Netgate SG-1000 microFirewall

Author Topic: VLAN WAN dies when PPPoE is enabled  (Read 102 times)

0 Members and 1 Guest are viewing this topic.

Offline GemeenAapje

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
VLAN WAN dies when PPPoE is enabled
« on: January 29, 2018, 06:24:02 pm »
Hi guys
I'm trying to setup pfSense to work with my new internet provider (XS4ALL in the Netherlands).

Here internet is being run over VLAN 6.

I've followed some handy configuration instructions I found online, but for my setup it fails.

I can enable the interface with VLAN 6, runs fine and shows "up".  It can also get a DHCP IP address.

But when I switch the PPPoE the link goes down and refuses to come up.

I tried various MTU settings but the only way I can get the interface back online is to remove PPPoE and set it back to static/dynamic IP again.

It's a VM running:
2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6

It's on a HP Proliant 380 G9 using on-board 1gbps LAN card.

I've set the port switch in ESXi to be on VLAN 6 also.

Really hope someone can help me.

Thanks
Matt

Offline SirJohnEh

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +1/-0
    • View Profile
Re: VLAN WAN dies when PPPoE is enabled
« Reply #1 on: January 29, 2018, 09:17:13 pm »
I was in the same situation as you, just in Canada. ;)  Not sure if I necessarily had to do it this way, but it got it working for me...

Change the port group vlan to 4095, essentially turning it into a trunk port.  Then setup the vlan on pfsense.  Create the pppoe interface on top of the vlan interface and away you go.

I wanted to have the vswitch deal with the incoming tagged packets like you're trying to do, but never quite got it to work; the pppoe link was always down.  Google search pointed me to changing the vlan to 4095 and the rest is history.

I think I could have got it working if I changed the security settings on the vswitch, but I never got that far since once I changed the port group vlan to 4095 and setup the vlan within pfsense, everything just worked.
« Last Edit: January 29, 2018, 09:24:27 pm by SirJohnEh »

Offline GemeenAapje

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: VLAN WAN dies when PPPoE is enabled
« Reply #2 on: January 30, 2018, 02:21:36 am »
Great tip, thank you.  I didn't know about 4095.

But sadly it still doesn't work.

What MTU should I set on the VM virtual switch / VLAN WAN interface in pfSense / PPPoE tab in pfSense.

Right now I have it as 2000 (VM) - 1512 (VLAN) - 1500 (PPPoE).

My ISP does support the large packets.

I've experimented with much lower MTUs also without success.

For the pfSense setup.... should I have just 1 WAN and 1 LAN adaptor?  The wan being PPPOE0(vmx0.6) - email@address
Or should I have 2 separate adaptors for WAN, one for the VLAN/NIC and one for the PPPoE?
If the 2nd.... how should it be configured?  I tried everything.

Would you be happy to post some screenshots with sensitive info hidden?

Thanks
Matt

Offline GemeenAapje

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: VLAN WAN dies when PPPoE is enabled
« Reply #3 on: January 30, 2018, 05:36:19 am »
It's fixed!  2 things fixed it (in my opinion).

1) Removing the modem/router box from my ISP in the middle.  Today my ISP provided a media converter for glass fibre to RJ45 so I don't need their modem router anymore.  Even though I had PPPoE Passthrough enabled on their modem, I have a feeling it was somehow blocking my own router getting through.

2) Setting trunking on the VM switch port/group.  I would never have thought of that! Thank you so much

It's now working beautifully.  500Mb down and 750Mb  upload with an MTU to google of 1500.

Thanks so much. 
Matt

PS: if anyone is interested in my settings I can try to write them down, just reply here and let me know if there's interest in it.  Running pfSense on Esxi VM directly via F3100 media converter to xs4all glass fibre