Using pfSense as the gateway for Bell Fibe bonded DSL
-
I just did the same thing on Rogers and have no problem at all. I put the modem in bridge mode and didn't have to do anything special with pfsense. It just works. However, I have no experience with TV on Bell, so perhaps you might ask in the Bell forums too. Anyone who uses a separate router, not just pfsense, would have the same issues. One other thing, Rogers uses IPv6 for IPTV. Does Bell do the same? If so, you have to enable and configure that. IIRC, Bell does not provide IPv6 over ADSL, though some resellers do over those same phone lines.
-
Bell doesn't offer a bridge mode on the HH3000, just what they call Advanced DMZ mode. This mode allows clients in the DMZ to set up their own PPPoE connection. I did this hoping that their IPTV service can function over any of the PPPoE connections. I'm not sure if Bell uses IPv6 over ADSL, but these are the routes being reported by pfSense in the Diagnostics section:
70.30.233.163 is the address of the WAN (em0) interface once the PPPoE connection has been established. I assume the 10.11.18.41 is the address of the virtual PPPoE interface.
I tried looking for a Bell forum here and came up empty so I cross-posted this to the Bell forum on DSL Reports.
-
I only see link local IPv6 addresses. Every IPv6 capable device will have those.
Regardless, this is more of a Bell modem issue, so you should be talking to someone who has worked with it. I don't know how many will be here. However, once you know the requirements, someone here may be able to help. This is just one more reason I'm glad I'm not on Bell. I have set up several HH2000s for business customers and found bridge mode harder to enable than it should be. With my cable modems on Rogers, setting up bridge mode is trivial, as there's a setting specifically for that.
-
From what I've been able to learn, Bell isn't the only provider taking this approach. Thomson has some documentation on how to achieve this over VDSL in their "Triple-Play Using IPoE for Voice, PPPoE for Data and Bridged Video on Multiple PVCs (with VLANs).pdf". DLink also documents this in their DIR-890L documentation. Others do the same. My suspicion (and hope) is that Bell's implementation is just a slight variation on these approaches.
-
I have VLAN 35 Internet working on direct fiber to Pfsense via media converter. However, on a Bell DSL link VLAN 35 does not seem to be present and cannot get a connection.
HH3000 cannot be put into bridge mode from what I gather, has anyone had any chance getting internet traffic through the DSL H3000? If so can you describe your config ?
I had ipsec tunnels working but NO internet which I can't understand...
thanks -
@claferriere
The only way it works for me is to place the pfSense box into the DMZ on the HH300 and to have pfSense connect using a PPPoE connection configured with your Bell credentials (b1...). Other than that, I was never able to get any VLAN to work. I tried with both DHCP and PPPoE for the VLAN without any success. -
Have you tried running a pcap to see what vlans might be there? 35 seems entirely arbitrary.
Steve
-
Not being a networking expert, please consider my findings to be suspect, at best.
I ran a Packet Capture from pfSense for 100 packets and used WireShark to analyze the resulting capture file. As far as I can tell, there is no VLAN tag in any of the packets. This was performed on the WAN interface which was in the HH3000 DMZ and connected via PPPoE.
I'd love to have a peek at the traffic between the STBs and the HH3000, but every time I've tried connecting these to my switch (Dell 5324) instead of directly to the HH3000 they haven't been able to connect back to Bell's servers.
If I can understand how the STBs and the HH3000 work together, the assumptions behind the setup, then maybe I can mimic this but with pfSense in between, selectively filtering traffic.
Do you have any idea how to accomplish this?
-
Packet Capture, with the default settings, will not display VLAN tags. You have to change the Level of Detail from Normal. I used Full.
-
You may also have to assign the parent interface so you can pcap on that directly.
I would then open the resulting cap file in Wireshark where it's much easier to see what's in there.
The actual captured file is the same whatever the display detail level is set to in the pfSense gui.
