Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Getting private/local IP on WAN

    General pfSense Questions
    3
    64
    6.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aelakkad @stephenw10
      last edited by

      @stephenw10 do you know any other mpd options that might help? it's literally a 3-second difference

      A 1 Reply Last reply Reply Quote 0
      • A
        aelakkad @aelakkad
        last edited by

        @aelakkad it connects fine on windows and on the router itself so why does pfsense force 9 seconds when it could be more than that?

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Without seeing the actual pcap data it's hard to see exactly what the timing is. It look to me like pfSense is sending requests with increasing delays; 2s then 4 s etc. The server sends a response after ~4s nd that restarts pfSense's sequence. So pfSense could be rejecting the response, without logging that for some reason. That could be because it's a response to the first request not the current one.

          Try adding: set debug X where X is 0 by default but can be higher.

          A 2 Replies Last reply Reply Quote 0
          • A
            aelakkad @stephenw10
            last edited by

            @stephenw10 do I add it in the /conf/mpd_wan.conf file or in the tcpdump commad?

            1 Reply Last reply Reply Quote 0
            • A
              aelakkad @stephenw10
              last edited by aelakkad

              @stephenw10

              Im trying to highlight them below, they look very consistent and keeps going like that the difference is almost exactly 10 seconds

              00:54:15.668893 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:16.358748 PPPoE PADO [Host-Uniq 0x8072780400F8FFFF] [Service-Name] [AC-Name "RMS-BNG-NE40X8A-04"]
00:54:17.397076 IP6 fe80::b2be:76ff:fee1:d6fb > ff02::1: ICMP6, router advertisement, length 32
**00:54:18.540483 PPPoE PADI [Host-Uniq 0x4071780400F8FFFF] [Service-Name]**
00:54:18.674857 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:20.554203 PPPoE PADI [Host-Uniq 0x4071780400F8FFFF] [Service-Name]
00:54:21.680748 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:23.659903 ARP, Request who-has 192.168.1.100 (00:1b:21:48:da:98) tell 192.168.1.1, length 46
00:54:24.138309 ARP, Request who-has 192.168.100.101 tell 192.168.100.200, length 46
00:54:24.645205 PPPoE PADI [Host-Uniq 0x4071780400F8FFFF] [Service-Name]
00:54:24.686743 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:24.798613 ARP, Request who-has 192.168.100.101 tell 192.168.100.200, length 46
00:54:25.158660 ARP, Request who-has 192.168.1.100 (00:1b:21:48:da:98) tell 192.168.1.1, length 46
00:54:25.793111 ARP, Request who-has 192.168.100.101 tell 192.168.100.200, length 46
00:54:26.790738 IP6 fe80::b2be:76ff:fee1:d6fb > ff02::1: ICMP6, router advertisement, length 32
00:54:27.692753 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:27.930098 IP 192.168.100.200.5353 > 224.0.0.251.5353: UDP, length 36
00:54:27.935885 IP6 fe80::7367:caec:5679:6871.5353 > ff02::fb.5353: UDP, length 36
00:54:27.943973 IP 192.168.100.200.5353 > 224.0.0.251.5353: UDP, length 36
00:54:27.944048 IP6 fe80::7367:caec:5679:6871.5353 > ff02::fb.5353: UDP, length 36
00:54:27.944591 IP 192.168.100.200.5353 > 224.0.0.251.5353: UDP, length 36
00:54:27.944800 IP6 fe80::7367:caec:5679:6871.5353 > ff02::fb.5353: UDP, length 36
00:54:27.945330 IP 192.168.100.200.5353 > 224.0.0.251.5353: UDP, length 36
00:54:27.945618 IP6 fe80::7367:caec:5679:6871.5353 > ff02::fb.5353: UDP, length 36
00:54:27.946011 IP6 fe80::7367:caec:5679:6871.57683 > ff02::1:3.5355: UDP, length 30
00:54:27.946488 IP 192.168.100.200.57683 > 224.0.0.252.5355: UDP, length 30
