PPPOE wan will not connect -

gerryatric

@gerryatric The MTU setting on my Wan port on the USG is 1440
Apparently it needed to be lower to get the speed up.
When I first connected I had 1492 in .
I couldn't get above 200mbps.
So I rang IINEt and to get Ultrafast speed on fibre, you need to lower the MTU. They gave me a couple numbers and 1440 worked the best.

Gertjan

The MTU when using pppoe, in the inside, can never be 1500.
Classic pppoe is 1472 or something close to that.
Yours is encapsed in a VLAN, so even less ?
Dono what an MRU is.

Btw : you can determine what the best value is :
ping with a given packet size (the default is 60 bytes so it always passes) - and check the answers for 'fragmentation'.
Repeat the test, start at 1400, and add 4 on every next test.
As soon as 'fragmented comes back, you found your MTU value.
There are many how-to available on the net.

This test needs a working connection, of course.

gerryatric

@gertjan yep I did that with IINEt when setting up the USG, we deduced that 1440 was the best settings with the ping.
That still doesn't explain why it won't connect though.

biggsy

@gerryatric

In your earlier logs, just after the ntp lines @Gertjan referenced, there is this sequence:

192.168.200.3	Sep 14 12:01:18		daemon	info	ppp[52996]	[wan]   118.208.207.22 -> 10.20.26.62
192.168.200.3	Sep 14 12:01:18		daemon	info	ppp[52996]	[wan]   118.208.207.22 -> 10.20.26.62
192.168.200.3	Sep 14 12:01:19		user	notice	check_reload_status[374]	rc.newwanip starting pppoe0
192.168.200.3	Sep 14 12:01:19		daemon	info	ppp[52996]	[wan] IFACE: Up event
192.168.200.3	Sep 14 12:01:19		daemon	info	ppp[52996]	[wan] IFACE: Up event
192.168.200.3	Sep 14 12:01:19		daemon	info	ppp[52996]	[wan] IFACE: Rename interface ng0 to pppoe0
192.168.200.3	Sep 14 12:01:19		daemon	info	ppp[52996]	[wan] IFACE: Rename interface ng0 to pppoe0
192.168.200.3	Sep 14 12:01:20		ntp	info	ntpd[99177]	Listen normally on 36 pppoe0 118.208.207.22:123
192.168.200.3	Sep 14 12:01:20		ntp	info	ntpd[99177]	Listen normally on 37 pppoe0 [fe80::215:17ff:febf:f4cc%8]:123
192.168.200.3	Sep 14 12:01:20		daemon	err	php-fpm[24661]	/rc.newwanip: rc.newwanip: Info: starting on pppoe0.
192.168.200.3	Sep 14 12:01:20		daemon	err	php-fpm[24661]	/rc.newwanip: rc.newwanip: on (IP address: 118.208.207.22) (interface: WAN[wan]) (real interface: pppoe0).
192.168.200.3	Sep 14 12:01:20		user	warning	dpinger[93646]	send_interval 500ms  loss_interval 2000ms  time_period 60000ms  report_interval 0ms  data_len 1  alert_interval 1000ms  latency_alarm 500ms  loss_alarm 20%  dest_addr 10.20.26.62  bind_addr 118.208.207.22  identifier "WAN_PPPOE "
192.168.200.3	Sep 14 12:01:22		user	warning	dpinger[93646]	WAN_PPPOE 10.20.26.62: Alarm latency 0us stddev 0us loss 100%
192.168.200.3	Sep 14 12:01:22		daemon	info	rc.gateway_alarm[95871]	>>> Gateway alarm: WAN_PPPOE (Addr:10.20.26.62 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%)
192.168.200.3	Sep 14 12:01:22		user	notice	check_reload_status[374]	updating dyndns WAN_PPPOE

I'm just wondering where that 10.20.26.62 might have come from. Not something I'd expect iiNet to set.

Could that be one of your home subnets?

Edit: Or are you perhaps running a PPPoE server on your USG or ER?

gerryatric

@biggsy Hi Phil
I have no idea where that is coming from. It isn't there immediately.
I have no gear on the local lan producing a 10.20.26.0 range at all
I am running ZeroTier SD Wan software on some of my nodes but that is machine dependent. must have a client installed. and it is not in that range anyway.
I do not know where that is coming from

biggsy

@gerryatric

I think we need to find what's handing out that RFC1918 address. That looks like it's totally confusing PPPoE on your WAN.

