PPPoE & RADIUS = crash?
-
Hi,
I finally got my PPPoE running:
#############################
My pfsense WAN IP: 192.168.0.100/24
My pfsense LAN IP: 10.1.10.1/8#############################
My PPTP configuration:
Server address: 11.1.10.1
Remote address range: 11.1.1.0
128 Bit encryption: yes#############################
My PPPoE configration:
LAN
24 Bit
No. PPPOE users: 10
Server address: 12.1.10.1
Remote address range: 12.1.1.0#############################
EVERYTHING WORKED FINE until I installed FreeRADIUS for better Authentication controlling … PPTP is still running under the same configuration as I wrote it here .. even with RADIUS support ... but PPPoE does nothing .. with or without RADIUS ... I acctually left my old configuration, but it's not working anymore ;-(
Has any body an idea why that happend? And maybe how to solve that .... ? Do I maybe use some wrong IP addresses ... because I'm not pretty sure .. before I installed the RADIUS server I just had to play arround with the PPPoE config and it's IP ranges ... it was kind of luck that I found the right combination between Server IP and remote adress range - so there might be an failure of mine.
Here is the error log I got from pfsense:
May 9 03:25:22 mpd: mpd: pid 6186, version 3.18 (root@builder6.pfsense.com 13:56 13-Feb-2007) May 9 03:25:22 mpd: mpd: already running as process 6183 May 9 03:25:22 mpd: [pt3] ppp node is "mpd6183-pt3" May 9 03:25:22 mpd: [pt3] using interface ng4 May 9 03:25:22 mpd: [pt4] ppp node is "mpd6183-pt4" May 9 03:25:22 mpd: [pt4] using interface ng5 May 9 03:25:22 mpd: [pt5] ppp node is "mpd6183-pt5" May 9 03:25:22 mpd: [pt5] using interface ng6 May 9 03:25:22 mpd: [pt6] ppp node is "mpd6183-pt6" May 9 03:25:22 mpd: [pt6] using interface ng7 May 9 03:25:22 mpd: [pt7] ppp node is "mpd6183-pt7" May 9 03:25:22 mpd: [pt7] using interface ng8 May 9 03:25:22 mpd: [pt8] ppp node is "mpd6183-pt8" May 9 03:25:22 mpd: [pt8] using interface ng9 May 9 03:25:22 mpd: [pt9] ppp node is "mpd6183-pt9" May 9 03:25:22 mpd: [pt9] using interface ng10 May 9 03:25:22 mpd: [pt10] ppp node is "mpd6183-pt10" May 9 03:25:22 mpd: [pt10] using interface ng11 May 9 03:25:22 mpd: [pt11] ppp node is "mpd6183-pt11" May 9 03:25:22 mpd: [pt11] using interface ng12 May 9 03:25:22 mpd: [pt12] ppp node is "mpd6183-pt12" May 9 03:25:22 mpd: [pt12] using interface ng13 May 9 03:25:22 mpd: [pt13] ppp node is "mpd6183-pt13" May 9 03:25:22 mpd: [pt13] using interface ng14 May 9 03:25:22 mpd: [pt14] ppp node is "mpd6183-pt14" May 9 03:25:22 mpd: [pt14] using interface ng15 May 9 03:25:22 mpd: [pt15] ppp node is "mpd6183-pt15" May 9 03:25:22 mpd: [pt15] using interface ng16 May 9 03:25:26 check_reload_status: reloading filter May 9 03:33:43 mpd: mpd: caught fatal signal term May 9 03:33:43 mpd: [pt0] IPCP: Down event May 9 03:33:43 mpd: [pt0] IFACE: Close event May 9 03:33:43 mpd: [pt1] IPCP: Down event May 9 03:33:43 mpd: [pt1] IFACE: Close event May 9 03:33:43 mpd: [pt2] IPCP: Down event May 9 03:33:43 mpd: [pt2] IFACE: Close event May 9 03:33:43 mpd: [pt3] IPCP: Down event May 9 03:33:43 mpd: [pt3] IFACE: Close event May 9 03:33:43 mpd: [pt4] IPCP: