PPPoE on WAN link for Centurylink gigabit service
-
I have tried to do this a number of times and can't make it work so I am hoping someone on the forum can help me with my issue.
I have been using pfsense for a couple of years now but switched over from the local cable company to Centurylink as they just started offering gigabit service to my location. They provided a modem/router (technicolor C2000T) but I would prefer to use my pfsense device. I have followed the installation guide to set up the WAN link using PPPoE but have had no luck getting the link up. My understanding is Centurylink requires all WAN traffic to be tagged using VLAN 201. I believe I configured that but am happy to follow advice from others to confirm. Also, I have read they require a MTU setting of 1492 and I have configured this in the WAN settings page but still no luck.
There are some other details I found looking at the settings on the C2000T that may or not be applicable so I will list them below in the interest of being detailed.
The following are displayed on the Modem Status pages, they are not settable on this page, just displayed.
ISP Protocol: PPPoE
WAN Connection Type: Ethernet
VLAN Type Selected: Auto Detect - Tagged 201
MTU Size: 1484
MSS SIze: 1444
RWIN Size: 5776The following are the settings (I will list the other options like this) under the Advanced Setup tab of the C2000T.
Broadband Settings page
WAN Type: Auto Select (options for ADSL, VDSL and WAN Ethernet Port 5)
WAN Type Selected: WAN Ethernet Port 5Transport Mode: Auto Select (options for Tagged and Untagged)
Transport Mode Selected: Tagged - VLAN 201VLAN ID: 201 (text entry box)
MTU: 1492 (text entry box)WAN Settings page
ISP Protocol: Auto Select (options for PPPoE, IPoE, IPoE via Static IP (both tagged and untagged) and Transparent Bridging (both tagged and untagged)
Protocol Selected: PPPoEPPP Username: xxxxxxx@qwest.net
PPP Password: xxxxxxxxPPP Auto Connect: Enable (option for Disable)
No PPP Credentials: Disable (option for Enable)IP Addressing Type: Dynamic IP (options for Single Static and Block of Static IP addresses)
DNS Type: Dynamic DNS (option for Static DNS)
I know this C2000T supports transparent bridging but before someone recommends using it that way please understand I would prefer to not use two devices to connect if I don't have to, that way I can return the C2000T and just use pfsense. I believe this should be possible as the way the C2000T is configured now the WAN link is just ethernet with some special parameters Centurylink has decided to use.
Thank you in advance for the help anyone can give me.
-
Have you bridged the Technicolor pachyderm?
Any time I move the PPPoE config off of an ISP DSL router and onto a pfsense WAN interface, I have to bridge the DSL modem. I imagine that may be your issue here.
Qwest may have that locked down or out though.
Edit: 2 minutes of googling yielded this:
http://internethelp.centurylink.com/internethelp/modem-c2000t-adv-bridging-ctl.html -
almabes, thank you for the reply. I do know that the modem offers a bridging option, I would prefer to not have to use that mode as I want to return the C2000T. Reading through the documentation I have been able to find, the gigabit service they provide is not done using any type of DSL. So I believe I should be able use only my pfsense box to authenticate using PPPoE on the WAN interface.
Also, I should have stated in my original email I am running the current release of pfsense (2.2.2).
If you have any other thoughts or ideas I am open to trying them.
Thank you again for trying to help me out.
-
Why wouldn't you be able to return it after setting bridge mode?
-
I could. The problem is that I cannot get my pfsense device to authenticate on the WAN link/ethernet drop Centurylink provides. So returning the modem would (regardless of if it was in bridge mode or not) prevent my from accessing the internet.
I am sorry I was not more clear in stating my issue.
-
I'm skeptical you're going to be able to stop using the C2000T altogether, they probably have additional checks, one idea that comes to mind would be to clone the WAN MAC address of the C2000T onto your pfsense WAN interface.
-
It looks like Centurytel uses some form of xDSL to provide your bandwidth. You will not be able to eliminate the Technicolor modem from you setup, unless you replace it with some other xDSL modem.
