Modem GUI/SSH access stops when pfsence has active PPPOE connection.
-
@netblues must be something in settings.. If I plug in 2nd cable to LAN switch there is no access. But then if I manually change IP on my PC adapter properties to 192.168.3.2 (modem is 192.168.3.1) I can access the modem GUI. But then I have no access to internet and pfsense as it bypasses its lan (192.168.1.0).. any ideas? Maybe virtual IP?
-
@girtsj
Hey
Show the rules on the Lan interface
I have a hunch you're redirecting traffic through the openvpn tunnel . -
@konstanti here:
Rule 1 from top forwards certain sites to VPN as some are blocked in UK.
Rule 2 forwards my synology nas to VPN.
Rule 3 forwards the rest of LAN to wan gateway so it dont go to VPN. -
@girtsj
1 NAT not needed
2 create a rule after the first
source 192.168.1.0 / 24 destination 192.168.3.0 / 24 and default gateway
For example
-
@konstanti like this?
Still no dice.. -
@girtsj
I don't see the ModemAccess interface in the picture -
@konstanti sorry disabled it
still a no-go -
@girtsj said in Modem GUI/SSH access stops when pfsence has active PPPOE connection.:
still a no-go
Diagnostics/ Packet Capture
Interface ModemAccess
Show me the result of the packet capture.
And Huawei IP route table -
I'm sorry, I think NAT needs
Another option is to change the IP address of the modem, for example, 192.168.1.55/32 with default gateway 192.168.1.1 (don't know which gateway address). And plug the cable from the modem into the network switch . And test the connection -
@konstanti thought that without nat rule it won't work.
Will give this a go. -
I really don't get it.. Huawei PPPOE connection is binded to LAN1 port on modem. GUI access is through LAN2. MODEMACCESS interface on pfsense is on different port than WAN. It all works:
22:12:45.552442 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 0
22:12:45.552885 IP 192.168.3.1.80 > 192.168.3.2.55771: tcp 0
22:12:45.553547 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 0
22:12:45.554795 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 610
22:12:45.555131 IP 192.168.3.1.80 > 192.168.3.2.55771: tcp 0
22:12:45.557256 IP 192.168.3.1.80 > 192.168.3.2.55771: tcp 112
22:12:45.557630 IP 192.168.3.1.80 > 192.168.3.2.55771: tcp 434
22:12:45.557918 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 0
22:12:45.558918 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 0
22:12:45.559042 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 0
22:12:45.560042 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 0
22:12:45.560417 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 0
22:12:45.560541 IP 192.168.3.2.55771 > 192.168.3.1.80: tcp 0
22:12:45.560628 IP 192.168.3.1.80 > 192.168.3.2.55771: tcp 0
22:12:45.867621 IP 192.168.3.2.31225 > 192.168.3.1.80: tcp 0
22:12:45.867862 IP 192.168.3.2.7015 > 192.168.3.1.80: tcp 0
22:12:45.868066 IP 192.168.3.1.80 > 192.168.3.2.31225: tcp 0
22:12:45.868191 IP 192.168.3.1.80 > 192.168.3.2.7015: tcp 0
22:12:45.868360 IP 192.168.3.2.31296 > 192.168.3.1.80: tcp 0
22:12:45.868690 IP 192.168.3.1.80 > 192.168.3.2.31296: tcp 0
22:12:45.868861 IP 192.168.3.2.34624 > 192.168.3.1.80: tcp 0Until i log into PPPOE. It all goes dead..
-
@girtsj You can download capture ?
I need a file packetcapture.cap -
@konstanti here You go. Just rename extension to .cap. Can't upload otherwise. This is with PPPOE inactive by the way.
0_1546208810275_packetcapture.txt -
@girtsj
When is active ?
I so understand that now access to the modem is possible ? -
@konstanti no. access is not working when pppoe session is live. cap file was generated when pppoe was inactive. I changed to wrong password so it cant log in to my ISP.
-
@girtsj
and you can get a cap file when pppoe is active ?? -
@konstanti here You go
0_1546210937815_packetcapture.zip -
@girtsj
the file is empty
there's no traffic ? -
@konstanti i believe so. There was nothing on the screen log, too. Seems like pppoe session kills it all. Think i am ready to give up. Been sctraching my head for about a month..
-
The modem interface has no "gateway" to set so will not be able to reach something outside its subnet without some special help upstream. You have to be in the same subnet to reach port 2.
What happens when you give the modem an address inside your LAN subnet and connect that to your LAN switch?
