Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Transparent Firewall with VLAN [Looking for advice]

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      Kyrra
      last edited by

      I've been following the various guides/posts on this forum (like https://forum.pfsense.org/index.php?topic=50711.0 ) to get this setup, but haven't had any luck yet that I've been able to tell.

      This is for a home setup (with awesome CenturyLink that decided to use VLAN 201 for all its setup), then PPPoE on-top of that (followed this guide: https://kdemaria.wordpress.com/2015/04/22/how-to-configure-pfsense-2-2-2-for-centurylink-gigabit-seattle-edition/ ).  I currently have PFSense setup to act as the router (handling VLAN, PPPoE login, NAT, DHCP server, firewall, etc…). I don't have the CenturyLink provided modem in the mix since it's not needed.

      What I'd like to do is just have the PFSense box handle the VLAN 201 mapping for me, but then have a router on the other side do PPPoE and to get the WAN IP (making PFSense just do transparent firewall and VLAN work).

      Setup I've tried:

      Bridge: WAN <---> LAN  (type: static ipv4 address, no gateway)
      WAN: igb0_vlan201  (type: none)
      LAN: igb1  (type: none)

      Right now when I've tried going down this path, the router beyond PFSense never completes the PPPoE login.  Watching pftop I see a lot of UDP activity appear, but I'm guessing nothing is making it through.  I've made sure to create Any* rules on all 3 interfaces, but that doesn't seem to help.

      I'm just looking for some tips on which logs to check or things to look for in those logs that may be telling as to why this is failing me.  Any help would be much appreciated.

      Edit: 2017-09-28 - This is working now without issue.  There was some issues with the wifi unit dropping the connection, but it has since been fixed.

      1 Reply Last reply Reply Quote 0
      • K Offline
        Kyrra
        last edited by

        After a bit of playing around, I'm guessing the router I'm trying to use (Google Wifi or OnHub) for this doesn't work quite right.  My setup was:

        [internet (vlan 201)] <–--> [PFSense bridge (strips vlan)] <–--> [wifi-router]

        After removing the wifi-router that refused to establish a PPPoE connection, I put a windows box in its place and it was able to do the PPPoE connection without issue.  Possible suggestions looking around may be that it doesn't handle MTU sizes.  So this setup actually worked just fine:

        [internet (vlan 201)] <–--> [PFSense bridge (strips vlan)] <–--> [windows desktop]

        I'll play with it more, but I'm guessing there is some MTU or PPPoE handshake that the Google Wifi point doesn't seem to like.

        1 Reply Last reply Reply Quote 0
        • pttP Offline
          ptt Rebel Alliance
          last edited by

          And what advantages do you think this setup, over setting PPPoE in pfSense WAN,  will brings to you ?

          1 Reply Last reply Reply Quote 0
          • K Offline
            Kyrra
            last edited by

            @ptt:

            And what advantages do you think this setup, over setting PPPoE in pfSense WAN,  will brings to you ?

            I'd prefer for PFSense to stay my router, but I'm trying to do a mesh wifi setup, and all the consumer ones all seem to require one of their APs to be the router in the network setup. So if I leave PFSense as the router, the wifi mesh network will be dual NATing.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.