Around these parts, AT&T's high speed DSL offering uses crappy CPE with an embedded certificate for authentication. You can't dump their crappy CPE, and it only somewhat supports a bridge mode.
Bridge that puppy and get the PPPoE configuration on the WAN interface of pfSense.
-
The C2000T has DSL and ethernet WAN ports it looks like. OP can you port a picture of the back of the C2000T when the service is working? If DSL, you'll need to use a DSL modem of some sort. If ethernet handoff you might be able to get it working with nothing but pfSense WAN.
Also, you seem to have some uncertainty that you tagged VLAN 201 correctly. What did Interfaces > (assign) look like when you tried it?
From what I can tell if you tag vlan 201 to Centurylink's ONT it should work. My couple minutes of searching yield:
-
People reporting PPPoE and/or DHCP working
-
People reporting you might need to clear the MAC address (ARP) table in the ONT with a reboot if you change routers.
-
-
O@Derelict:
The C2000T has DSL and ethernet WAN ports it looks like. OP can you port a picture of the back of the C2000T when the service is working? If DSL, you'll need to use a DSL modem of some sort. If ethernet handoff you might be able to get it working with nothing but pfSense WAN.
Also, you seem to have some uncertainty that you tagged VLAN 201 correctly. What did Interfaces > (assign) look like when you tried it?
From what I can tell if you tag vlan 201 to Centurylink's ONT it should work. My couple minutes of searching yield:
-
People reporting PPPoE and/or DHCP working
-
People reporting you might need to clear the MAC address (ARP) table in the ONT with a reboot if you change routers.
Just re-read the OP, and he states that the its set for Ethernet, so I retract my previous "Bridge that puppy" statement. I misunderstood how CenturyLink handed off to you.
First you'll need to know which interface is WAN, in my case it's re1
Then, from the Interfaces (assign) menu option you will add VLAN 201 and assign it to your WAN interface (re1 in my case)
You then can reassign your WAN interface to re1 VLAN 201
Last you should be able to configure your PPPoE credentials on the WAN interface.
-
-
Thank you for the suggestions both almabes and Derelict. As soon as I am able I will configure as suggested and post images of the configuration with results.
-
Sorry for the delay in posting back an update. I was called out of town for an unscheduled trip.
almabes and Derelict, I am happy to report that I now have a connected link on the WAN. However, pfsense can't seem to connect to the outside world even thought the link is UP. The version window in the dashboard states "Unable to check for updates" and the Gateway Monitoring Daemon (apinger) is stopped and under the Gateways the WAN_PPPOE status is Unknown.
So far I have tried rebooting the ONT but that did not change anything (link still goes up, but no passing traffic). I tried using the MTU value of 1492 as my google searching said that was a Centurylink requirement as well as not putting a MTU value in (default) and that doesn't change anything, I get the link UP but no passing of traffic.
Any other ideas you can think of to try?
Let me know if you want me to post some specific image of a configuration tab from pfsense.
Thank you again for any help you can provide.
-
Post a screenshot of Status–System Logs--PPP tab.
Maybe that will point us in the right direction.
Edit:
Status--Interfaces might be helpful, too. -
Ok. Both are attached.
Thank you again for your help.
-
I decided to give Centurylink support a call to see what if anything they could do to help me. I spent about an hour on the phone with the GPON support engineer. He did state that they do not require a MTU of 1492, that is a direct contradiction to what the settings on my C2000T modem show. So I think I will keep trying it both ways. We tried a number of other configuration changes, but no matter what could not seem to get the entire link process to complete. He stated he could see that my system had established a link and taken the full 1 gigabit of bandwidth available but that the PPPoE authentication was not completing. He noted that authentication attempts are logged to their RADIUS server and that from the entries he could see it looked like the pfSense server was starting a connection and then requesting to closing the connection itself.
I am going to continue trying to get this to work and will post updates if I make progress.
If any other members of the forum have advice feel free to provide input.
A special thank you to almabes for taking time to try and troubleshoot this with me.
