Problems setting up WAN connection with KCOM
-
I have a KCOM Lightstream fibre account for Home Users.
This comes with a single public static IP and works fine with the supplied Zyxel router as well as my TP-Link VR900 router. Either one is plugged into the fibre ONT and given me my correct public single IP 77.x.x.xI have now built a PC with a quad port NIC, to replace the router. However, when I try to setup pfSense using the supplied PPPoe login details, it manages to login but only gives me a 10.125.x.x IP address.
This address is non-routable and appears to be some kind of device profile management system, tr-069 CWMP or other.
I've tried adding static route and manually assigning the WAN IP all to no avail.
KCOM do not want to know and only support their supplied and managed Zyxel router.
I tried searching these forums for mention of tr-069 only to find old posts saying it was not a feature.
Does anyone have any idea how to get this working ?
The final option is to use the ISP router and setup pfSense as another LAN connected to it, double NAT'ing, which I'd rather avoid if at all possible.
TIA
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
I doubt it's tr-069 unless you have specific evidence of that. It's probably just the modem management subnet. That usually indicates it cannot pass the public IP for some reason. The most common cause of that is that it's locked to the MAC of the old router and needs to be reset/released.
Do you actually see it pulling that address in the PPP logs? It's not still using DHCP for some reason?
Steve
-
@stephenw10
Yes it's using DHCP to get an IP address as there is no where to configure it manually in the PPPoe setup.My TP-Link router also behaves correctly and gets the 77.x.x.x address.
I'm assuming it is something to do with their modem management system, which pfSense may not be happy with.
Is it worth spoofing the MAC address to try and fool their PPPoe modem management logon to think I am using their router ?
-
Ah, so the upstream 'modem' is running the PPPoE client and passing that to the downstream router via DHCP?
Then I would definitely try spoofing the MAC address if that's the case.
Steve
-
@stephenw10
Apologies, just to clear up what I have setup:
Fibre ONT box---pfSense---LANI am trying to configure the pfSense firewall WAN to connect to my ISP, using PPPoe. I have filled in the PPPoe user and password which brings up the internet link on the ONT however pfSense shows the WAN IP as 10.125.x.x etc. It does bring back my ISP DNS servers though.
If I only use the ISP router, no pfSense, the router correctly gets assigned my 77.x.x.x static public IP.
As in this setup:
Fibre ONT---ISP Router---LANI only have 1 static public IP address for my home user internet connection.
At work, using the same ISP and router, we have 6 public IPs and we allocate 1 to the router and the others can be assigned to various ports on our firewall appliance. We HAVE to use the ISP router as they will not support our firewall handling the PPPoe connection. But this works as we have multiple public IPs and their router is set to no NAT (non bridge) so we plug our firewall into any of the network ports on the router.
I'd like to just use my pfSense firewall plugged directly into the fibre ONT but the ISP will not talk to me about it, saying 'we only support our router, nothing else'.
Do other home users with single static IPs have this carry on ?
At our work
-
Ok, so no DHCP in pfSense, it's running the PPPoE client directly?
You can see the remote server passing you the private IP in the PPP logs?
I would try assigning the parent NIC and spoofing the MAC to match the ISP router.
Otherwise there is probably some additional requirement the ISP has for the connection. Service name, VLAN etc.
The only surprising thing there is that your TP-Link router was able to connect and pull a public IP. And I assume you did not have to add any special config there?Steve
-
@stephenw10 said in Problems setting up WAN connection with KCOM:
Ok, so no DHCP in pfSense, it's running the PPPoE client directly? Correct
You can see the remote server passing you the private IP in the PPP logs? Yes, [wan] IPADDR 10.125.x.x
I would try assigning the parent NIC and spoofing the MAC to match the ISP router. I tried last night, unfortunately made no difference.
Otherwise there is probably some additional requirement the ISP has for the connection. Service name, VLAN etc. If so, my TP-Link did not ask for one, just user/pwd
The only surprising thing there is that your TP-Link router was able to connect and pull a public IP. And I assume you did not have to add any special config there? No. I originally was with Sky FTTC and used the TP-Link with them then when I moved to KCOM FTTP I tried my old TP-Link VR900 and it worked straight away.Steve
At one point I needed to be back online quickly so I plugged the Zyxel back in and it too got the 10.125.x.x IP address. One hour later with KCOM tech support and they had me factory reset the modem, no change, then they reset my profile (took 20 minutes) then factory the Zyxel again and this time it came up with my 77.x.x.x address.
They said that if I want to run my own firewall I needed a business account - nearly twice the price ~ £90/month !!
-
@goobs said in Problems setting up WAN connection with KCOM:
then they reset my profile (took 20 minutes) then factory the Zyxel again and this time it came up with my 77.x.x.x address.
That sounds like it was locked to the MAC of something else. So the first thing I would try is to spoof the MAC of the Zyxcel router in pfSense.
-
@stephenw10 Sorry, I thought that's what you meant about spoofing before.
I used the MAC from the Zyxel and tried to spoof the WAN PPPoe connection - made no difference and still got the 10.125.x.x
-
Did you see the MAC change?
To spoof the MAC on a PPPoE connection you need to assign and enable the parent interface and set the MAC there. You can leave the connection types set as 'None'. Is that how you did it?
-
@stephenw10
Finally got it working!
On the fifth support call to KC I asked them to double check the login details with me, the password was one character wrong!
I had manually typed this in to my router a year ago yet somehow the connection worked. I can only assume their modem management filled in the correct details.Thank you for your help Stephen. I'm mad it took me 5 days to get this sorted but relieved I don't have to change ISP to get it working.
