My new firewall build

zarje

@Wolf666:

Exactly as haleakalas reported.

I am using a DrayTek Vigor 120v2 since my ISP has PPPoA only, connected to pfSense, letting pfSense do authentication.

Thanks guys, thats most helpful!

On my DrayTek currently it is using PPPoA to the ISP and from what I have read after my last post, pfsense ONLY does PPPoE on the WAN interface so it got me wondering, will it all work??

It sounds like the answer is yes. So in the end I will use the DrayTek as a plain ADSL modem in "PPPoE pass through mode" and let the WAN interface on pfsense do the ISP authentication with PPPoE.

On the DrayTek 2820 under WAN and then internet access there is an option called:

Bridge Mode:
  Enable Bridge Mode

Do I leave this unticked?

If I have pass through enabled on the DrayTek, and my ISP uses PPPoA, how come this will work if I use PPPoE on the WAN interface of the pfsense box?  :o

Wolf666: Would you care sharing what your DrayTek settings are since you have an ISP with PPPoA (like me) please?

Once pass through mode is enabled do I change the protocol settings on the DrayTek from PPPoA to PPPoE?

Wolf666

PPPoE pass-through is a kind of software relay which converts PPPoA into PPPoE and viceversa.
In your case you only have to enable that feature (you have already a working PPPoA connection with the correct parameters). Once enabled the PPPoE pass-through, the ISP Access setup section will go blank (it is ok).

Then simply connect  the DrayTek WAN to pfSense WAN, disable NAT, Firewall, DHCP on draytek.

Put your access details in pfSense, choosing PPPoE. The DrayTek will take care to convert PPPoE into PPPoA.

The DrayTek has to stay in a different subnet than pfSense. In order to keep access to modem follow: https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN

zarje

@Wolf666:

PPPoE pass-through is a kind of software relay which converts PPPoA into PPPoE and viceversa.
In your case you only have to enable that feature (you have already a working PPPoA connection with the correct parameters). Once enabled the PPPoE pass-through, the ISP Access setup section will go blank (it is ok).

Then simply connect  the DrayTek WAN to pfSense WAN, disable NAT, Firewall, DHCP on draytek.

Put your access details in pfSense, choosing PPPoE. The DrayTek will take care to convert PPPoE into PPPoA.

The DrayTek has to stay in a different subnet than pfSense. In order to keep access to modem follow: https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN

Ok so let me summarise this to make sure I understand 100%:

ISP –-(PPPoA)--- DrayTek 2820 ---(PPPoE) --- pfsense

So on the DrayTek 2820 I set in WAN - internet access settings:

1. PPPoE/PPPoA Client - Enabled selected

2. PPPoA protocol set in DSL settings

3. PPPoE passthrough set to enabled for wired LAN

4. Do I need to set the encapulation type to LLC/SNAP as I have read about?

Then on the pfsense WAN interface I just enable PPPoE and enter my ISP credentials.

Am I on the right track here?  8)

Edit: Is it not better to connect the WAN interface of the pfsense firewall to the LAN interface on the DrayTek rather?

Wolf666

Also encapsulation type must be set on DrayTek.

The rest is ok.

zarje

@Wolf666:

Also encapsulation type must be set on DrayTek.

The rest is ok.

So set encapulation type to LLC/SNAP?

Also, is it not better to connect the WAN interface of the pfsense firewall to the LAN interface on the DrayTek rather?

With this type of configuration, can I use IPv6 with Hurricane Electrics tunnel?

Wolf666

encapsulation is ISP typical, check your ISP parameters.
In order to work as a dumb modem (bridge), your DryTek WAN must be connected to pfSense WAN, I don't know any other way.
Cannot help you on IPv6 since I am on IPv4 only.

zarje

@Wolf666:

In order to work as a dumb modem (bridge), your DryTek WAN must be connected to pfSense WAN, I don't know any other way.

This one was confused me  ::)

Ok, so does this mean I go into WAN - Internet Access - WAN 2 - Static or Dynamic IP on the DrayTek

I assume that I will then give it a static IP address in a range that is unique to the DrayTek and pfsense as follows:

DrayTek WAN 2 port: 192.168.0.10

pfsense WAN port (for PPPoE): 192.168.0.20

I assume PPPoE Pass-through will then "convert" my PPPoA connection from the ISP to PPPoE on the pfsense WAN interface?

Can you still access the DrayTek web interface from the WAN 2 interface? (assuming you have configured pfsense to allow access to this from the WAN interface) Which IP address would I use to browse the interface…192.168.0.1 (the default set in the LAN settings on the DrayTek) or 192.168.0.10 (the WAN 2 address)?

Thanks for the help!

Wolf666

@Wolf666:

The DrayTek has to stay in a different subnet than pfSense. In order to keep access to modem follow: https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN

I recall my previous advise. Different subnet means for example:

• pfSense 192.168.1.1
• DrayTek 192.168.2.1 or 10.0.0.1 or other private IP except subnet 192.168.1.0/24 (in my example the one of pfSense LAN)

pfSense WAN mUst be set on PPPoE it will negotiate a dynamic IP (I assume), you don,t have to put a static IP there. This is a stright forward configuration, pretty common.

Those IPs are not WAN's IP, they are IP used on LAN side to manage the units, have access to their GUI or SSH or Telnet.

zarje

@Wolf666:

@Wolf666:

The DrayTek has to stay in a different subnet than pfSense. In order to keep access to modem follow: https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN

I recall my previous advise. Different subnet means for example:

• pfSense 192.168.1.1
• DrayTek 192.168.2.1 or 10.0.0.1 or other private IP except subnet 192.168.1.0/24 (in my example the one of pfSense LAN)

pfSense WAN mUst be set on PPPoE it will negotiate a dynamic IP (I assume), you don,t have to put a static IP there. This is a stright forward configuration, pretty common.

Those IPs are not WAN's IP, they are IP used on LAN side to manage the units, have access to their GUI or SSH or Telnet.

I think I get it now. So I can continue using the default of 192.168.0.1 to browse the DrayTek web interface but I MUST use a different subnet for pfsense (ie: 192.168.15.x).

Do I have to configure anything on the WAN2 interface on the DrayTek? Or is it just a matter of running an Ethernet cable from WAN2 on the DrayTek to the pfsense WAN interface? I assume the PPPoE Pass-through will just be passed from the WAN interface on the DrayTek to the WAN interface on the pfsense box?

On the DrayTek it says:

PPPoE Pass-through:

[tick box] For Wired LAN

Note: If this box is checked while using the PPPoA protocol, the router will behave like a modem which only serves the PPPoE client on the LAN.

When they say LAN I assume it'll work when using the WAN2 interface too?

Wolf666

Yes, now you should be ok.

zarje

@Wolf666:

Yes, now you should be ok.

Great, thanks for the help!

One more questions, will this USB serial cable allow me to configure pfsense on the APU board:

http://www.ebay.co.uk/itm/281329973320?_trksid=p2055119.m1438.l2649&ssPageName=STRK%3AMEBIDX%3AIT