@mpcjames
Just to help with some of your early questions.

You are correct that the Openreach VLAN is added by the modem or ONT. For generic modems this may have to be added manually, or not, as some UK-specific firmware loads do this for you (eg on some Draytek units with BT-approved firmware).

The MTU for your WAN/pppoe0 link (shown as MRU 1492 in your stats above) should be set at 1500 - ie the standard packet size. The actual physical interface connection between your pfSense router to the Openreach modem or ONT should be set at 1508 MTU, to allow for the extra 8-bytes of the PPPoE wrapper:

2023-09-07 at 11.18.35.png

2023-09-07 at 11.19.14.png

You will see the somewhat bogus PPPoE MTU 1492 mentioned a lot on English-speaking forums as they tend to be dominated by those from the US, where they do things differently. The 1492 setting has become somewhat of an internet lore but is incorrect for many other countries, including the UK.

I'm on the pfSense Plus side of the house where there have also been a number of PPPoE niggles, one of which is the multiple attempts to achieve a PPPoE link, rather than the expected single attempt. This can muddy the waters when doing any testing. For reasons unexplained the latest 23.09 dev firmware is more likely to make a PPPoE connection at first try. So there is hope that things are getting better for UK-style connections.

I hope this adds some UK-orientated clarity!

☕️

Yes, there are many ways you could do this. Really having the TP-Link as the main router is restrictions here. If you have something else behind it as a VPN server that creates a local routing problem if it's i the same subnet as hosts that need to connect to the remote VPN subnet.

If you can't swap out the TPlink for pfSense then consider what it can do and build anything else around that. If that can do Wireguard it would likely work since Wireguard inherently includes routing.

Nice catch.

Yes, exporting and manually removing that from the config should correct it.

@macaruchi said in Vlan wifi doesnt connect:

There is a way to send any packets to this vlan to test the conectivity?

Connected a PC or laptop to the pfSense interface an configure it's network port for this VLAN.

@cornerstonefound said in Guys, totally new, I need 3 ports to connect to different things from minipc how simplest way?:

Do I set all this up in the pfsense GUI and so on?

Yes. At the first boot after install you would assign the NICs to interfaces at the console. Then connect to the webgui on the LAN interface and configure the other interfaces.

Steve

@stephenw10 I see, thank you very much for your answer 😁

You'll also be able to see the interface names at the console or by running ifconfig at the command line.

What version did you upgrade from where it was working?

@stephenw10 My ISP finally called me back this morning and said that it looks like the box outside is going bad. They are rolling a tech to replace it this morning. Will see what happens.

@mcury The mistake I was making was to enter the username just as straight text, ie "pfsense". When I switched to "CN=pfSense,CN=Users,DC=lan,DC=company,DC=com" the bind authentication started working.

The authentication appears to be working. Now on to making it secure.

Thanks for posting the screen shot.

Once created the LAGG appears as any other interface, you can assign it, you can create VLANs on it etc. You can then select the LAGG, or VLANs on it, to assign as existing interfaces and that way keep the existing subnet and firewall rules etc.

Steve

@Mikalatto Hi Mika, do you have a picture or model number of your equipment? Is your fiber terminating into this Nokia ONT and then going directly to the WiFi Hub? You may have a newer setup than I do so I might not be able to help.

My connection is currently setup where the incoming fiber terminates into the Nokia G-240G-A ONT (same as in the Facebook link) and then from there it's ethernet to my pfSense box. There is no WiFi Hub necessary.

@johnpoz Thanks! 😁

If you reboot and then check the log when does that first appear? At what point in the log?

Also check /tmp/php_errors.txt

@magoo_it said in PHP error after reboot:

It seems that today is not my best day on IT ... well better days will come.

aww, don't be so hard on yourself. I have to keep a sticky on the Reddit group about this tool because it seems very few people there know about it, either. 😸

@stephenw10 Thanks!

Regards.

As shown in that thread you can edit /etc/skel/dot.tcshrc which is where that file is created from.
However that still might be lost at a firmware upgrade.
I created a feature request for this: https://redmine.pfsense.org/issues/14746

Steve

Hmm, maybe something else was using some bandwidth?

Nice catch. And relatively easy fix. 😉

For some weird reason, I though that L2 VPN was only used for remote access, not for peer to peer.

I've successfuly migrated from Vxlan to Openvpn.

Thanks for your help