Mlppp hack for pfsense 2.0
-
i was all set to try this out tonight but ran into some problems: vmware server no longer gives me console access to any of my VMs (pfsense is running in vmware). i have to carefully fix this first without screwing up anything (otherwise i won't be able to fix it) before the pfsense 2.0 testing.
-
I'm not sure what was happening with respect to the pinging issues.
I think I may have been trying to do setup on the WAN using the standard interfaces.php?if=wan page before creating my multilink pppoe interface on interfaces_ppps.php. I had to play with it a bit and set it up a few times to really grok the new pages. It seems to me the interfaces.php?if=wan page is redundant (except for the RFC1918 and Bogon buttons) and potentially dangerous if settings there could conflict with or overwrite settings made to the ppps page.
I'll try the updated files and report back. Thanks for the quick response.
-
Ok, I used console option 4 (Reset to factory defaults) then uploaded and untarred the new package. All the old problems are gone, but I experienced a couple new problems.
1. After assigning my interfaces, including a couple vlans for LAN and OP1, I chose option 2 (Set interface IP address) and gave an IP address to the LAN and enable dhcp. Then the console reloaded and showed no IP address for the LAN, only "NONE" where it should have showed the IP address. So then I chose option 8 (Shell) and used ifconfig to discover that the vlan did not exist, although I had set it up and it was showing in the main console view. A reboot fixed this. My first thought was that it wasn't getting renamed from pppoe0, but ifconfig didn't show any vlan interface at all, so that wouldn't be it I guess.
2. This is minor, but when connecting to the webUI the first time after getting an IP address on the LAN, I chose pppoe for the WAN. I know this is the wrong choice, as I hadn't been on the ppps page to set up my pppoe bundle yet, but it's what I did the first time trying the new package because I didn't know better, and I wanted to recreate the ignorant user's first attempt. When the wizard finished my dashboard and Status>Interfaces page both showed the WAN was connected, but didn't display any connection information, such as an IP address.
I then proceeded to Interfaces>Assign and created my pppoe bundle. From this point I had no problems. So the fact that the wizard asks you to configure the WAN before a mlppp bundle is created does not really cause any problem, except that it could confuse the first-time user. If your package could be made to exclude that step from the wizard, or redirect the user to the ppps page I think that would be better.
All in all the package is quite good.
I'm using nanoBSD build from May 25.
-
Aw geez. . . . :-)
I didn't even touch the code in the wizard that creates pppoe connections. That's the second problem you mentioned. It's still creating the pppoe config in the usual way instead of being compatible with the new code and data storage scheme. I'll have a look at that.
For your first comment I think that's probably unrelated to the new code since I didn't really touch anything related to vlans or static IP addresses.
I'm not sure what was happening with respect to the pinging issues.
I think I may have been trying to do setup on the WAN using the standard interfaces.php?if=wan page before creating my multilink pppoe interface on interfaces_ppps.php. I had to play with it a bit and set it up a few times to really grok the new pages. It seems to me the interfaces.php?if=wan page is redundant (except for the RFC1918 and Bogon buttons) and potentially dangerous if settings there could conflict with or overwrite settings made to the ppps page.
I'll try the updated files and report back. Thanks for the quick response.
As far as this goes, the interfaces.php page shows a subset of the same fields in the ppps page and doesn't conflict or overwrite anything in the config that can be entered only on the ppps page.
Yes, it's redundant to have the config fields in two places, but the dev team felt it was important to maintain continuity and simplicity for the majority of PPPoE users that just need to enter <username>and <password>for their configuration. So you mlppp guys have to put up with some more complexity for your multi link connectivity. :-)
GB</password></username>
-
Yes, it's redundant to have the config fields in two places, but the dev team felt it was important to maintain continuity and simplicity for the majority of PPPoE users that just need to enter <username>and <password>for their configuration. So you mlppp guys have to put up with some more complexity for your multi link connectivity. :-)</password></username>
If the settings on interfaces.php aren't going to cause actual conflicts with the overlapping settings on interfaces_ppps.php then it's not such a big deal. Maybe the devs would be amenable to a footnote on interfaces.php that would read something like "if you're using the mlppp package you can safely ignore this page and configure your wan using the PPPs subtab of the Interfaces>Assign page instead".
