PPPoE on WAN link for Centurylink gigabit service
-
Why wouldn't you be able to return it after setting bridge mode?
-
I could. The problem is that I cannot get my pfsense device to authenticate on the WAN link/ethernet drop Centurylink provides. So returning the modem would (regardless of if it was in bridge mode or not) prevent my from accessing the internet.
I am sorry I was not more clear in stating my issue.
-
I'm skeptical you're going to be able to stop using the C2000T altogether, they probably have additional checks, one idea that comes to mind would be to clone the WAN MAC address of the C2000T onto your pfsense WAN interface.
-
It looks like Centurytel uses some form of xDSL to provide your bandwidth. You will not be able to eliminate the Technicolor modem from you setup, unless you replace it with some other xDSL modem.
Around these parts, AT&T's high speed DSL offering uses crappy CPE with an embedded certificate for authentication. You can't dump their crappy CPE, and it only somewhat supports a bridge mode.
Bridge that puppy and get the PPPoE configuration on the WAN interface of pfSense.
-
The C2000T has DSL and ethernet WAN ports it looks like. OP can you port a picture of the back of the C2000T when the service is working? If DSL, you'll need to use a DSL modem of some sort. If ethernet handoff you might be able to get it working with nothing but pfSense WAN.
Also, you seem to have some uncertainty that you tagged VLAN 201 correctly. What did Interfaces > (assign) look like when you tried it?
From what I can tell if you tag vlan 201 to Centurylink's ONT it should work. My couple minutes of searching yield:
-
People reporting PPPoE and/or DHCP working
-
People reporting you might need to clear the MAC address (ARP) table in the ONT with a reboot if you change routers.
-
-
O@Derelict:
The C2000T has DSL and ethernet WAN ports it looks like. OP can you port a picture of the back of the C2000T when the service is working? If DSL, you'll need to use a DSL modem of some sort. If ethernet handoff you might be able to get it working with nothing but pfSense WAN.
Also, you seem to have some uncertainty that you tagged VLAN 201 correctly. What did Interfaces > (assign) look like when you tried it?
From what I can tell if you tag vlan 201 to Centurylink's ONT it should work. My couple minutes of searching yield:
-
People reporting PPPoE and/or DHCP working
-
People reporting you might need to clear the MAC address (ARP) table in the ONT with a reboot if you change routers.
Just re-read the OP, and he states that the its set for Ethernet, so I retract my previous "Bridge that puppy" statement. I misunderstood how CenturyLink handed off to you.
First you'll need to know which interface is WAN, in my case it's re1
Then, from the Interfaces (assign) menu option you will add VLAN 201 and assign it to your WAN interface (re1 in my case)
You then can reassign your WAN interface to re1 VLAN 201
Last you should be able to configure your PPPoE credentials on the WAN interface.
-
-
Thank you for the suggestions both almabes and Derelict. As soon as I am able I will configure as suggested and post images of the configuration with results.
-
Sorry for the delay in posting back an update. I was called out of town for an unscheduled trip.
almabes and Derelict, I am happy to report that I now have a connected link on the WAN. However, pfsense can't seem to connect to the outside world even thought the link is UP. The version window in the dashboard states "Unable to check for updates" and the Gateway Monitoring Daemon (apinger) is stopped and under the Gateways the WAN_PPPOE status is Unknown.
So far I have tried rebooting the ONT but that did not change anything (link still goes up, but no passing traffic). I tried using the MTU value of 1492 as my google searching said that was a Centurylink requirement as well as not putting a MTU value in (default) and that doesn't change anything, I get the link UP but no passing of traffic.
Any other ideas you can think of to try?
Let me know if you want me to post some specific image of a configuration tab from pfsense.
Thank you again for any help you can provide.
-
Post a screenshot of Status–System Logs--PPP tab.
Maybe that will point us in the right direction.
Edit:
Status--Interfaces might be helpful, too. -
Ok. Both are attached.
Thank you again for your help.
-
I decided to give Centurylink support a call to see what if anything they could do to help me. I spent about an hour on the phone with the GPON support engineer. He did state that they do not require a MTU of 1492, that is a direct contradiction to what the settings on my C2000T modem show. So I think I will keep trying it both ways. We tried a number of other configuration changes, but no matter what could not seem to get the entire link process to complete. He stated he could see that my system had established a link and taken the full 1 gigabit of bandwidth available but that the PPPoE authentication was not completing. He noted that authentication attempts are logged to their RADIUS server and that from the entries he could see it looked like the pfSense server was starting a connection and then requesting to closing the connection itself.
