Testing feedback with EDGE router configuration

gnhb

Hello pfSense Team,

First, thanks for a great project and product. I'm looking forward to getting it running.

I'm a new pfSense user and I'm building an EDGE/HSxPA and 802.11x router with an ALIX2D3 board. I'm currently using a Nokia phone as the EDGE modem but plan to switch to a dedicated USB EDGE/HSDPA modem soon. Here's my issue.

I'm using this snapshot: pfSense-2.0-ALPHA-ALPHA-20090403-2118.img

1. When I plug in the EDGE modem (phone) pfSense successfully detects the modem and creates the /dev/ttyU0 device and /dev/cuaU0 device. I can go the the 'Interfaces -> (assign)' area of the webgui and configure my PPP setting to use the device and the proper phone # to dial, etc. pfSense creates the interface as ppp0 according to the web gui.

2. I can select "PPP /dev/cuaU0" for the WAN interface assignment.

3. When I "Save" and "Apply Changes" pfSense successfully dials out and creates a connection through the modem. An 'ifconfig' command at the command line shows that a 'ppp0' interface has been created and has an IP assigned by the ISP.

Good so far.

However, there is a discrepancy because when I go to "Status -> Interfaces" or "Status -> Dashboard" the WAN interface is shown as "Down." I believe this is because the WAN interface is being call ppp_cuaU0 in certain parts of the config, and "ppp0" in others. See examples from config.xml and sys logs below. ( 'ppp0' is used in <ppp><pppif>and 'ppp_cuaU0' is used in <wan><if>)

Also, DNS servers are not added to resolv.conf after the PPP connection is established, nor is the route table changed to reflect the PPP connection. I was able to enter static DNS servers and add a gateway route to the ppp0 interface manually from the command line. I could then ping out to internet hosts from the command line, but I could not get hosts on the LAN to successfully connect to internet hosts.

I hope this helps. I would love to get this working soon. Please let me know if I can do anything else to help.

Oh, I tried to use the "Edit File" area of the web gui to change the <wan><if>part of config.xml to say "ppp0" but it said "write failed".
How can I make changes that get flushed back to the CF card? That might allow me to solve my problem myself. (maybe)
And what command and config file is being used to generate the ppp connection?

Thanks,
GN

Config sections and log entries . . .

Feb 9 23:47:36 php: /interfaces.php: The command '/sbin/ifconfig 'ppp_cuaU0' up' returned exit code '1', the output was 'ifconfig: interface ppp_cuaU0 does not exist'
Feb 9 23:47:36 php: /interfaces.php: The command '/sbin/ifconfig 'ppp_cuaU0' delete down' returned exit code '1', the output was 'ifconfig: interface ppp_cuaU0 does not exist'
Feb 9 23:47:36 php: /interfaces.php: The command '/usr/sbin/arp -d -i ppp_cuaU0 -a' returned exit code '1', the output was 'arp: interface ppp_cuaU0 does not exist'
Feb 9 23:46:19 check_reload_status: reloading filter
Feb 9 23:46:12 check_reload_status: reloading filter</if></wan></if></wan></pppif></ppp>

eri--

Yeah its a known issue.
I have yet to merge the working ppp config code i wrote sponsored by a company.

But since we are switching to FreeBSD 8 soon there i sno point in doing that since ppp does not exist anymore in there.

Sorry but you'll have to wait till we switch the ppp to mpd.

gnhb

Update for anyone that might find it useful.

I made some progress with the same images by manually changing the config.xml file at /cf/conf/config.xml

(First, you have to mount the /cf directory as -rw. Use the command: mount -u -w /dev/pfSenseCfg (double check the /dev path. I'm not sure its right))

then . . .

vi /cf/conf/config.xml

Find the section with the <wan>label and change the <wanif>value to ppp0 instead of ppp_cuaU0. You can do this from the web interface too. I found it impossible to use vi over the serial port.

Then, reboot and the ppp0 link should come up.

You can also bring the ppp link up from the command line by doing a 'pppd call ppp_cuaU0' or instead of ppp_cuaU0 you should use whatever script you find in /etc/ppp/peers that doesn't end in 'chat'.

I also modified the file (I think its /etc/int/interfaces.inc) and uncommented the line that adds "defaultroute" to the ppp dialup script. That enables ppp to create a default route which it wasn't doing before. You have to reboot after making this change too because the interfaces.inc file generates your ppp control and chat scripts for you in /etc/ppp/peers.
You also have to use the mount -u -w command for the partition that this file is on. Do a 'df' to see the partitions and their associated devices.

Now, if you have the same luck I did, you can ping out to internet hosts from the pfsense command line.
I was also able to get DNS responses when using a host on the LAN, but I was never able to get connectivity from the LAN to the WAN other than DNS. I tried to figure it out for a while but couldn't get it.

Okay, cheers.

GNB</wanif></wan>

gnhb

Another update . . . [My heel has been in a cast since last Saturday, so I don't have much else to do but try to get this to work :) ]

My main problem now is that routing of packets between LAN and WAN is broken. I don't know why.