Down event May 9 03:33:43 mpd: [pt4] IFACE: Close event May 9 03:33:43 mpd: [pt5] IPCP: Down event May 9 03:33:43 mpd: [pt5] IFACE: Close event May 9 03:33:43 mpd: [pt6] IPCP: Down event May 9 03:33:43 mpd: [pt6] IFACE: Close event May 9 03:33:43 mpd: [pt7] IPCP: Down event May 9 03:33:43 mpd: [pt7] IFACE: Close event May 9 03:33:43 mpd: [pt8] IPCP: Down event May 9 03:33:43 mpd: [pt8] IFACE: Close event May 9 03:33:43 mpd: [pt9] IPCP: Down event May 9 03:33:43 mpd: [pt9] IFACE: Close event May 9 03:33:43 mpd: [pt10] IPCP: Down event May 9 03:33:43 mpd: [pt10] IFACE: Close event May 9 03:33:43 mpd: [pt11] IPCP: Down event May 9 03:33:43 mpd: [pt11] IFACE: Close event May 9 03:33:43 mpd: [pt12] IPCP: Down event May 9 03:33:43 mpd: [pt12] IFACE: Close event May 9 03:33:43 mpd: [pt13] IPCP: Down event May 9 03:33:43 mpd: [pt13] IFACE: Close event May 9 03:33:43 mpd: [pt14] IPCP: Down event May 9 03:33:43 mpd: [pt14] IFACE: Close event May 9 03:33:43 mpd: [pt15] IPCP: Down event May 9 03:33:43 mpd: [pt15] IFACE: Close event May 9 03:33:45 mpd: mpd: process 6183 terminated May 9 03:33:46 mpd: mpd: pid 7035, version 3.18 (root@builder6.pfsense.com 13:56 13-Feb-2007) May 9 03:33:46 mpd: [pt0] ppp node is "mpd7035-pt0" May 9 03:33:46 mpd: mpd: local IP address for PPTP is 0.0.0.0 May 9 03:33:46 mpd: [pt0] using interface ng1 May 9 03:33:46 mpd: [pt1] ppp node is "mpd7035-pt1" May 9 03:33:46 mpd: [pt1] using interface ng2 May 9 03:33:46 mpd: [pt2] ppp node is "mpd7035-pt2" May 9 03:33:46 mpd: [pt2] using interface ng3 May 9 03:33:46 mpd: [pt3] ppp node is "mpd7035-pt3" May 9 03:33:46 mpd: [pt3] using interface ng4 May 9 03:33:46 mpd: [pt4] ppp node is "mpd7035-pt4" May 9 03:33:46 mpd: [pt4] using interface ng5 May 9 03:33:46 mpd: [pt5] ppp node is "mpd7035-pt5" May 9 03:33:46 mpd: [pt5] using interface ng6 May 9 03:33:46 mpd: [pt6] ppp node is "mpd7035-pt6" May 9 03:33:46 mpd: [pt6] using interface ng7 May 9 03:33:46 mpd: [pt7] ppp node is "mpd7035-pt7" May 9 03:33:46 mpd: [pt7] using interface ng8 May 9 03:33:46 mpd: [pt8] ppp node is "mpd7035-pt8" May 9 03:33:46 mpd: [pt8] using interface ng9 May 9 03:33:46 mpd: [pt9] ppp node is "mpd7035-pt9" May 9 03:33:46 mpd: mpd: pid 7038, version 3.18 (root@builder6.pfsense.com 13:56 13-Feb-2007) May 9 03:33:46 mpd: mpd: already running as process 7035 May 9 03:33:46 mpd: [pt9] using interface ng10 May 9 03:33:46 mpd: [pt10] ppp node is "mpd7035-pt10" May 9 03:33:46 mpd: [pt10] using interface ng11 May 9 03:33:46 mpd: [pt11] ppp node is "mpd7035-pt11" May 9 03:33:46 mpd: [pt11] using interface ng12 May 9 03:33:46 mpd: [pt12] ppp node is "mpd7035-pt12" May 9 03:33:46 mpd: [pt12] using interface ng13 May 9 03:33:46 mpd: [pt13] ppp node is "mpd7035-pt13" May 9 03:33:46 mpd: [pt13] using interface ng14 May 9 03:33:46 mpd: [pt14] ppp node is "mpd7035-pt14" May 9 03:33:46 mpd: [pt14] using interface ng15 May 9 03:33:46 mpd: [pt15] ppp node is "mpd7035-pt15" May 9 03:33:46 mpd: [pt15] using interface ng16 May 9 03:33:49 check_reload_status: reloading filter
^^ I don't know why it's talking about ng** interfaceses … because I acctually use "re0" as LAN and "ath0" as WAN ?!