-
Maybe this will help you.
https://www.dslreports.com/forum/r29358085-VLAN-Tagging-on-Tomato-for-FTTHI have read about people successful in get CL to remove VLAN tagging, then you won't need their router at all.
-
Have you made any progress?
I will soon be attempting the same thing with CenturyLink.
-
I, too, would love to hear the progress for this issue. I would like to be able to get rid of CT2000, and have pfsense connect directly to CenturyLink.
-
I received CenturyLink Gigabit Internet service two weeks ago and was able to immediately replace the C2000T with pfSense for use with the service. It was simple to setup.
Here are the steps:
-
Create a VLAN with ID 201, Interfaces>Assign>VLANs
-
Assign the VLAN to the WAN parent interface
-
Create a PPP interface for the WAN, Interfaces>Assign>PPPs
-
Make the following PPP settings:
Link type - PPPoE
Link interface(s) - WAN interface with VLAN, e.g. igb1_vlan201
Provide the Username and Password for the CenturyLink account
SaveAt this point, the WAN interface will connect to the CenturyLink service.
I have noticed that the C2000T is about 20 percent faster on download speed tests and on parity with upload speed tests when compared to pfSense running on a SG-4860. Not exactly sure why that would be the case. Still investigating.
Screenshots of the settings below.
![Voila_Capture 2015-06-08_04-16-51_PM.png](/public/imported_attachments/1/Voila_Capture 2015-06-08_04-16-51_PM.png)
![Voila_Capture 2015-06-08_04-16-51_PM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-06-08_04-16-51_PM.png_thumb)
![Voila_Capture 2015-06-08_04-15-56_PM.png](/public/imported_attachments/1/Voila_Capture 2015-06-08_04-15-56_PM.png)
![Voila_Capture 2015-06-08_04-15-56_PM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-06-08_04-15-56_PM.png_thumb) -
-
superweasel, thank you for posting some detail. For some reason new post to thread notifications were not reaching me so I was not aware that new posts had been made.
I tried to follow your instructions and even went so far as to do a complete new install of 2.2.3 to make sure old configuration changes were not affecting me but I still can't get pfsense to work with Centurylink. By following your advice I have made more progress than before. I was unclear about what the WAN link should be set to on Interfaces (assign) so I put it to the PPPoE option created by following your instructions. pfsense then gets an IP address on the WAN link but clients on the LAN can't get to the internet. Screen shots are below, note in PPPtoWAN image that pfsense gets and IP address, can tell it is on the current release but the 1000baseT full duplex is missing. When I set the WAN back to em0 (default) I get the 1000baseT link full duplex but no IP address.
I am sure there is some minor setting I am missing, and I would appreciate any further advice you have.
Thank you in advance for any help you can provide.
-
With an IP address from CenturyLink, the WAN side of the house is all set. IP address from CenturyLink is the critical piece. With PPPoE, pfSense does not report connection speed or duplex.
Make sure the PPPoE Gateway is set as the Default Gateway (System>Routing, see image below). You might also want to add the CenturyLink DNS servers to your DNS list (System>General>DNS servers, see image below).
As for the LAN side, most likely a firewall issue or route issue. Make sure you are not blocking routes to the WAN from LAN (see image below). Just to verify, take a look at Diagnostics>Routes to see if LAN can route to WAN.
Last one, in researching the speed issue with pfSense and gigabit PPPoE connections, I opened a support ticket with pfSense. As of v2.2.3, pfSense will not attain gigabit speeds with PPPoE (https://redmine.pfsense.org/issues/4821).
![Voila_Capture 2015-07-20_07-40-22_AM.png](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-40-22_AM.png)
![Voila_Capture 2015-07-20_07-40-22_AM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-40-22_AM.png_thumb)
![Voila_Capture 2015-07-20_07-34-11_AM.png](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-34-11_AM.png)
![Voila_Capture 2015-07-20_07-34-11_AM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-34-11_AM.png_thumb)
![Voila_Capture 2015-07-20_07-34-58_AM.png](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-34-58_AM.png)
![Voila_Capture 2015-07-20_07-34-58_AM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-34-58_AM.png_thumb)