How to 4rd with pfsense ?
-
This post is deleted! -
@Dobby_ and, i am also from France with Free as ISP.
as @p-bear said, Free ipip6 tunnel has already been deployed on other firewall such as openwrt , vyos, ubiquiti, etc... But until now, i have not found a single testimony of a user of pfsense/opnsense.
https://lafibre.info/remplacer-freebox/tutorial-remplacer-la-freebox-par-une-box-gnulinux/
https://lafibre.info/remplacer-freebox/tuto-free-zmd-ipv4-fullstack-14-ipv4-plage-60-ipv6/ -
@p_bear said in How to 4rd with pfsense ?:
I live in France for now. My ISP is Free.
The box from Free is serving you also TV,
telephone and WiFi? Then I would let it run
in front of the pfSense and the pfSense
behind it.Here there is a guy could configure an Ubiquiti edge router : https://lafibre.info/remplacer-freebox/tuto-remplacer-sa-freebox-par-un-routeur-ubuiquity-en-zmd-10g-epon/
But others were reporting that the OPNVPN
and/or other VPN only will work with there
own box, I can´t tell you anything about, but
my personal choice will be the FreeBox first
and behind the pfSense to secure the entire
LAN and/or your devices. -
@Dobby_
I don't mind about the home phone, it is not even plugged. In France, the mobile (and internet) subscriptions are very cheap so everybody uses their mobiles.
I never had any TV subscription (again, here almost only the old generation still watches the tv channels, nowadays).But that being said, we know that you'd keep the ISP box upfront, but we come here to find a solution to get rid of it. Therefore, to return to the initial subject, do you know how to configure 4rd with pfSense ?
-
Yes , the ISP router (named freebox) provide both Phone and TV Service.
I currently run my firewall behind the freebox (running in bridge mode, meaning, it does not route at all, it just forward the public ip adress to the Lan port).
This solution is far from perfect:- the freebox draw more amps than necessary if it not used for its additional services.
- For some reason, the freebox in bridge mode limit the available bandwith.
- The freebox is quite large. It is composed of two seperates box: the router itself and the ONT dealing with the fiber connection + a large power brick. It is a mess in my cabinet.
The goal would be to remove the freebox, keeping the ONT only, and connecting it to the pfsense firewall.
Most users can live without the freebox additional services as the phone is not really necessary in a world where we all have a cellphone in our pocket , and we have good solution for TV too as Free is also providing IPTV without passing through their router with a simple app running on android TV, Tizen, etc... .
For the time being, i have been able to connect my firewall to the ONT and to get ipv6 connectivity.
In order to get ipv4 connectivity, i need to connect a tunnel over ipv6 according to linux ipip6 protocol.
As far as i understand this has not been available in freebsd for quite a long time. I wonder if the situation has changed. -
Alors le deux, on y va, peut-être ce quelque
chose pur vous!?Avoir Internet en fibre sans utiliser la Freebox? Possible!
Ce n'est plus à jour, mais peut-être
cette veux marche encore.I was only finding that article here about someone who get rid of the "Free" equipment and get it running, but it is from 2013 and
not really actual anymore but you can try it out. -
@Dobby_ unfortunately this guide is based on a legacy protocol formerly used by Free.
This principle of connection is not used by Free qnymore. -
@sorg said in How to 4rd with pfsense ?:
@Dobby_ unfortunately this guide is based on a legacy protocol formerly used by Free.
This principle of connection is not used by Free anymore.HowTo
En clair, si le DSLAM ne détecte pas la bonne adresse MAC, il n'établit pas la connexion.Internet > Free > DSLAM > modem > pfSense
Free gives you access to the internet on the street
the DSLAM from them ist placed and on your site
you will need a modem VDSL(2) where you must
clone the MAC address from your Freebox as I
see it right.Or you could try out to install a MikroTik in
front of the pfSense to get out the informations you will need to set up then (later) the pfSense
with that numbers. May be another option.Router
[Tuto][VDSL][6rd] Remplacer sa Freebox par un routeur Mikrotik, tout-en-unI am pretty sure you would be able to insert such a modem also inside of your pfSense and set
it up!Modem
ALLNET ALL4781V Mini GBIC, VDSL2
VDSL2 SFP Modem 180-T
GPON UNO -
@Dobby_ said in How to 4rd with pfsense ?:
En clair, si le DSLAM ne détecte pas la bonne adresse MAC, il n'établit pas la connexion.
Internet > Free > DSLAM > modem > pfSense
Free gives you access to the internet on the street
the DSLAM from them ist placed and on your site
you will need a modem VDSL(2) where you must
clone the MAC address from your Freebox as I
see it right.
Or you could try out to install a MikroTik in
front of the pfSense to get out the informations you will need to set up then (later) the pfSense
with that numbers. May be another option.This guide is not relevant for our situation.
We are not connected through VDSL, but with Fiber (FTTH using 10G-EPON.)We already have the necessary hardware (the ONT) to connect the incoming fiber to a modem and we know the steps to achieve the results.
- We need to spoof the MAC address of the Freebox on the ethernet interface that will be connected to the ONT: It's ok and working.
- We need access to VLAN 836 on this interface and get an ipv6 link with dhcpv6 provisionning: It's ok and working.
- We need to open a tunnel of type ipip6 over this link in order to get the ipv4 Wan connection.
Ideally this tunnel is negotiated with 4rd or map-e protocol, however, we can also force the settings manually.
I have not been available to achieve this last step on pfsense/opnsense, while i have all this set up an working in vyos or openwrt.
-
@sorg said in How to 4rd with pfsense ?:
This guide is not relevant for our situation.
We are not connected through VDSL, but with Fiber (FTTH using 10G-EPON.)Ok now I now it a bit better.
We already have the necessary hardware (the ONT) to connect the incoming fiber to a modem and we know the steps to achieve the results.
This was not clear to me from the opening post.
We need to spoof the MAC address of the Freebox on the ethernet interface that will be connected to the ONT: It's ok and working.
We need access to VLAN 836 on this interface and get an ipv6 link with dhcpv6 provisionning: It's ok and working.Ok.
We need to open a tunnel of type ipip6 over this link in order to get the ipv4 Wan connection.
Ideally this tunnel is negotiated with 4rd or map-e protocol, however, we can also force the settings manually.Oh ok I see it is in real another problem, so
I was not really able to get it right.I have not been available to achieve this last step on pfsense/opnsense, while i have all this set up an working in vyos or openwrt.
Oh ok if you got it working in VyOS and OpenWRT it should be a way to find out
how it should work using pfSense.
