Fiber optic to pfSense Box
-
@keyser Hmm, and I suppose not all modules allow changing MAC and/or serial number? So best bet might be to buy one that does...
-
@Gblenn Yes - exactly. That is one thing you need to consider. The FS module I suggested allows you to change the MAC address.
-
But that still may not help if the ISP doesn't allow unregistered GPON devices to connect. It's possible (but shouldn't be!) to get gpon modules you can reprogram to match your existing device. But that's a deep rabbit hole!
-
@stephenw10 True - The FS module I linked to allows vendor and regID customisation as well.
So if you can get all the needed details, you can have that GPON SFP look exactly like your ISP provided GPON device (typically the router with integrated GPON).
The problem is getting the needed info as you might not have a login to the ISP box that can reveal all this info.Like I said in my first comment: If the ISP box does Bridgemode, then use that. Doing GPON directly in a GPON SFP is a rabbithole and could require you to configure settings/info that you cannot get unless the ISP is ready to assist you.
-
I understand that I am looking for a SFP module that is optic to digital and not digital to optic. Like this one, as you suggested.
https://www.fs.com/de-en/products/133619.html
Is this my only choice ?
I would have to connect to the module through my Netgate via LAN and configure it . I saw there is a bit of information written down under the ISP modem/router like MAC, GPON SN and so on.
What kind of information are we talking about ?
-
Mmm, interesting. I didn't realise the FS module was that 'open'. If it was me I would try it because that sort of fun is what I'm here for.
But, yes, just using bridge mode is likely to be far easier. -
@demonaii MAC and Serial number is exactly the information you may need (and possibly one other item . But it could also be that you don't need to do anything, and it simply works. That is, if your ISP has not made any efforts at limiting what endpoint equipment is being used.
You would not configure that part from pfsense UI however...
I guess @keyser knows the details of that specific module, but I suppose there will be a manual with all the info you need. Any changes will be done by logging into the device via Telnet or SSH.So you will need to plug it into something that allows you to access it from your LAN side. So any cheap switch with SFP ports will do. I'm guessing it may default to an IP that conflicts with e.g. pfsense (192.168.1.1) but setting your PC to a static IP within the right subnet and disconnecting the switch from LAN will get you there.
-
You can access a modem/module UI through pfSense as long as it's IP address doesn't conflict with some subnet already defined there.
You may need to configure pfSense to NAT to it's subnet.
-
@stephenw10 said in Fiber optic to pfSense Box:
You can access a modem/module UI through pfSense as long as it's IP address doesn't conflict with some subnet already defined there.
You may need to configure pfSense to NAT to it's subnet.
Seems like it will use 192.168.1.10, and it's SSH only according to the manual
https://resource.fs.com/mall/doc/20230831180515egrzs6.pdf -
@demonaii This particular SFP comes preconfigured with the IP address 192.168.1.10.
There are multiple ways to access it, but if you have LAN running on your pfSense and it is using the 192.168.1.0/24 network, then you need to resolve the conflict first. If you have any other subnet as LAN, you can simply create a your WAN interface in pfsense using your SPF NIC port. You can then create a VIP address on WAN and give that IP 192.168.1.1/24. You need to create a VIP because the actual WAN IP address will be the one learned using DHCP from your ISP (Unless of course your ISP uses a VLAN which mine does)To be able to connect to SSH on 192.168.1.10 from LAN will require a firewall rule that allows this on LAN, and you need to create a NAT rule that NAT's outbound traffic on your WAN interface with a destination of 192.168.1.10. This needs to be NAT'ed and originate from the VIP address. This is needed because the SFP module does not have a default Gateway address, so it can only talk to clients in the same 192.168.1.0/24 network.
-
@keyser said in Fiber optic to pfSense Box:
@demonaii This particular SFP comes preconfigured with the IP address 192.168.1.10.
