Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Starlink and pfSense

    Scheduled Pinned Locked Moved
    General pfSense Questions
    3
    4
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      monaco_bronco
      last edited by monaco_bronco

      I am not even sure where to start with this. I just got the Starlink system and have a custom box we built with pfSense. Now we currently use this with AT&T cellular and it works great. I am currently moving the Starlink to a full 12v system because we live full time in our RV. My goal is to make this fully 12v as my pfsense is currently on 12v and my Unifi system is on 12v. The final piece is the Starlink. I have a 12v to 48v step up converter that goes to a POE injector. From the POE injector we have the Starlink adapter that have been modified with a rj45 connector instead of the Starlink adapter. I did not want to hack up my cable. I have followed the swap wiring to the 568b Ethernet wiring.

      Anyways that is the back story. Starlink works fine with the Starlink router, but as soon as i unplug it and plug it into the Starlink adapter that goes into the POE and then back into the pfSense WAN port. When I do this i get a IP but the drop and keeps cycling to the point the GUI becomes unresponsive and gives a 504 Gateway Timeout error. If i unplug the Starlink cable, the GUI comes back after about 5 mins. If I leave the Starlink cable plugged in to long the GUI never comes back and i have to reboot the pfSense. Now, here is the kicker. The AT&T internet is still working behind all this.

      I found a guide about adding the rejection from 192.168.100.1 and have added this and still same thing. I have tried disabling the monitoring and gone through what most everyone is saying.

      I really like the pfSense software and would like to get this going but i am feeling this will not end with me not using pfSense.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        We have seen a few reports of Starlink doing some odd things with DHCP. Mostly it seems like the Starlink dish device requires a connected router to pull a private lease first and then offers the real IP. That's a problem for pfSense because it pulls the private IP and then does not pull the real IP.
        You should see that in the logs though.

        Steve

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @stephenw10
          last edited by Gertjan

          @stephenw10 said in Starlink and pfSense:

          Mostly it seems like the Starlink dish device requires a connected router to pull a private lease first and then offers the real IP. That's a problem for pfSense because it pulls the private IP and then does not pull the real IP.

          Such a scheme would need a specially build DHCP client on the (Starlink) router, and its behavior should be simulated on pfSense.

          @monaco_bronco

          I've not seen the proof, or the contrary, of what is already known as the classic modem device behavior : the modem (disk in this case) and pfSense start both at the same time, like an ordinary electric power on situation.
          The modem fires up right away an internal, local DHCP server (so its in the disk) that will hand out a RFC1918, like 192.168.100.0/24 IP. This is quiet handy, as any local device (PC) can connect to it, and access the local (disk) GUI to access the local (disk) GUI for making local settings.
          Back then, this was used to enter the PPPOE authentication settings, needed to create a connection to the ISP.
          pfSense probably boots faster as the modem (or disk) so it obtains a local RFC1918 IP, like 192.168.100.2/24. This IP can't be use for routing as the disk itself hasn't created its uplink yet.
          pfSense concludes a WAN link is present, and might fire of some DNS request or whatever, these are all going to time out : the uplink isn't there yet.
          Now, the magic starts : the modem (disk) has created the uplink (satellites are found, focused etc).
          It will pull down / de activated it's LAN interface for a short moment, and bring it back up again.
          This will be noticed by pfSense : its WAN is going down, and up again.
          The reaction will be : the DHCP client on pfSense will fire up, and asks again for an IP, network, gateway, DNS etc. It will probably ask for the previous 192.168.100.2/24 (IP), but this time the DHCP server in the modem (disk) is not reachable anymore : traffic coming into the modem (disk) LAN interface will get uplinked to the satellites, to arrive somewhere in the (ground based) starlink network : that is where the new 'starlink' DHCP subscriber DHCP server is listing , and it will assign a real WAN IP to you (the subscriber) : to the DHCP client running on pfSense. And of course a valid gateway, network, probably a DNS, etc.

          This two-phase connection looks complicated, but it was actually used by many ISPs that used ADSL (over PPPOE), by Cable-TV ISP's, for many years.

          In the first stage, just after power up, it makes the device (modem, disk) available for local administration - if needed.
          In the second stage, when the uplink down has been established, the pfSense DHCP request is re initiated because of the WAN down up event, and this time the modem (disk) becomes transparent, exactly like a Wifi access point : when you us your phone, you connect to a AP over radio. After the AP, your traffic goes over the wire, but all this is 'invisible' to you.

          My question is :
          Does the 'disk' pulls down it's LAN for a brief moment, when it has finished creating a stable uplink/downlink ?
          If so, then startlink isn't doing anything special, It's the same all trick, and pfSense will be compatible.

          If starlink, the disk, is special .... then someone has to analyze its behavior.
          A smart ( ! ) switch with port mirroring or a good old fashioned hub will be needed.
          It has to be placed between the WAN of starlink router and the LAN of the disk interface.
          And now its packet capture time.
          First DHCP cleint and server traffic. And then 'any' traffic, so the connection scheme can be documented.
          With the results, a 'how to' can be created.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          stephenw10S 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator @Gertjan
            last edited by

            @gertjan said in Starlink and pfSense:

            Such a scheme would need a specially build DHCP client on the (Starlink) router, and its behavior should be simulated on pfSense.

            I agree. If we knew what it actually requires we should be able to do it.
            See: https://forum.netgate.com/topic/176450/starlink-no-internet-when-reject-leases-from-configured

            1 Reply Last reply Reply Quote 0
            • GertjanG Gertjan referenced this topic on
            • GertjanG Gertjan referenced this topic on
            • GertjanG Gertjan referenced this topic on
            • First post
              Last post