No WAN IP on new XG-7100 - with DrayTek Vigor 130 Bridged VDSL

JayMcTee

Hi,

Based in the Netherlands, I have a working internet connection via ISP Budget Internet, they provide the ZTE Experia Box V10 modem/router and all of that works fine. But I have a desire for greater networking capabilities hence bought a Netgate XG-7100 appliance.

As the ZTE unit doesn't offer bridged mode and I didn't want to put the pfSense appliance in its DMZ, I bought a DrayTek Vigor 130 instead.

When I set up the DrayTek Vigor 130 for my ISP and hook up my laptop to its LAN, all is fine. This proves the modem works, the connection works. So then I put it in Bridged mode and on to the pfSense...

That's where I get stuck. I just can't get a WAN IP address.

The Vigor runs on 192.168.1.1 and the pfSense appliance on 192.168.3.1

My ISP runs on VDSL Tag 34 and I tried setting that up in either appliance, but to no avail. On the pfSense appliance I tried that through assigning the WAN interface to a tagged VLAN when not inserting the tag on the Vigor, as well as no VLAN in pfSense (WAN directly on the parent interface) and then the tag injection on the Vigor. No luck either way.

The ISP also requires DHCP option 60 to be enabled, something the Vigor easily allows, so set that up there. Did no try this in pfSense yet as it seemed overly complex with the config file.

I also tried spoofing the original modem's MAC address in both the Vigor as well as in pfSense.

I'm new to pfSense so this whole interface assignment and VLANs is not second nature to me. I have a feeling it's going wrong somewhere there.

The original modem gives me internet. The Vigor gives me internet. Just right when I set the Vigor in bridged mode (MPoA/Dynamic, it's not PPOE or other authenticated method) and the pfSense WAN interface to DHCP, that it won't connect.

The WAN Interface Status is UP but IP always remains 0.0.0.0

Tried various MTU sizes as well (1492 in some guides, default 1500 in others).

So I tried many things, rebooted both the Vigor and Netgate appliance plenty of times too. At a loss what to do next.

Which screenshots should I provide for you to be able to see where I might be going wrong? Appreciate the assistance, thanks!

stephenw10

If you set your laptop to dhcp can it pull an with the modem in bridge mode?

If you do not have the upstream VLAN set in the modem, even in bridge mode, then it would have to be done in pfSense. I expect that to be set in the modem still though.

The dhcp option 60 will need to be set in pfSense if the ISP requires it, the modem cannot do that in bridge mode.
It's easy to add dhcp options in the WAN dhcp client setup though, just check the 'advanced options' box and add the required option.

Steve

JayMcTee

Hi Steve, thanks for taking the time to answer.

1. No, I don't remember that working when the Vigor was in Bridged mode, laptop on DHCP, it would nog get a public IP, just some self-assigned one without an internet connection. I'll retry this tonight or tomorrow though.

2. I did try this VLAN tag in pfSense, see this screenshot:

This concept of parent interface confuses me though. This is the aforementioned lagg0:

How would I know it's the right ports? It says UP in the Interface status, so I suppose it's the right one.

Is the localhost 127.0.0.1 DNS server there up top even correct? I did not set that myself.

3. That DHCP option 60, when I tick Advanced Configuration, it speaks of requiring a path to a config file. I don't seem to be able to just enter the required option right there. From documentation it seems like you used to be able to do that, but that as of now, it requires uploading a config file to the appliance. I'll try that though, I'll report back tonight/tomorrow.

stephenw10

The Draytek V130 appears to be capable of either tagging the traffic on WAN itself or passing through the VLAN. I would suggest tagging the VLAN in the V130 for simplicity:
https://www.draytek.com/support/knowledge-base/5367

If you need to tag the traffic in XG-7100 you will need to configure the switch to pass VLAN 34 tagged between lagg0 and the chosen port. Like so:

You have any documentation from the ISP for Option 60? Does it require a value sent with the option 60 identifier?

Steve

JayMcTee

Thank you, thank you! I will try those routes regarding tagging.

As for option 60, all they say is "it needs to be enabled".

These docs say it's binary, so I suppose 1 will do:
https://docs.netgate.com/tnsr/en/latest/dhcp/options.html

This older thread talks about entering it in the UI with a string: https://forum.netgate.com/api/topic/78736/pfsense-2-2-interface-advanced-dhcp-client-configuration/3?_=1597061934316

There is some mention of it here, but not quite clear on the exact required input:

https://docs.netgate.com/pfsense/en/latest/dhcp/dhcp-server.html

stephenw10

I imagine it should look something like this:

What does it look like in the V130 GUI?

