SG2100 - Unable to get DHCP WAN IP on GPON interface
- 
 @stealthmode said in SG2100 - Unable to get DHCP WAN IP on GPON interface: I wanted to confirm another thing - that since I see status 5 on ONU, that means that there are no settings which need to be modified on the ONU? is that right? Basically, the ISP recognises the ONU. As far as I know and understand how the GPON ONU/ONT topology works yes - The ONU is connected and logged into the GPON tree, so traffic should be able to flow. The trouble is that when the ISP is using IPoE authentication (The DHCP exchange is the authentication), no traffic will flow your way before you have authenticated. So you are likely unable to verify if traffic is flowing by doing a promiscious packet capture on your OPT1 (mvneta0) interface. But try and do it anyways - it will show any frames your pfsense sends, and if you were authenticated it would show any frames (including vlan 12 tagged ones - your WAN) inbound to your pfsense - normally broadcasts/Arp and such. Perhaps you could be lucky that they allow certain frames to pass even in unauthenticated state - thus verifying that traffic is actually flowing. The only thing i’m a little unsure of is MAC addressing. On my ISP (Orange) it is necessecary to clone the ISPs router box MAC address to the GPON ONU - otherwise it won’t log into the GPON tree. After that connection is established (state 5) and the ONU enters bridgemode, Orange doesn’t really care about the router (pfSense) MAC address on the WAN interface. I decided to clone the router MAC address to pfSense as well. But your ISP may or may not care about the MAC address - both on the ONU side and the Router/pfSense side. 
- 
 Do you not even see a response to DHCP requests without the correct incantation? 
- 
 @stephenw10 Nope, if your DHCP frame is not formattted correctly with the required DHCP options to authenticate, then there will be no DHCP reply/offer. So you are unable to verify if traffic actually works or your VLAN tagging is correct. On top of that my ISP - Orange - requires all DHCP frames to be priority 6 tagged as well. If they are not, no replies are made. 
- 
 Urgh, well that's not easy then!  
 #funtimes
- 
 @stephenw10 Indeed - if the ISP is strict like Orange, it will be impossible to to make it work unless you have one of two options: - Someone inside info from the ISP to be able configure all the right settings.
- Be able to do a packet capture of your original ISP routers DHCP exchange and mimic all settings in pfSense
 In Orange’s case there is a large internet forum in france where thousands of people share their findings + a representative (unofficial I presume) from Orange shares the strict requirements their end verifies before passing authentication. 
- 
 @keyser said in SG2100 - Unable to get DHCP WAN IP on GPON interface: Be able to do a packet capture of your original ISP routers DHCP exchange and mimic all settings in pfSense How should I be able to do this? any ideas? 
- 
 @stealthmode not really No since your ISP is using GPON. It would require special hardware that can bridge the GPON fiber and give you a capture sitting in the middle. If your ISP router has another WAN port (RJ45), it might work by linking that to your pfsense while doing a packet capture on the pfsense port. The ISP router might send the same crafted DHCP request on the RJ45 WAN port as it does on the GPON fiber port when linking up/booting. Alternatively you would need an ISP router that is hacked to mirror packets to a secondary port (if possible at all on that HW). All you need is a copy of that first DHCP request frame as that shows all options and if needed prioriry settings. 
- 
 Mmm, but finding someone else who has already done it for your ISP would be easiest. Perhaps there is some local forum for users? 
- 
 @stealthmode I’m from Denmark, but my french “connection” required me to find all the info I needed on this french site: https://lafibre.info/index.php There is a LOT of info sharing on various ISPs on that site. Perhaps someone there have also been working with MEO if they are present in France, or if that someone has remote sites in Portugal. 
- 
 @stealthmode I can see there is some discussions about ISP’s in portugal. Perhaps you can find something here: 
 https://lafibre.info/europe-sud/
- 
 @keyser said in SG2100 - Unable to get DHCP WAN IP on GPON interface: https://lafibre.info/europe-sud/ Thank you very much! I'm enquiring on this forum as well as other forums for this ISP 
- 
 Great news! I logged into the CLI of the router and was able to capture some additional details on the WAN interface. Interface: erouter0 MAC Address : <removed> Description: Interface_erouter0 Type: IPoE Vlan 802.1p: 0 Vlan Mux ID: 12 Vlan TPID: 0x8100 IPv6: Enabled IGMP Proxy: Enabled IGMP Source: Enabled MLD Proxy: Disabled MLD Source: Disabled NAT: Enabled NAT Type: Masquerade Firewall IPv4: Enabled Firewall IPv6: Enabled Force Disable Firewall IPv4: Disabled Force Disable Firewall IPv6: Disabled ARPPing: Enabled ARPPing timeout(secs): 900 ARPPing number of repetitions: 3 Status: Connected IPv4 address: <removed> IPv6 address: <removed> Enable/Disable: Enabled Addressing Type IPv4: DHCP ------DHCPv4------ Option 60 Vendor ID: meods00 Option 61 IAID: Option 61 DUID: Subnet Mask: <removed> Default Gateway: <removed> Option 125: DNS Servers: <removed> Remaining Lease Time(secs): <removed> ------DHCPv6------ Type: PrefixDelegation Prefix: <removed>/56 Preferred lifetime: 90000 Valid lifetime: 90000 Default gateway: <removed> DNS Servers: <removed> ----------------------------------------------Considering the above, I need to set Option 60, and also set the DHCPv6 options. Do you think that there are any other settings I should configure on the WAN interface? thank you 
- 
 @stealthmode VendorID might be the only setting needed - it might not. Sometimes not everything is outputted in Shell command like that. But try 
- 
 Mmm, what did you run to get that? I can't decide if that's what the server sent rather than the client. 
- 
 @stephenw10 The router has a banner "RDK (A Yocto Project based Distro) 2.0 GEN8" I ran cd wanand thenshowI've configured the PFSense wan interface in this way - On mvneta0.12 WAN interface, enabled Advanced ConfigurationandConfiguration Override
- Set the file as "/root/dhcp-config/dhcp.conf"
- The file contents are the following:
 interface "mvneta0.12" { timeout 60; retry 15; select-timeout 0; send dhcp-class-identifier "meods00"; }- Restarted PFsense
- still don't appear to be getting the WAN IP
 Do you think my configuration is correct here? 
- On mvneta0.12 WAN interface, enabled 
- 
 @stealthmode Probably, but it’s hard to tell if your setup works as intended unless you do a packet capture. I would instead not enable configuration override, and just insert: Dhcp-class-identifier “meods00” In the send options dialog. Then we know it will be included in the standard DHCP process from pfSense (it will also be fully restorable from a config file if you ever reinstall or move to a different device) 
- 
 @keyser Thank you! I followed what you said, and the DHCP options are being sent in the request but I still don't get a WAN IP. So it's back to the drawing board for me :|  
- 
 The ISP may require the MAC address of the ISP provided router. This would require you to spoof the MAC address into the WAN interface. Do you know if it is locked down to the original router MAC address? 
- 
 @JonathanLee Thank you for your reply. I tried that now, and that didn't help either :( The packet capture shows that I've spoofed the MAC address to that of the ISP router WAN interface 
- 
 I took the static IP which was assigned to the ISP router and manually assigned it to the pfsense WAN interface. By changing the DHCP to Static. After that, in "Status > Interface", I couldn't see any increments on the "In" packets counter. The out packets counter was increasing. Basically, I still didn't have internet access via PFsense. This makes me think that the GPON ONU stick might still not be "fully" authenticated... 