Even if I make pppd add the default route, routing doesn't work . . . AND then a few minutes later, the system deletes that default route from the routing table. Hah! Thanks anyway BSD . . . I'm guessing it's the routed deamon doing that.

HELP? anyone know how do deal with this? pftop reports CLOSED:SYN_SENT for the connections (ICMP) from LAN to WAN

pfsense:/usr/local/www# route add default 10.6.6.6 <–-- This is my ISP's remote ppp IP
add net default: gateway 10.6.6.6
pfsense:/usr/local/www# pftop

pfTop: Up State 1-14/14, View: default, Order: none, Cache: 10000 14:01:06

PR DIR SRC DEST STATE AGE EXP PKTS BYTES
tcp In 192.168.2.253:59430 192.168.2.1:22 ESTABLISHED:ESTABLISHED 01:06:43 23:59:55 12241 3068952
tcp In 192.168.2.253:36825 192.168.2.1:22 ESTABLISHED:ESTABLISHED 00:39:41 23:59:46 718 84140
udp Out 192.168.2.1:52783 239.255.255.250:1900 SINGLE:NO_TRAFFIC 00:06:30 00:00:01 104 37466
udp In 192.168.2.253:33955 192.168.2.1:53 MULTIPLE:MULTIPLE 00:02:03 00:00:57 32 2282
tcp In 192.168.2.253:43874 63.245.209.93:80 CLOSED:SYN_SENT 00:01:16 00:00:44 1 60
tcp Out 192.168.2.253:43874 63.245.209.93:80 SYN_SENT:CLOSED 00:01:16 00:00:44 1 60
tcp In 192.168.2.253:48367 192.168.2.1:80 FIN_WAIT_2:FIN_WAIT_2 00:01:07 00:00:56 141 78592
tcp In 192.168.2.253:34387 72.14.221.136:80 CLOSED:SYN_SENT 00:00:29 00:01:31 2 148
tcp In 192.168.2.253:60173 72.14.221.91:80 CLOSED:SYN_SENT 00:00:29 00:01:31 2 148
tcp In 192.168.2.253:58538 72.14.221.93:80 CLOSED:SYN_SENT 00:00:29 00:01:31 2 148
tcp In 192.168.2.253:44713 72.14.221.190:80 CLOSED:SYN_SENT 00:00:29 00:01:31 2 148
tcp In 192.168.2.253:48371 192.168.2.1:80 ESTABLISHED:ESTABLISHED 00:00:23 23:59:38 162 104127
icmp In 192.168.2.253:0 206.190.60.37:34334 0:0 00:00:14 00:00:00 10 700
icmp In 192.168.2.253:0 211.78.162.151:5151 0:0 00:00:03 00:00:17 2 140

HERE's the routing table after I add the default route . . ..

pfsense:/usr/local/www# netstat -rW
Routing tables

Internet:
Destination Gateway Flags Refs Use Mtu Netif Expire
default 10.6.6.6 UGS 0 11 1500 ppp0
10.6.6.6 10.174.xx.xxx UH 1 330 1500 ppp0
localhost localhost UH 0 0 16384 lo0
192.168.2.0 link#1 UC 0 0 1500 vr0
192.168.2.253 00:1e:68:95:ee:61 UHLW 1 5849 1500 vr0 75

So, if you want to fix the configuration of PPP as in WAN interface through the webGUI, do this . . . .

changes to make 2.0 ALPHA-ALPHA work with PPP over GPRS/EDGE

the next command is for embedded versions only to make the filesystem writeable.
at the command line for embedded versions only. . .

pfsense:~# mount -u -w /dev/ufs/pfSense

all versions continue here

pfsense:~# vi /usr/local/www/interfaces_assign.php

then find this section and comment out or modify your file so it looks like below . . .
The only change is the "$portname =" line

/* add PPP interfaces /
if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) {
$i = 0;
foreach ($config['ppps']['ppp'] as $ppp) {
/ $portname = 'ppp_' . basename($ppp['port']); */
$portname = $ppp['pppif'];
$portlist[$portname] = $ppp;
$portlist[$portname]['isppp'] = true;
$i++;
}
}

Save this file and exit after making changes.

Next edit the php file that sets up your ppp interface. In this file the LocalIP and RemoteIP fields labels are reversed so we switch them.

pfsense:~# vi /usr/local/www/interfaces_ppp_edit.php

Find the section that looks like this and change the line that starts with "

Local IP

Note: This is needed if you connect to a private system and are given a static ip.

Remote IP

Note: This is where the packets will be routed, aka gateway on normal ip routing.

gnhb

AhhhHaaaa!!!!

Right . . . My ISP uses 10.6.6.6 as the gateway and assigns me a 10.x.x.x address. Therefore, I have to uncheck the little box that says "Bock private networks" on the WAN configuration page.

Okay, now I'm successfully routing from LAN to WAN where WAN is a PPP over a GPRS/EDGE USB modem (actually, a Nokia Xpress Music 5310 phone.

Now, if I can just get BSD to stop deleting my default route . . . maybe that fixed itself too. We'll see . . .

GNB