Steve

JayMcTee

@stephenw10 said in No WAN IP on new XG-7100 - with DrayTek Vigor 130 Bridged VDSL:

What does it look like in the V130 GUI?

Like this:

What I did tonight was (no luck unfortunately):

Vigor:

• From https://www.draytek.com/support/knowledge-base/5367 the part that reads "Bridge VLAN Tag from ISP to LAN" so I have this:

Which I now see the table columns have switched compared to the article so it seems I enabled the wrong one...

Then MPoA in Bridged, no MAC spoofing and I did NOT set option 60 here since presumably with Bridged, it'll get lost anyhow.
LAN DHCP Disabled

So the Vigor is simply in MPoA bridged mode, with VLAN tagging on but left empty.

Then on the pfSense side I can't find where you screenshotted the advanced DHCP settings. For me, under the WAN interface set to DHCP, it looks like this:

Now tick Advanced:

Still nowhere to enter DHCP options.

So we tick Config Override:

This is the file upload I mentioned before. I've not tried that yet as I'm not sure on the exact formatting of the file's content.

PS ticking both yields the same:

With your hint I found out how to figure out which port is which:

So I tagged 1 through to 8 as 34:

On the Interface Assignments I put things back to original as the wizard suggested:

WAN on 4090 and LAN 4091

By the way, only under Services > LAN did I find some extra DHCP options, but those are for the LAN side, not the WAN, right? So I didn't touch this:

So it seems I need to reconfigure the Vigor as for the columns mishap, I'll try that now. And I still need to figure out where to set this Option 60 DHCP vendor class. I see how to upload a file and presumably, I will get a file path after upload I can enter in the Advanced DHCP settings. But what should I put in the file exactly?

JayMcTee

Perhaps @frankh who solved it in this thread: https://forum.netgate.com/topic/137690/dhcp-server-option-60/7 can help me on my way with the DHCP override config file format?

All the ISP says is, Option 60 needs to be Enabled. But there seems to be some confusion on whether it's dhcp-class-identifier or a vendor identifier. I've also seen posts suggesting the syntax 'option-60 "1"' also works. If I stick that on just a single line, will that suffice or do I need to copy the original DHCP config in there too?

JayMcTee

@JayMcTee said in No WAN IP on new XG-7100 - with DrayTek Vigor 130 Bridged VDSL:

Which I now see the table columns have switched compared to the article so it seems I enabled the wrong one...

I switched it to the right one, under Consumer, still no joy.
I also added Option 60 with data just the number 1 in the Vigor, still no joy.

Still have doubts about the interface assignment for WAN. I don't get why it has to be "VLAN 4090 on lagg0 (WAN)" instead of directly on the said ETH1 port, which I can't choose on its own.

Hopefully more luck tomorrow, we must be getting close...

stephenw10

DHCP server options are very different to dhcp client options. That thread is probably not helpful here unfortunately.

Here is what I would do:

Set the customer VLAN tag to 34 in the V130.

Remove the VLAN interface and vlan settings from the switch in pfSense.

Just use the WAN interface there directly with the default switch setup so that traffic arrives from pfSense untagged to the V130 and the V130 tags it onto the VDSL.

In the WAN dhcp setup check advanced options, uncheck config override.

In the lease requirements section that appears below that enter in the 'send options' field:
dhcp-class-identifier "dhcp-class-identifier1"

It probably doesn't matter what the data is there but that's what the Draytek is sending.

Try that then check the dhcp logs for dhclient entries.

Steve

JayMcTee

@stephenw10 said in No WAN IP on new XG-7100 - with DrayTek Vigor 130 Bridged VDSL:

In the WAN dhcp setup check advanced options, uncheck config override.
In the lease requirements section that appears below that enter in the 'send options' field:

Thanks again Steve!

This part though, I see it in your screenshot, but as per my screenshot, I don't have this field in the WAN DHCP setup:

How did you browse to the "Lease Requirements and Requests" form that you screenshotted earlier?

stephenw10

It should appear imediately below the client config section when you enable advanced config:

It's normally hidden by client side script. Try a different browser if you don't see it or check your browser plugins, something may be blocking it.

Steve