My new firewall build
-
PPPoE pass-through is a kind of software relay which converts PPPoA into PPPoE and viceversa.
In your case you only have to enable that feature (you have already a working PPPoA connection with the correct parameters). Once enabled the PPPoE pass-through, the ISP Access setup section will go blank (it is ok).Then simply connect the DrayTek WAN to pfSense WAN, disable NAT, Firewall, DHCP on draytek.
Put your access details in pfSense, choosing PPPoE. The DrayTek will take care to convert PPPoE into PPPoA.
The DrayTek has to stay in a different subnet than pfSense. In order to keep access to modem follow: https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN
-
PPPoE pass-through is a kind of software relay which converts PPPoA into PPPoE and viceversa.
In your case you only have to enable that feature (you have already a working PPPoA connection with the correct parameters). Once enabled the PPPoE pass-through, the ISP Access setup section will go blank (it is ok).Then simply connect the DrayTek WAN to pfSense WAN, disable NAT, Firewall, DHCP on draytek.
Put your access details in pfSense, choosing PPPoE. The DrayTek will take care to convert PPPoE into PPPoA.
The DrayTek has to stay in a different subnet than pfSense. In order to keep access to modem follow: https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN
Ok so let me summarise this to make sure I understand 100%:
ISP –-(PPPoA)--- DrayTek 2820 ---(PPPoE) --- pfsense
So on the DrayTek 2820 I set in WAN - internet access settings:
-
PPPoE/PPPoA Client - Enabled selected
-
PPPoA protocol set in DSL settings
-
PPPoE passthrough set to enabled for wired LAN
-
Do I need to set the encapulation type to LLC/SNAP as I have read about?
Then on the pfsense WAN interface I just enable PPPoE and enter my ISP credentials.
Am I on the right track here? 8)
Edit: Is it not better to connect the WAN interface of the pfsense firewall to the LAN interface on the DrayTek rather?
-
-
Also encapsulation type must be set on DrayTek.
The rest is ok.
-
Also encapsulation type must be set on DrayTek.
The rest is ok.
So set encapulation type to LLC/SNAP?
Also, is it not better to connect the WAN interface of the pfsense firewall to the LAN interface on the DrayTek rather?
With this type of configuration, can I use IPv6 with Hurricane Electrics tunnel?
-
encapsulation is ISP typical, check your ISP parameters.
In order to work as a dumb modem (bridge), your DryTek WAN must be connected to pfSense WAN, I don't know any other way.
Cannot help you on IPv6 since I am on IPv4 only. -
In order to work as a dumb modem (bridge), your DryTek WAN must be connected to pfSense WAN, I don't know any other way.
This one was confused me ::)
Ok, so does this mean I go into WAN - Internet Access - WAN 2 - Static or Dynamic IP on the DrayTek
I assume that I will then give it a static IP address in a range that is unique to the DrayTek and pfsense as follows:
DrayTek WAN 2 port: 192.168.0.10
pfsense WAN port (for PPPoE): 192.168.0.20
I assume PPPoE Pass-through will then "convert" my PPPoA connection from the ISP to PPPoE on the pfsense WAN interface?
Can you still access the DrayTek web interface from the WAN 2 interface? (assuming you have configured pfsense to allow access to this from the WAN interface) Which IP address would I use to browse the interface…192.168.0.1 (the default set in the LAN settings on the DrayTek) or 192.168.0.10 (the WAN 2 address)?
Thanks for the help!
-
The DrayTek has to stay in a different subnet than pfSense. In order to keep access to modem follow: https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN
I recall my previous advise. Different subnet means for example:
- pfSense 192.168.1.1
- DrayTek 192.168.2.1 or 10.0.0.1 or other private IP except subnet 192.168.1.0/24 (in my example the one of pfSense LAN)
pfSense WAN mUst be set on PPPoE it will negotiate a dynamic IP (I assume), you don,t have to put a static IP there. This is a stright forward configuration, pretty common.
Those IPs are not WAN's IP, they are IP used on LAN side to manage the units, have access to their GUI or SSH or Telnet.
-
The DrayTek has to stay in a different subnet than pfSense. In order to keep access to modem follow: https://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN
I recall my previous advise. Different subnet means for example:
- pfSense 192.168.1.1
- DrayTek 192.168.2.1 or 10.0.0.1 or other private IP except subnet 192.168.1.0/24 (in my example the one of pfSense LAN)
pfSense WAN mUst be set on PPPoE it will negotiate a dynamic IP (I assume), you don,t have to put a static IP there. This is a stright forward configuration, pretty common.
Those IPs are not WAN's IP, they are IP used on LAN side to manage the units, have access to their GUI or SSH or Telnet.
I think I get it now. So I can continue using the default of 192.168.0.1 to browse the DrayTek web interface but I MUST use a different subnet for pfsense (ie: 192.168.15.x).
Do I have to configure anything on the WAN2 interface on the DrayTek? Or is it just a matter of running an Ethernet cable from WAN2 on the DrayTek to the pfsense WAN interface? I assume the PPPoE Pass-through will just be passed from the WAN interface on the DrayTek to the WAN interface on the pfsense box?
On the DrayTek it says:
PPPoE Pass-through:
[tick box] For Wired LAN
Note: If this box is checked while using the PPPoA protocol, the router will behave like a modem which only serves the PPPoE client on the LAN.
When they say LAN I assume it'll work when using the WAN2 interface too?
-
Yes, now you should be ok.
-
Yes, now you should be ok.
Great, thanks for the help!
One more questions, will this USB serial cable allow me to configure pfsense on the APU board:
http://www.ebay.co.uk/itm/281329973320?_trksid=p2055119.m1438.l2649&ssPageName=STRK%3AMEBIDX%3AIT