Configure an PPPoE on an CARP IF

netblues

Outbound nat is set manually to the ppp interface assigned (since this is the one that gets the public ip.)
This works and is quite stable for a long time now. I doubt its nat.
Go to status monitoring and see if you have issues with your isp.

A Former User

That's how I setup outbound NAT thank you for confirming it's the correct way.

@netblues said in Configure an PPPoE on an CARP IF:

Go to status monitoring and see if you have issues with your isp.

Yes, that's what I checked and nothing. Everything started the day I enabled ha/carp so it's quite a coincidence if it's something else.

JeGr

@icesense1701 said in Configure an PPPoE on an CARP IF:

Yes, that's what I checked and nothing. Everything started the day I enabled ha/carp so it's quite a coincidence if it's something else.

Also check for anything other gateway related or if you are using DNS resolver or forwarder, perhaps check the DNS logs, if it isn't the connection you are loosing but DNS being restarted/hanging up.

netblues

Also check in system/advanced/networking, uncheck reset all states, just in case.

A Former User

Just to follow up I seem to have fixed it with brute force. I rebooted the pfsense vms once more and all the switches. Also some vlan's didn't have the proper dhcp settings (failover ip) - shouldn't matter because the timeouts were on properly setup vlans but I fixed those too. I didn't experience any more issues for the past two days. Thanks all !

crl

It works for me but breaks openVPN, see Link.

deb8

Hi all,
I followed the guide provided by @TugBoat and this is how my configuration looks like.

i. Interface in "Interfaces / Interface Assignments", named it LAN, set it with static IPv4 IP (192.168.1.4) and assigned it to Network port "em0". IPv4 Upstream gateway is set to none.

ii. Virtual IP in "Firewall / Virtual IPs" of type CARP, with interface LAN and single address 192.168.1.1.

iii. VLAN interface in "Interfaces / VLANs" with tag 10 on the physical interface em0. "VLAN 10 on em0", used for communication with the VDSL Modem.

iv. Interface in "Interfaces / Interface Assignments", named it WAN, set it with static IPv4 IP (192.168.0.4) and assigned it to Network port "VLAN 10 on em0". IPv4 Upstream gateway is set to none.

v. Virtual IP in "Firewall / Virtual IPs" of type CARP, with interface WAN and single address 192.168.0.2.

vi. PPPoE Interface in "Interfaces / PPPs" with link interface "192.168.0.2 (vhid 2) - WAN CARP VIP" with username and password.

vii. Interface in "Interfaces / Interface Assignments", named it WANPPPoE and assigned it to Network port "PPPOE(_vip610...)".

viii. Gateway in "System / Routing / Gateways" with interface "PPPoE", Address family "IPv4", Gateway "dynamic", checked "Use non-local gateway" (public IP assigned is in different subnet from the providers Gateway) and set as "Default gateway IPv4".

ix. Outbound NAT in "Firewall / NAT / Outbound", with interface "PPPoE", Address family "IPv4", Source Type "Network", Source Address Range "192.168.1.0/24" (LAN), Destination "Any", Translation Address "192.168.0.2 (WAN CARP VIP)".

x. DNS Resolver Network Interfaces set to "192.168.1.1 (LAN CARP VIP)", Outgoing Network Interfaces set to "192.168.0.2 (WAN CARP VIP)"

PPPoE is successfully established and public IP is assigned. However, the LAN portion of the configuration is unable to access the public internet.
Any hint on what I am doing wrong?
Thanks in advance.

wifi75

@Gabri-91 I have a dynamic connection in pppoe on vlan 835, I have performed all the steps but it doesn't connect using the carp interface.
I double checked all the steps and it seems to be ok, but it doesn't want to connect to the wan...

netblues

@wifi75

This never really worked. pppoe running on a carp interface isn't an option.
And as far as natting is concerned, appart from the ppp interface everything else is irrelevant.
pppoe is a layer 2 thing.
Natting works on layer 3.

JeGr

@netblues said in Configure an PPPoE on an CARP IF:

This never really worked. pppoe running on a carp interface isn't an option.

It sure is. We have a few customers set up that way and working well - within boundaries. Of course in such a setup the secondary node of a CARP setup won't easily have internet which is/can be a problem and as such the setup isn't really recommended. But it IS working though. It's important to check though that both nodes on it's WAN "carrier" interface are connected to each other and the DSL modem correctly so both have access to dial-in if needed. If that's set up correctly it's a relatively simple setup:

• either node gets the physical interface for the PPPoE connection assigned with its own IP, say 10.12.34.251 and .252
• check pinging from one to the other and back (allow ICMP on that interface first)
• then add a CARP VIP to it, e.g. .254 - that one should now be active on the primary node anad backup on the secondary node. If that is not the case you don't need to proceed with PPPoE stuff. That's basic CARP that should be working first!
• If that's running you can now add the PPPoE interface but as carrier you don't choose your physical interface BUT the NEW CARP VIP you created (yes, that .254 one from above!) This ensures the PPPoE connection switches from node 1 to 2 and back if needed.
• Then set up PPPoE as usual.
• When finished assign that interface (pppoe0) as your WAN_PPPoE or something else like it. THAT one is your actual WAN, the other physical interface and the VIP on it are only a sort-of transfer/carrier network.

Cheers