As for the wizard, I realized after my last post that if you're going to distribute the mlppp files as a standard package, the wizard will be over and done with by the time users install the package anyway, so my previous point is probably moot.
-
Actually, the plan is to merge the new code into the normal distribution. I'm waiting for review and approval.
And I'll put that footnote in the interfaces.php page too. Actually, there is already a footnote, with a link that takes you to the correct configuration in the PPPs page, but I'll make it more explicit.
GB
-
Great news. It's pretty dummy-proof at this point, by my experince. I look forward to having it integrated. If you have any more updates I'll be happy to test them and give feedback.
-
Okay, thanks.
-
Couple more things. The first may not surprise you: I updated to the latest snapshot and the PPPs tab disappeared from the webUI and I had no WAN connection, even though it looked right for a single link pppoe. I put the mlppp.tgz file back into / and untarred it and my bundle was still in the ppps tab when it reappeared. I only had to hit the "Connect" button on the interfaces page to get reconnected. I suppose the implicated php files will not get overwritten on an upgraded once your package is integrated into the base release.
The other thing I noticed before and after my firmware update is that instead of seeing interface names on the Status>Interfaces page, such as "LAN interface (vr2_vlan1)", I see no name, ie, "LAN interface ()". This is true for all interfaces.
-
I suppose the implicated php files will not get overwritten on an upgraded once your package is integrated into the base release.
Yes, you're right. Once these files are integrated you won't see this behavior.
The other thing I noticed before and after my firmware update is that instead of seeing interface names on the Status>Interfaces page, such as "LAN interface (vr2_vlan1)", I see no name, ie, "LAN interface ()". This is true for all interfaces.
I'm not sure about the cause of this. The code that displays the interface info was modified recently by other devs. I'm running an image from May 12th on my two test boxes with my new changes and those "()" parentheses are displaying all the proper interface names. I'll check the newer code behind Status -> Interfaces soon.
GB
-
vmware 2.0 only works well with firefox 2.0… sigh. ah well, i'll test this sunday.
-
I suspect that the WAN traffic graph is reporting approximately double the actual traffic being passed, for outbound traffic only.
-
Hi,
Is this going to be in the 2.0 release? I can definitely use this with TekSavvy and stop thinking about moving to Tomato because of this shortcoming. However, I don't have the luxury to test this and it should be a 100% stable feature before I can get to it.
Thanks
-
Seeing that it's in the betas I can't see why it would get pulled.
I've been using it since it before it was in the builds (with TekSavvy) and haven't had any issue with it.
pfsense 2.0 isn't quite release-ready yet, but it's getting there, and the mlppp component is not really in question, as far as I can tell.
-
1- Sorry, I didn't get what you said. "It's not in question" ??? Is it going to BE or NOT TO BE in the 2.0 stable release?
I am assuming you are using this with a beta of 2.0 right as it's not supported in 1.2.3.2- Doesn't TekSavvy send you another router which takes two Rj-11 jacks? or do they send you two DSL modem for mlpp? If one mode only, do you put it in Bridge mode? If two modems, do you put both in bridge mode to use pfsense?
Thanks
-
I'm using 2.0 betas, and as far as I know I was the first one using the mlppp functionality from before it went into the snapshots. I haven't had a single problem with it and it's been in the snapshots for months now. I would be surprised if it was taken out at this point. There's no reason to. You may as well take out the traffic shaper or openvpn.
You will need a modem for every DSL connection. I don't buy my modems from TekSavvy, although you can if you want. They're cheaper through ncix.com, speedtouch.ca, and some other retailers.
Each modem then has to plug into pfsense, so your pfsense box needs either a physical port for each line, or you use a vlan-capable switch between the modems and your WAN port. This is what I do, as when adding more lines, you reach a point where having a whole bunch of NICs in your firewall box gets silly.
-
Thanks a lot for the clarification. I hope they do not take it out as I have read from a lot of people that the feature is working. Or at least leave an easy way to put it back in if need be.
I am using Alix board with three NIC ports. So, I should be fine.