I am going to continue trying to get this to work and will post updates if I make progress.
If any other members of the forum have advice feel free to provide input.
A special thank you to almabes for taking time to try and troubleshoot this with me.
-
Maybe this will help you.
https://www.dslreports.com/forum/r29358085-VLAN-Tagging-on-Tomato-for-FTTHI have read about people successful in get CL to remove VLAN tagging, then you won't need their router at all.
-
Have you made any progress?
I will soon be attempting the same thing with CenturyLink.
-
I, too, would love to hear the progress for this issue. I would like to be able to get rid of CT2000, and have pfsense connect directly to CenturyLink.
-
I received CenturyLink Gigabit Internet service two weeks ago and was able to immediately replace the C2000T with pfSense for use with the service. It was simple to setup.
Here are the steps:
-
Create a VLAN with ID 201, Interfaces>Assign>VLANs
-
Assign the VLAN to the WAN parent interface
-
Create a PPP interface for the WAN, Interfaces>Assign>PPPs
-
Make the following PPP settings:
Link type - PPPoE
Link interface(s) - WAN interface with VLAN, e.g. igb1_vlan201
Provide the Username and Password for the CenturyLink account
SaveAt this point, the WAN interface will connect to the CenturyLink service.
I have noticed that the C2000T is about 20 percent faster on download speed tests and on parity with upload speed tests when compared to pfSense running on a SG-4860. Not exactly sure why that would be the case. Still investigating.
Screenshots of the settings below.
 -
-
superweasel, thank you for posting some detail. For some reason new post to thread notifications were not reaching me so I was not aware that new posts had been made.
I tried to follow your instructions and even went so far as to do a complete new install of 2.2.3 to make sure old configuration changes were not affecting me but I still can't get pfsense to work with Centurylink. By following your advice I have made more progress than before. I was unclear about what the WAN link should be set to on Interfaces (assign) so I put it to the PPPoE option created by following your instructions. pfsense then gets an IP address on the WAN link but clients on the LAN can't get to the internet. Screen shots are below, note in PPPtoWAN image that pfsense gets and IP address, can tell it is on the current release but the 1000baseT full duplex is missing. When I set the WAN back to em0 (default) I get the 1000baseT link full duplex but no IP address.
I am sure there is some minor setting I am missing, and I would appreciate any further advice you have.
Thank you in advance for any help you can provide.
-
With an IP address from CenturyLink, the WAN side of the house is all set. IP address from CenturyLink is the critical piece. With PPPoE, pfSense does not report connection speed or duplex.
Make sure the PPPoE Gateway is set as the Default Gateway (System>Routing, see image below). You might also want to add the CenturyLink DNS servers to your DNS list (System>General>DNS servers, see image below).
As for the LAN side, most likely a firewall issue or route issue. Make sure you are not blocking routes to the WAN from LAN (see image below). Just to verify, take a look at Diagnostics>Routes to see if LAN can route to WAN.
Last one, in researching the speed issue with pfSense and gigabit PPPoE connections, I opened a support ticket with pfSense. As of v2.2.3, pfSense will not attain gigabit speeds with PPPoE (https://redmine.pfsense.org/issues/4821).
 -
superweasel, many thanks for your posts. I am now up and running on pfSense!. It turns out the inability for clients to access the WAN was because CenturyLink was moving the IP the assigned to me at the same time I was trying to browse the web from a client. With others asking "when is the internet going to be up again?" instead of taking time to make sure things were right I just assumed there was some setting I was missing.
As to your bug report, I would like to help prove an issue as my pfSense system is yielding about 1/3 to 1/2 the performance I get when using the technicolor modem. I will message you directly about that.
Thank you again for the detail you provided. I appreciate it.
-
I am guessing the PPPoE requirement is region specific as I did not need to set this up here in the Twin Cities (Support also confirmed this as well).
Cheers,
Dan
-
Last one, in researching the speed issue with pfSense and gigabit PPPoE connections, I opened a support ticket with pfSense. As of v2.2.3, pfSense will not attain gigabit speeds with PPPoE (https://redmine.pfsense.org/issues/4821).
Thanks for tracking this down. I've been wondering why I can't get gigabit over centurylink but was able to between hosts on the WAN and LAN interfaces. Didn't think that PPPoE would have been the factor here.