Steve
-
I analyzed the pcap in WireShark and didn't find any VLAN-tagged packets. This pcap was performed on the WAN interface but not in promiscuous mode. I left all defaults on the pcap page as-is.
This WAN interface is configured as an IPv4 PPPoE. All traffic save that of the STBs goes through this interface.
In all 100 packets that were captured there was not one with a VLAN tag. There were also no IGMP packets.
@stephenw10, what do you mean by "assign the parent interface"?
-
Did you enable the VLAN ID column in Wireshark? It makes it easier to spot VLAN frames. Otherwise you have to read the frame details.
-
Assign and enable the interface the PPPoE is running on. Leave the IP settings as none.
Run the pcap there, in promiscuous mode. You should then see any VLAN tagged traffic coming into it.
Steve
-
@JKnott
Thanks for the tip! I was inspecting each packet individually.@stephenw10
The interface was assigned and configured with PPPoE as well as enabled for the prior pcap. I enabled promiscuous mode for this run but still don't see any VLAN traffic.Is there a way to pcap the traffic from one of the STBs if I run it through my switch instead of directly to the HH3000? I don't mind if it doesn't manage to connect, but it may be worthwhile to understand how it expects to connect back to the IPTV services.
-
Not the the WAN interface which will be configure as PPPoE. You need to assign the interface that is running on. So it might be igb0 etc.
Then you can pcap on that and see all the incoming traffic including the PPPoE traffic and any VLAN tags.
Steve
-
@stephenw10
Steve! You're a genius!I have VLANs 40 and 41 coming up now. I'm also seeing broadcast packets.
One of the ARRIS set-top boxes is broadcasting pretty regularly (every 0.5s). I haven't seen any broadcast traffic from the other STB, which is the PVR. My suspicion is that the STB which is broadcasting is looking for the PVR STB.
The HH3000 (Sagemcom) is broadcasting spanning-tree packets to VLANs 40, 41, and default (no VLAN).
Both ARRIS set-top boxes are sending multicast UDP packets to 239.255.255.250. These are the only UDP packets in the pcap. I tried running a traceroute to 239.255.255.250 from my workstation but it has no route to that address, indicating that there's some static routing going on that I'd need to replicate, I think.
-
@jerfer said in Using pfSense as the gateway for Bell Fibe bonded DSL:
239.255.255.250 from my workstation but it has no route to that address
That's a multicast address, so there should never be an interface with, let alone a route to that address. With mulitcast, it's up to the router and sometimes switch, to decide whether to pass multicast.
-
Yeah, that will be the set-top boxes trying to subscribe to multicast streams I imagine.
You might need some IGMP proxy config (or something in pimd) if you want to have them connect directly through pfSense.
Steve
-
Hey,
I have a guide that may help you, but it involves eliminating your HH3K. Take a look and let me know if it helps. I don't have Bell TV, but from what I am aware you need to establish a 2nd WAN vLan36 to your Bell Fibe. TV boxes will need to route to vLan36 in order for them to work. Sorry, don't have much more info than that on the TV side.
https://drive.google.com/file/d/1A661DBQYLh8LdSkuoABJXwqFSfCDMInC/view?usp=sharing
Karl
-
@kjoseph
Hi Karl,Thanks, but I'm in a different situation. Not being served by Bell's FTTH (fibre to the home) service, my HH3K is both the VDSL modem and switch. The HH3K internally handles the VLAN switching for the TV boxes and I've not been able to figure out how to replicate that with a pfSense box in the DMZ.
To be honest, I've given up on the whole endeavour. Just when I thought I had it figured out, with TV working on the PVR, I realized that it was only working because the non-PVR TV box was bridging its WiFi and Ethernet connections and the PVR box was being routed over Ethernet to the non-PVR box over then over its WiFi to the HH3K. Everything stopped working the minute I unplugged the non-PVR box. I was actually quite impressed at the level of resilience that was designed into these boxes, they're quite opportunistic.
In any case, I've shelved the project until FTTH becomes available here.