Maybe a port mirror on the SR2024 and packet capture would tell us. I can't help with the Cisco stuff, unfortunately.

Maybe not. Seems the SR2024 is unmanaged.

gerryatric

@biggsy yes it is just an unmanaged switch used to split the nbn signal is all. has the usg and the edgerouter connected to it

stephenw10

Having a private IP as the gateway for PPPoE is not that unusual and works fine. Both of mine are like that. Is that public IP in a range you expect?

I still find it odd that you are able to connect more that one client at a time though. Especially in a setup where it appears the password is not checked.

Steve

Patch

@stephenw10 said in PPPOE wan will not connect -:

I still find it odd that you are able to connect more that one client at a time

Agree
Would suggest connecting just one pfsense client as a test.

gerryatric

@patch Ho
have done that many times. directly to the wan port from the fibre box. no luck

Patch

@gerryatric
Why is it that you are using a vlan again?
You do have to connect to the correct physical lan port on the NBN fibre to the home modem/router
https://help.iinet.net.au/set-ftth

but vlan is not a prominent requirement on my reading of it.

Also when changing your router, how long did you wait for NBN to accept your new router. Aussie Broadband enables the user to kick the connection to accelerate this process, not sure how to do this with iiNet.

gerryatric

@gerryatric No as per the many above messages. IINET NBN fibre require their connections to use a vlan id.
so we have to use it. it is working on the USG and the edgerouter. just not Pfsense.
I don't need to kick any connection or wait for it to timeout as I can run multiple wan connections at same time.

Patch

@gerryatric I'm aware you believe that is the case however it is not working as you believe it should, so perhaps that is not how it works.

The NBN fibre to the home NTD has several "LAN" ports. NBN only activate the ports you pay for. Those ports are your WAN ports despite the label written on them.

You connect your router to the NBN "Wan" port (their box with the port labeled "LAN"). From YOUR routers Lan ports you can connect as many devices as you like. eg
NBN NTD lan1 -> wan port, Edge router, Lan ports -> USG, Wifi A, wired computer etc

or
NBN NTD lan1 -> wan port, pfsense router, Lan ports -> USG, Wifi A, wired computer etc

Possibly Ubiquiti has been doing this transparently for you

Personally I would configure it as per https://help.iinet.net.au/set-ftth including leaving it for over the 15min specified after changing routers.

gerryatric

@patch What I Believe?
seriously. I have been on this forum subject for over a week.
What I actually have running on this system is actually a USG pro 4 router running from the same switch as the PFSENSE box. an Edgerouter X SFP running on the same switch as the PFSEnse box.
So the 2 ubiquiti devices work fine together. that is a fact.
so yes I have disconnected both of those and setup the Pfsense by itself. and yes it has been connected for more than 15 mins. that also is a fact.
Sorry, but this is not my first rodeo. I am well versed in IT stuff, 35 years worth. This is however my first PFSense box and yes I understand that it should just work. but after reading through hundreds of posts over the last week or so and I am not the only person having issues with PPPOE ok.
So please be a little more helpful to a newbie to the forum and PFSENSE than starting a conversation with " I am aware you believe that this is the case. however """"" so perhaps that is not how it works."
I have tried every suggestion so far, some made sense and some were ridiculous.
I am grateful for every bit of advice so far from the many positive contributors.
It pains me to let this beat me.

stephenw10

Were you able to get a connection log from either UBNT device?

That might well have the clue that we need. Some different default setting.

Other than that I would be pcap'ing the connection from a working device to see exactly what it is sending at this point.

Steve

Patch

@gerryatric a diagram showing all physical connections, switches, routers and RFC1918 IP address would help. Both for the configuration that works and doesn’t work.

I wonder if ubiquiti links their component (via their configuration ap) hiding some details which have to be done manually in a mixed environment.

Edit
The easiest way exclude ubiquiti automatic configuration preventing another router (pfsense) maintaining a wan connection would be to temporary power off the ubiquiti routers.

CajunSands

Read thru most however I have a protectli PFSENSE ( 2.5..2 ) box behind my ISP fiber modem.

In the setup i just put in my PPPOE username and password and it set it up and just works.

My ISP here in Dubai requires my wan to be connected on a certain port on the modem ( ONT4)

Otherr than that it just works and I am not a real technical guy.