-
We're not taking it out. :)
-
i'm using the built in mlppp in the latest version. i go to ppps and put 2 interfaces in. it connects, gets the right ip and everything. small packets like voip and online gaming UDP stuff is great. TCP like web browsing doesn't work properly. pages load part way and then stop.
i've tried the default mru/mtu/mrru values as well as ones that worked for me before: 1486/1486/1592. same result. any ideas? logs look ok:
Sep 6 00:17:47 ppp: [opt1] Bundle: Status update: up 2 links, total bandwidth 1011200 bps
Sep 6 00:17:47 ppp: [opt1_link1] Link: Join bundle "opt1"
Sep 6 00:17:47 ppp: [opt1_link1] LCP: authorization successful
Sep 6 00:17:47 ppp: [opt1_link1] PAP: rec'd ACK #1 len: 5
Sep 6 00:17:47 ppp: [opt1_link1] LCP: LayerUp
Sep 6 00:17:47 ppp: [opt1_link1] PAP: sending REQUEST #1 len: 49
Sep 6 00:17:47 ppp: [opt1_link1] PAP: using authname "removed"
Sep 6 00:17:47 ppp: [opt1_link1] LCP: auth: peer wants PAP, I want nothing
Sep 6 00:17:47 ppp: [opt1_link1] LCP: state change Ack-Sent –> Opened
Sep 6 00:17:47 ppp: [opt1_link1] ENDPOINTDISC [802.1] 00 0c 29 31 f8 8c
Sep 6 00:17:47 ppp: [opt1_link1] MP MRRU 1592
Sep 6 00:17:47 ppp: [opt1_link1] MAGICNUM e4720d58
Sep 6 00:17:47 ppp: [opt1_link1] MRU 1486
Sep 6 00:17:47 ppp: [opt1_link1] LCP: rec'd Configure Ack #4 (Ack-Sent)
Sep 6 00:17:47 ppp: [opt1_link1] ENDPOINTDISC [802.1] 00 0c 29 31 f8 8c
Sep 6 00:17:47 ppp: [opt1_link1] MP MRRU 1592
Sep 6 00:17:47 ppp: [opt1_link1] MAGICNUM e4720d58
Sep 6 00:17:47 ppp: [opt1_link1] MRU 1486
Sep 6 00:17:47 ppp: [opt1_link1] LCP: SendConfigReq #4
Sep 6 00:17:47 ppp: [opt1_link1] ENDPOINTDISC [NULL]
Sep 6 00:17:47 ppp: [opt1_link1] MP MRRU 32719
Sep 6 00:17:47 ppp: [opt1_link1] LCP: rec'd Configure Nak #3 (Ack-Sent)
Sep 6 00:17:47 ppp: [opt1_link1] LCP: state change Opened –> Ack-Sent
Sep 6 00:17:47 ppp: [opt1_link1] MAGICNUM 29958a83
Sep 6 00:17:47 ppp: [opt1_link1] AUTHPROTO PAP
Sep 6 00:17:47 ppp: [opt1_link1] ENDPOINTDISC [LOCAL] 34 36 30 37 32 33 30 30 39 39 00 00 00 00 00
Sep 6 00:17:47 ppp: [opt1_link1] MP MRRU 32719
Sep 6 00:17:47 ppp: [opt1_link1] MRU 1492
Sep 6 00:17:47 ppp: [opt1_link1] LCP: SendConfigAck #210
Sep 6 00:17:47 ppp: [opt1_link1] MAGICNUM e4720d58
Sep 6 00:17:47 ppp: [opt1_link1] MRU 1486
Sep 6 00:17:47 ppp: [opt1_link1] LCP: SendConfigReq #3
Sep 6 00:17:47 ppp: [opt1_link1] LCP: LayerDown
Sep 6 00:17:47 ppp: [opt1_link1] MAGICNUM 29958a83
Sep 6 00:17:47 ppp: [opt1_link1] AUTHPROTO PAP
Sep 6 00:17:47 ppp: [opt1_link1] ENDPOINTDISC [LOCAL] 34 36 30 37 32 33 30 30 39 39 00 00 00 00 00
Sep 6 00:17:47 ppp: [opt1_link1] MP MRRU 32719 -
Can you please show /tmp/rules.debug.
Possibly the scrub rules might be causing this.Also the /var/etc/mpd* contents.