Problems connecting via PPOE

andrema2 · Apr 30, 2020, 2:04 PM

Hi

I have an ISP that uses a modem/router. I changed it to bridge and used to have an Asus AC88U as the router using PPOE to connect to the ISP. Everything used to be ok.

Since I put the Pfsense to work, I'm unable to have it as the router replacing the Asus. Pfsense is directly connected to the Modem and Asus is connected to the LAN port in the Pfsense. Asus is now set to be an access point.

Pfsense in the WAN is set for PPOE and uses the same password I used to use in the Asus router. The WAN keeps show it's down. In the logs I can see it trying over and over and saying the lpcd is down.

I google and saw different configurations and tried them all to no avail.

Changed the Pfsense to VLAN10 for the WAN
Changed to VLAN2
used the same MAC of the ISP WAN port
Reinstalled the Pfsense from scratch.

If I change the modem back to Router and the Pfsense to DHCP it works, but then I have a double NAT that breaks my PLEX.

Does anyone knows how to overcome it and make the pfsense to connect via PPOE ?

By the way, I live in Brazil and my ISP is Vivo in São Paulo. It might help.

Thanks

DaddyGo · May 1, 2020, 10:07 AM

You mean, like (point 3. in your list), the Asus WAN MAC has been cloned into the pfSense box WAN interface?
MAC spoofing usually helps, if Asus worked in this configuration anno.
Is Asus provided by your ISP or have you already installed it by self?

andrema2 · May 1, 2020, 11:33 AM

@DaddyGo I have cloned both the ASUS and the modem/router from the ISP. I didn’t work.

The ASUS is mine. I have bought it.

Yesterday I saw in the modem that even while in bridge, the ISP router showed as connected. I think it’s odd since the connection should come from pfsense. If it was true then the connection from pfsense shouldn’t work since it would be the second connection at the same cable.

I’ll try latter to see what happens if I put back the ASUS as the router. If it works even with the connected showing in the ISP modem, then it is not the problem.

DaddyGo · May 1, 2020, 12:08 PM

What was the original ISP router you replaced with Asus?
When you are not physically connected (original ISP router), how can you still see on the modem admin page?
Have you restarted the modem?

andrema2 · May 3, 2020, 1:55 PM

@DaddyGo , asus was always the router, although in the begining I used to have a double nat. So, the modem/router from the ISP was there too.

The modem is an ASKEY RTF3507VW-N1. It still there configured as a bridge now. Yes, I can still access the modem. It has it's own network, so I can connect directly with a fixed IP.

Yes, I have restarted both equipment many times. I also left the modem unplugged from the power outlet for a couple of minutes, so it could really disconnect from the ISP. But, as I said, when I connect I still can see it's as connected.

Later today I'll connect the Asus directly as the main router an see it it can connect via PPOE. If it does, then is something in the configuration of the Pfsense.

sorry for the long delay

DaddyGo · May 3, 2020, 2:37 PM

I see this as a popular ISP device in Brazil, ONT + router combo,
if the device is in bridge mode, on which port will the bridge be available?
Good idea, put Asus back on the bridged port first and see if you get this dynimic IP (from public IP range)

In case Asus picks up a public IP, you have won the case.....
Then clone the Asus WAN MAC address on the pfSense WAN interface (MAC address spoofing)

Pls pay attention, as I have written above, bridge mode is usually connected to one eth. port, here in Portugal, for example, in the MEO system, the 4th ethernet port is always on the bridge, on the ISP Technicolor router (the others remain NAT ports without DHCP)

andrema2 · May 22, 2020, 11:48 AM

I was able to put the MODEM into bridge mode and connect a notebook via UTP cable and set it to PPOE. The connection couldn't be easier, just username and password. It connected and I was able to surf the internet.

When I connect the pfSense using the same port on the MODEM is the same issue as before. It tries to connect over and over again.

The log doesn't show much.

Doing a search I found this very old thread

I'm pasting the last comment here

SOLVED SOLVED SOLVED
quick answer: disable ACPI on boot choosing option 2!

Later follow http://doc.pfsense.org/index.php/Booting_Options#Disabling_ACPI to make it permanent.

long history:
I was having another problems with that machine… and it was not production yet... so I started to debug.
I was worried about how slow it was!
I was worried about error messages about timeout and missing interrupts on NICs.
I was worried about PPPoE do not work JUST FOR ME ... and I REALLLY WANNA TO HAVE PPPoE to avoid double NAT!
So I started to change settings / replace items!

I replate 2 NICs twice
I replace all CABLES involved
I replace ADSL modem
nothing helps.
I choose DHCP to WAN and discovered my future pfSense2 firewall was taking 1 minute to get an IP from modem... on a direct connection.
So... should be something on machine...not in pfS2, not in other HW (NIC, cable, modem).

With that information was easy...  my first tought was to disable ACPI... a long history of problems with it (never one had included this sintoms!)
in just one minute I was a HAPPY user!

Now I'll SCREAM this in ANY forum I can find SOMEONE with PPPoE problem... it's a simple and quick test!!!

He says that his ISP is GVT, which was acquired by Vivo years ago, so I believe it is fair to assume the problem is similar.

I tried to disable the ACPI using hint.acpi.0.disabled="1" at /boot/device.hints

When I restarted pfsense it had a kernel panic because ACPI was disabled. I had to reinstall pfsense to be able to get rid of this setting (I guess there is another way to edit it, but I don't know how).

Anyway, the test with my Mac showed that the issue is with my pfsense/pfsense HW. Since I don't have a managed switch I can't do a packet capture to see what is going on and to have more information.

Any ideas ? As this other guy, I really would like to get rid of the double nat.

DaddyGo · May 22, 2020, 12:14 PM

We haven't talked about exactly what pfSense hardware you're using yet, what network card is in it?

let me think a little.....
I will read through the relevant posts all the way to get a better picture,
there may be such hidden things due to hardware, like this:

the above is just an example, don’t use it until we rethink

andrema2 · May 22, 2020, 1:35 PM

Hi

My HW is a mini PC Intel Atom E3845, 32Gb RAM with 4 NICs Intel PRO/1000.

I hope it helps

andrema2 · May 24, 2020, 6:38 PM

The panic message that I get when I disable the ACPI is:

panic: running without device atpic requiresa local APIC
cpuid = 0
KDB: enter: panic

Maybe it would help

DaddyGo · May 25, 2020, 3:34 PM

@andrema2 said in Problems connecting via PPOE:

Atom E3845

This may be a Minisys Atom E3845 or Qotom mini PC because I remember ACPI problems with Qotom ...???

andrema2 · May 25, 2020, 5:05 PM

I don't know the maker of my system. I tried to figure it out to update the BIOS, but I couldn’t. I use the DMI for it, but the manufacturer fields was left empty.

In the cases you mentioned, is there a way to circunvent it ?

Do you think a TCPDUMP could help figure out what is going on ?

Again, I'm really trying to get rid of the double NAT.

Thanks for all your help

DaddyGo · May 25, 2020, 5:38 PM

Unfortunately, double NAT remains until you can connect to your ISP with PPPOE and get public IP on the WAN interface...

What you can see on the mainboard tab with this little app?
https://www.cpuid.com/softwares/cpu-z.html

Packet Capture:
Sure, if you could see a set of log data, we could move forward, but it's also important what hardware we're struggling with right now.

BTW: Have you cloned your old ASUS WAN MAC address on pfSense (MAC spoofing)?
If I remember correctly you said in the past that ASUS works perfectly, it worked in this setup