00:54:27.946890 IP6 fe80::7367:caec:5679:6871.55593 > ff02::1:3.5355: UDP, length 30
00:54:27.947475 IP 192.168.100.200.55593 > 224.0.0.252.5355: UDP, length 30
00:54:28.352433 IP6 fe80::7367:caec:5679:6871.57683 > ff02::1:3.5355: UDP, length 30
00:54:28.354092 IP 192.168.100.200.57683 > 224.0.0.252.5355: UDP, length 30
00:54:28.354704 IP6 fe80::7367:caec:5679:6871.55593 > ff02::1:3.5355: UDP, length 30
00:54:28.355150 IP 192.168.100.200.55593 > 224.0.0.252.5355: UDP, length 30
00:54:28.355441 IP 192.168.1.52.137 > 192.168.1.255.137: UDP, length 50
**00:54:28.470082 PPPoE PADO [Host-Uniq 0x4071780400F8FFFF] [Service-Name] [AC-Name "RMS-BNG-NE40X8A-04"]**
00:54:28.935532 IP 192.168.100.200.5353 > 224.0.0.251.5353: UDP, length 36
00:54:28.935968 IP6 fe80::7367:caec:5679:6871.5353 > ff02::fb.5353: UDP, length 36
00:54:28.936780 IP 192.168.100.200.5353 > 224.0.0.251.5353: UDP, length 36
00:54:28.937048 IP6 fe80::7367:caec:5679:6871.5353 > ff02::fb.5353: UDP, length 36
00:54:28.949563 IP 192.168.100.200.5353 > 224.0.0.251.5353: UDP, length 36
00:54:28.950227 IP6 fe80::7367:caec:5679:6871.5353 > ff02::fb.5353: UDP, length 36
00:54:28.960429 IP 192.168.100.200.5353 > 224.0.0.251.5353: UDP, length 36
00:54:28.969292 IP6 fe80::7367:caec:5679:6871.5353 > ff02::fb.5353: UDP, length 36
00:54:29.116704 IP 192.168.1.52.137 > 192.168.1.255.137: UDP, length 50
00:54:29.129630 ARP, Request who-has 192.168.1.100 (00:1b:21:48:da:98) tell 192.168.1.1, length 46
00:54:29.277519 IP 192.168.100.200.60157 > 255.255.255.255.161: UDP, length 124
00:54:29.278496 IP 192.168.100.200.60158 > 255.255.255.255.161: UDP, length 124
00:54:29.882069 IP 192.168.1.52.137 > 192.168.1.255.137: UDP, length 50
00:54:30.567661 IP6 fe80::b2be:76ff:fee1:d6fb > ff02::1: ICMP6, router advertisement, length 32
00:54:30.698656 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
**00:54:31.627479 PPPoE PADI [Host-Uniq 0x00636E0100F8FFFF] [Service-Name]**
00:54:31.926491 ARP, Request who-has 192.168.100.1 tell 192.168.100.200, length 46
00:54:32.795708 ARP, Request who-has 192.168.100.1 tell 192.168.100.200, length 46
00:54:33.662210 PPPoE PADI [Host-Uniq 0x00636E0100F8FFFF] [Service-Name]
00:54:33.704738 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:33.799981 ARP, Request who-has 192.168.100.1 tell 192.168.100.200, length 46
00:54:34.461711 IP6 fe80::b2be:76ff:fee1:d6fb > ff02::1: ICMP6, router advertisement, length 32
00:54:35.071239 ARP, Request who-has 192.168.1.1 tell 192.168.1.52, length 46
00:54:36.710565 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:37.581609 IP6 fe80::b2be:76ff:fee1:d6fb > ff02::1: ICMP6, router advertisement, length 32
00:54:37.688202 PPPoE PADI [Host-Uniq 0x00636E0100F8FFFF] [Service-Name]
00:54:39.716545 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
**00:54:41.552605 PPPoE PADO [Host-Uniq 0x00636E0100F8FFFF] [Service-Name] [AC-Name "RMS-BNG-NE40X8A-04"]**
**00:54:42.666463 PPPoE PADI [Host-Uniq 0xC0616E0100F8FFFF] [Service-Name]**
00:54:42.722492 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:44.680206 PPPoE PADI [Host-Uniq 0xC0616E0100F8FFFF] [Service-Name]
00:54:48.680190 PPPoE PADI [Host-Uniq 0xC0616E0100F8FFFF] [Service-Name]
00:54:48.734461 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
00:54:51.740395 IP 192.168.1.1.37316 > 255.255.255.255.7437: UDP, length 173
**00:54:52.592469 PPPoE PADO [Host-Uniq 0xC0616E0100F8FFFF] [Service-Name] [AC-Name "RMS-BNG-NE40X8A-04"]**
00:54:52.859371 IP6 fe80::b2be:76ff:fee1:d6fb > ff02::1: ICMP6, router advertisement, length 32

              8cbcb233-ed6b-41b6-a4f9-e97475b26c73-image.png

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                The debug line would be in the mpd_wan.conf file.