I would be really happy about every kind of a good clue ;-)
Thanks
LeoLinux
-
the ngxx interfaces are the vpn tunnels from the ptpp server
-
pptp server and pppoe server use the same interfaces net graph ng0-ng what ever. you can now start them both to gether but there is some more work to get them to run side by side.
basically it does not work you can only run either pppoe server or pptp server
-
"basically it does not work you can only run either pppoe server or pptp server"
^^
yes I just noticed that ;-/ is it really impossible or might it be possible to get it running?
what vpn mode is better faster safer - PPPoE or PPTP … I think it's PPPoE Server - isn't it?... and is there any possibility to set a speed limit to each user via the RADIUS? and where do I set up th IP adress to each user if I use RADIUS in the new pfsense Reease 1.2-BETA-1?
and a third question ... I settet up a successfully running pptp server several times ... and after that I had to make a rule like that in firewall --> rules --> pptp:
to let traffic pass:
Action: Pass
Interface PPTP
Protocol any
Source PPTP Clients
Destination any
Description PPTP Clients –> any^^ worked fine so far
... but know I want to do the same fo my PPPoE (PPTP is not running during that) but it would not work. if I start a connection over PPPoE I can't ping anything except my pfsense router.it looked like that:
Action: Pass
Interface PPPoE
Protocol any
Source PPPoE Clients
Destination any
Description PPPoE Clients –> anywhat's the matter ? Did I forget anything?
Thanks
LeoLinux
-
yes I just noticed that ;-/ is it really impossible or might it be possible to get it running?
what vpn mode is better faster safer - PPPoE or PPTP … I think it's PPPoE Server - isn't it?just difficult at the moment not impossible it is on my plan
better safer faster they are very different things pptp is really for tunnelling pppoe of AAA… and is there any possibility to set a speed limit to each user via the RADIUS? and where do I set up th IP adress to each user if I use RADIUS in the new pfsense Reease 1.2-BETA-1?
yes and no if/when problems with ip shaper and pf get sorted YES now NO
add the ip addresses to your radius server users under FRAMEDIPADDRESS… but know I want to do the same fo my PPPoE (PPTP is not running during that) but it would not work. if I start a connection over PPPoE I can't ping anything except my pfsense router.
it looked like that:
Action: Pass
Interface PPPoE
Protocol any
Source PPPoE Clients
Destination any
Description PPPoE Clients –> anydont know of any reason that does not work check that the client has a valid address inside the range.
check advanced outbound nat
see if you can ping client from firewall
it does work maybe your remote ip overlaps something -
Hi,
just difficult at the moment not impossible it is on my plan
better safer faster they are very different things pptp is really for tunnelling pppoe of AAAwhat is AAA?
Do you think it's possible to let PPPoE run under WAN and PPTP under LAN?dont know of any reason that does not work check that the client has a valid address inside the range.
check advanced outbound nat
see if you can ping client from firewall
it does work maybe your remote ip overlaps something-
I left Outbound Nat by default .. I didn't make any changes - my pfsense is just freshly installed - the only thing I changed was the PPPoE server which I enabled, and I installed RADIUS Server. by the way .. why do I ALWAYS have to start the RADIUS installation 2 times before it works 100% - is this a bug or just on my hardware?
-
I can ping every client INSIDE my LAN but not google or anything outside of my WAN anymore. (I'm teesting my PPPoE inside of my LAN)
-
what does that mean overlap?
my pfsense's IP is: 10.1.10.1/8
I setted up my PPPoE subnet mask to 8 Bit
(btw. I just don't understand why I could choose a subnet mask because there could only connect 254 poeple at the same time … ?! and even thats not working for me .. because if I choose "No. PPPOE users" to 254 my PPPoE client wont connect anymore ;-/ it's only working until 200 .. sometimes ...
my PPPoE Server IP is: 12.1.10.1
and my PPPoE Clients starting at: 12.0.0.0 --> I can type what ever I want .. pfsense is always resetting it to 12**.0.0.0**add the ip addresses to your radius server users under FRAMEDIPADDRESS
so it's not possible for the pfsense freeradius edition to Users an IP? And another question would be if I can instal the freeradius webinterface to pfsence: http://www.freeradius.org/dialupadmin.html .. something like that with more options …. I think many options are not shown in the pfsense version ...
yes and no if/when problems with ip shaper and pf get sorted YES now NO
why don't you guys want to change that? In my opinion that's a very big reason for chaning it - I think that's why we all want to have pfsense - because it rocks ;-) except a few bugs ;-) but I can't programm so I shut up ;-)
AND when we are talking about bugs … why the hell does pfsense want to sync time during the boot ?!?! that sucks .. it hangs there about over a minute and gets nothing .... I'm pretty sure you can remove that - can't you?
and only one more thing .. a long time ago I wrote you guys an eMail... I offered myselfe to help you getting pfsense translated into german - but nobody resonsed - so one more time: are you interestead in my help?
