Configure an PPPoE on an CARP IF



  • Hello,

    I've read that since version 2.4.3 there is the possibility to configure PPPoE on an CARP Interface (VIP), so it will only be active on the master node.

    How is the procedure for this? I tried it, but could not get an successful login with PPPoE if I assign the PPPoE to an CARP VIP.

    From my provider I have to use vlan 7, so I assigned the vlan-IF to my WAN IF and I configured an ipv4 IP to this IF. Afterwards I configured an CARP-VIP for this IF. This CARP-VIP I did assign to the PPPoE configuration.

    With "ifconfig" on the shell, I see both ipv4 IPs I configures (from IF and the CARP-VIP) and an "empty" pppoe-IF. (So no "login" is done via pppoe)

    What is the thing, I am doing wrong?

    Thx, for your help!



  • I have exactly the same question. (I am assuming the facility is still available on pfsense 2.4.4).

    I can find the reference to the facility added at 2.4.3 (https://redmine.pfsense.org/issues/8184), however, I can't find any explanation on how to use this facility.

    In my situation I have a redundant (dual diverse path) main Internet connection that is supposed to be 100% reliable, however, we also have a PPPoE ADSL 'backup' (with a single static address) that I would like connect directly to the pfsense HA pair.

    From the references that I have found to this change in pfsense 2.4.3 it looks to be exactly what I need. However, I have not found any information on exactly how to make it work.

    Does anyone know how to configure a PPPoE link on a HA pair so that only the master is active?

    Thanks in advance,
    Tim



  • Hi,

    I've found out by now, it's actually quite simple.

    First, you add an Carp Interface for your DSL COnnection. (on each machine of you HA pair) Configure this CARP IF on the correct VLAN, you need for this.

    Add an CARP IP address.

    Go to "Interfaces / Interface Assignments" --> PPPs.
    Add the PPP Connection and choose the Carp IP as "Link Interface(s)".

    This is working for me :)

    Hope it helped!



  • Thanks Beerman,

    That sounds remarkably straight forward - I will prototype it and see what happens.

    Thanks again,
    Tim



  • OK,

    This procedure does work, although there are a few tricky bits. So here is a slightly more detailed explanation of what Beerman provided (I hope that I did this correctly). I tested this on the 2.4.4-p1 release of pfsense in a lab environment, the switch to production is a few days away:

    1. Add an Interface that will connect to the ADSL modem. This is either a direct NIC, or possibly a VLAN. I called my Interface 'ADSLMODEM' (very original..). You need to allocate a static IP address to this interface on both of the HA pair (otherwise you can't add a CARP IP). As far as I can see these static IPs don't figure in any way in the PPPoE, so you just use a subnet that you are not using anywhere else. (In my test I used 192.168.77.2 and .3)
    2. Add the CARP IP to the ADSL modem interface. Give this an appropriate IP address, use all the normal CARP settings. (My test was 192.168.77.1).
    3. At this stage I checked that the CARP status showed the interfaces as Master on the Master, and Backup on the Backup of the HA pair. So far, so good. If not, check your cabling, switches, look for typographic errors etc.
    4. Use Interfaces/Assignments/PPPs and add a PPPoE device. This is the important part: you need to select the CARP IP address (192.168.77.1) as the 'Link Interface'. The IP address will just be in the drop down list.
    5. Now on Interfaces/Assignments you can add an interface using the the PPPoE that you have defined. You will find a an entry called 'PPPoE(<somejunkhere>)' in the list of possible 'Network Ports', this is the 'port' to use. After you click '+Add' and 'Save' you click on the 'OPT??' link to edit the new interface - I renamed mine from 'OPT??' to 'ADSL'. Check that the 'IPv4 Configuration Type' is 'PPPoE' - for some reason when I did this step the field was occasionally something else - make sure you select PPPoE and then all the details (login+password) will appear correctly in the interface parameters down the screen. Make sure that you also enable the interface.

    At this point it should all be working. I checked a number of things about the configuration at this point:
    a) In Status/System Logs/PPP on the master firewall there was logging showing the PPPoE trying to establish.
    b) In Status/System Logs/PPP on the backup firewall the logging showed that PPPoE was configured, but nothing was logged about attempting to establish a connection.

    Now I connected my ADSL Modem to the appropriate NIC/VLAN and the master firewall immediately established the PPPoE link.

    At this point I disabled CARP on the master firewall and the HA pair switched over, and what was the backup brought the PPPoE link up, the disabled master logs showed PPPoE as inactive. Enable CARP on the master firewall and the PPPoE link switched back.

    As a final test I added appropriate firewall rules to the 'ADSL' filter and checked some inbound connections using the ADSL circuit. As far as I could see everything worked as expected.

    Thanks again to Beerman for the all important and key information on how to do this.

    Tim



  • This works.
    I just converted a pppoe interface to this just by reassigning the link to the carp ip.
    It is not statefull failover, but in a ppp world is as close as it can get.


Log in to reply