There are multiple ways to access it, but if you have LAN running on your pfSense and it is using the 192.168.1.0/24 network, then you need to resolve the conflict first. If you have any other subnet as LAN, you can simply create a your WAN interface in pfsense using your SPF NIC port. You can then create a VIP address on WAN and give that IP 192.168.1.1/24. You need to create a VIP because the actual WAN IP address will be the one learned using DHCP from your ISP (Unless of course your ISP uses a VLAN which mine does)I suppose since this will be done without a connection to the ISP, one could instead simply set WAN to static 192.168.1.1/24, right?
And of course any IP conflict still needs to be resolved but when that is done, you don't need anything further, or? You would be able to connect to 192.168.1.10 from LAN without any special rules or NAT...
-
@Gblenn said in Fiber optic to pfSense Box:
I suppose since this will be done without a connection to the ISP, one could instead simply set WAN to static 192.168.1.1/24, right?
Yes, that would work to.
And of course any IP conflict still needs to be resolved but when that is done, you don't need anything further, or? You would be able to connect to 192.168.1.10 from LAN without any special rules or NAT...
You cannot connect from LAN without a NAT rule as the GPON module does not have a default gateway. So i can only respond to IPs in the same 192.168.1.0/24 subnet. Hence the need to have pfSense NAT and source packets from the VIP address (or WAN IP if you configure it directly there).
-
I would have to report when I receive my Netgate 2100, and it's already three months late from delivery, and purchase the SFP module that @keyser recommends.
-
@demonaii said in Fiber optic to pfSense Box:
I would have to report when I receive my Netgate 2100, and it's already three months late from delivery, and purchase the SFP module that @keyser recommends.
Just to clarify: I'm not recommending going down this rabbithole. Use your ISP box in bridgemode - it's much better and will require no additional support.
I have not checked if my suggested SFP fullfills all the requirements/wavelengths and so on you might need, so that's up to you to do that. I just suggested it because it works for me, and it seems our situation is somewhat similar.
Be advised I cannot do support on configuration of the SFP - you will need to search the internet for that. There is no real deep usable manual on the product from FS.
-
@keyser Well, it's not my first or last rabbithole that I've entered.
When it comes to the SFP requirements, with the known parameters/requirements that I found, I land on these to options on fs.com
https://www.fs.com/de-en/products/133619.html
https://www.fs.com/de-en/products/192476.htmlThe worst thing that can happen is that I would have to return the item.
I contacted Support, and they told me that the cable is configured to the ISP modem/router, and they told it is" impossible" . I asked them why is it impossible, but I remain unconvinced. Either they don't know or don't want to tell me.
-
It's not impossible, nothing is.
However it may be very difficult!
The ISP support probably has no idea though. Either they can't support it so.....
-
@demonaii If they are like most ISPs (read: all), they just will not help you, and they prefer not to have any other equipment than their own on the infrastructure - which is very understandable.
About the GPON SFP - I think you need to use the first option (the one I linked to), because the generic ones are not customizable. I'm not saying they won't work, but they will only work if your ISP has no GPON device filtering measures in place (such as MAC address, Device Vendor and such).
-
K keyser referenced this topic on
-
@Gertjan I have been using a Media converter box in which my gpon is placed in the SFP port and then the RJ45 into the 6100. Works fine, I was just wondering how to cut out the "middleman" so to speak. i.e.: replace. the media conversion box with a SFP GPON OTN that does what the media conversion box does. It can't be that outlandish to think this can be don no ?
-
@claferriere If you are using a ethernet media converter now that has a GPON Bridge SFP module from your ISP in the SFP port, there should be no issues in just plugging that GPON SFP into the SG-6100.
If it’s not a Ethernet media converter but a GPON to Ethernet media converter (no Ethernet SFP port) then you would need to to embark on the adventure this thread is all about. -
Hello again !
I received my Netgate device and SFP module as you recommended.
However, when I try to connect to the SFP module I receive the message " connection timed out " . I tried fixing it by changing the IP of the router and PC, but then I get the message " destination unreachable".What am I doing wrong?