Thanks for your help!
LeoLinux
-
-
…
and only one more thing .. a long time ago I wrote you guys an eMail... I offered myselfe to help you getting pfsense translated into german - but nobody resonsed - so one more time: are you interestead in my help?Multilanguage support is only in the HEAD codetree (what probably will become 2.0). Until that happens there will be a lot of changes everywhere. Starting to translate only makes sense once the 2.0 goes somewhere near beta imo as the translations will break if text in the english version is changed or as some things will be added later before you can start to translate them. When the time has come we'll be happy to accept any support we can get for the translations.
-
what is AAA?
Do you think it's possible to let PPPoE run under WAN and PPTP under LAN?authorisation access and accounting
pppoe is only a client on wan so this is fine.what is AAA?
Do you think it's possible to let PPPoE run under WAN and PPTP under LAN?my pfsense's IP is: 10.1.10.1/8
my PPPoE Server IP is: 12.1.10.1(btw. I just don't understand why I could choose a subnet mask because there could only connect 254 poeple at the same time … ?! and even thats not working for me .. because if I choose "No. PPPOE users" to 254 my PPPoE client wont connect anymore ;-/ it's only working until 200 .. sometimes ...
what version are you running 1.3 branch has lots of changes to mpd daemon that runs pppoe and pptp and all 254 are available there is some code change to allow all 1000 pppoe tunnels works fine on the right hardware. it seems like you need to understand these things a little better before asking quiet so many questions. great things to know.
hardware platform running on
embedded full install
version of pfsenseadd the ip addresses to your radius server users under FRAMEDIPADDRESS
i dont know about that package you will have to ask the pkg maintainer
we use pfsense as a firewall only and have external radius serverswhy don't you guys want to change that? In my opinion that's a very big reason for chaning it - I think that's why we all want to have pfsense - because it rocks ;-) except a few bugs ;-) but I can't programm so I shut up ;-)
look into it before you ask silly questions this is not a pfsense issue
AND when we are talking about bugs … why the hell does pfsense want to sync time during the boot ?!?! that sucks .. it hangs there about over a minute and gets nothing .... I'm pretty sure you can remove that - can't you?
this does not live in this thread your time servers, dns or sometime must be wrong because ours works just fine
-
I'm sorry asking about RADIUS.
Thanks for the PPPoE informations.
what version are you running 1.3 branch has lots of changes to mpd daemon that runs pppoe and pptp and all 254 are available there is some code change to allow all 1000 pppoe tunnels works fine on the right hardware. it seems like you need to understand these things a little better before asking quiet so many questions. great things to know.
hardware platform running on
embedded full install
version of pfsense^^ what kind of hardware are you talking about?
^^ you're right - I have to learn a lot of stuff - but that's why I'm here - and I'm happy that I get answers of you guys!!! ;-)Multilanguage support is only in the HEAD codetree (what probably will become 2.0). Until that happens there will be a lot of changes everywhere. Starting to translate only makes sense once the 2.0 goes somewhere near beta imo as the translations will break if text in the english version is changed or as some things will be added later before you can start to translate them. When the time has come we'll be happy to accept any support we can get for the translations.
When do you think will 2.0 be ready? How should we go on? Do you want to cantact me via e-Mail when your ready or do you want to give me a date when I should mail you?
Leander
-
Multilanguage support is only in the HEAD codetree (what probably will become 2.0). Until that happens there will be a lot of changes everywhere. Starting to translate only makes sense once the 2.0 goes somewhere near beta imo as the translations will break if text in the english version is changed or as some things will be added later before you can start to translate them. When the time has come we'll be happy to accept any support we can get for the translations.
When do you think will 2.0 be ready? How should we go on? Do you want to cantact me via e-Mail when your ready or do you want to give me a date when I should mail you?
Leander
There's really no eta on this yet. Before 2.0 will come out there will be at least one other version in between (1.3 which is already in the works). I recommend "sit back, relax and enjoy the ride" for now. We'll announce when 2.0 gets ready for translation and ask for help when the time has come.
-
^^ what kind of hardware are you talking about?
is the platform embedded or low ram this might be why it cannot create all the pppoe or pptp ng interfaces
1.3 of mpd (version 1.2 of pfsense) has an issue in the daemon where it stops after 200 and something so
i think this is problery your problem. -
my Hardware is about an Intel III with 350 MHz and 368MB MB RAM installed on a CF card with 256 MB 50% space left. 10 MB swap wich was never ever used by pfsense.
Leander