what you use, so long as it's not 2, and not used for something else on your switch.

Whether or not you need to deal with tagging in OPNsense depends on how you deliver that VLAN to the OPNsense VM. If you have a dedicated VNIC for it, and can present VLAN 2 to that VNIC untagged in ESXi, you would not need to deal with it in OPNsense. I don't know anything about ESXi networking, so can't advise there.
January 28, 2025, 02:05:41 PM #5
I was ambiguous: If your ISP wants PPPoE von VLAN 2, you need to send out the tags on Gi0/5 (iff and only if that is the NTU port). On the other hand, you want a VLAN to separate that PPPoE traffic from other VLANs on your switch. You could use QinQ but is is easier to use VLAN 2 on the switch, but you have to make sure that tags go out on the port (usually, when you set a "native" VLAN, this will go untagged on egress and igress).

The untagged packets on that port are usually used to get to the NTs web interface, if it has one.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
January 30, 2025, 07:45:35 AM #6
Got it all working, it was not an OPSense issue, had to alter the way the trunk was done to the ISP.

Cheers for the help anyway!
Print
Go Up Pages1
User actions