                Ok, so we can see the unique id of the request is sent 3 times then the server replies. But it could be replying to any of those three requests.

                The fact that the reply triggers pfSense to start with a new request though seems indicate it's refusing the offer.

                A 1 Reply Last reply Reply Quote 0
                • A
                  aelakkad @stephenw10
                  last edited by aelakkad

                  @stephenw10 what would make it refuse the offer? I set debug 10 and did another pcap

                  packetcapture-igb0-20230922022327.pcap

                  is there a way to stop it from rejecting the PADO?

                  106549e4-a92d-48be-bd57-90ec47849a5e-image.png

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    I'm still not 100% sure it is actually seeing the replies. It could be that it only ever tries the same ID 3 times whether or not it sees a reply for example.

                    With the debugging logs do you see 3 sent messages for each 1 received message?

                    This really seems like the solution is going to be something simple like it needs an identifier set. But I assume you didn't set anything like that in the Windows client?

                    A 1 Reply Last reply Reply Quote 0
                    • A
                      aelakkad @stephenw10
                      last edited by

                      @stephenw10 how can I export a better debug log, I've set it to 10, should I set it to more for example? And is there a way to download/export the system log from the GUI so it could be more helpful to us?

                      Is there some way to implement the identifier set? I did not set one in windows, only username and pass, nothing else at all.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        We're off the map at this point. 😉
                        I've never had to set debug logging to get PPPoE connected so I can't tell you. Try it and see. You can download the full system log file from /var/log/system.log

                        You can set a service name in the PPPoE client. It's almost never required though.

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          aelakkad @stephenw10
                          last edited by aelakkad

                          @stephenw10 yea I asked the ISP and no service name required. I just don't understand why pfsense wouldn't just wait a couple of seconds, the router and pc do wait. Like it's literally a couple of seconds and we cant override it and it's rendering the whole this useless it's very frustrating.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            This is what a PPPoE connection looks like for me here to my ISP (BT in the UK):

                            19:43:35.102750 PPPoE PADI [Host-Uniq 0x801F22C100F8FFFF] [Service-Name "BTInfinity"]
19:43:35.107118 PPPoE PADO [Service-Name "BTInfinity"] [AC-Name "acc-aln2.l-tud"] [Host-Uniq 0x801F22C100F8FFFF] [AC-Cookie 0x39C0E5560D5F2EBB771B9C2DF0FF8090]
19:43:35.107124 PPPoE PADR [Host-Uniq 0x801F22C100F8FFFF] [AC-Cookie 0x39C0E5560D5F2EBB771B9C2DF0FF8090] [AC-Name "acc-aln2.l-tud"] [Service-Name "BTInfinity"]
19:43:35.110849 PPPoE PADS [ses 0x49c] [Service-Name "BTInfinity"] [Host-Uniq 0x801F22C100F8FFFF]

                            The ISP PPPoE server responds in ~4ms.
                            9s, or even 3s, is a very long response time from your ISP.

                            You can also see that pfSense responds to the PADO almost instantly when it sees it. It seems more likely that, for some reason, mpd5 isn't seeing the replies. Though the netgraph debug logs seem to show it is.

                            A 1 Reply Last reply Reply Quote 0
                            • A
                              aelakkad @stephenw10
                              last edited by

                              @stephenw10 is there some way to find why jt isn't accepting the replies?

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                There may be some other debug logging you could enable in mpd5. As I said we're off the map at this point, it's not something I've ever had to try.

                                A 1 Reply Last reply Reply Quote 0
                                • A
                                  aelakkad @stephenw10
                                  last edited by

                                  @stephenw10 do you know someone that maybe might help here? could tag them maybe?

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    If it's possible there is probably someone already using pfSense with your ISP. I would try to find someone who has already tried this. What is your ISP?

                                    A 1 Reply Last reply Reply Quote 0
                                    • A
                                      aelakkad @stephenw10
                                      last edited by

                                      @stephenw10 it's Etisalat in Egypt

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Hmm, they seem to have operations in a number of countries. Many of them do require a VLAN though. Plenty of people using pfSense in various places. Does your connection have something more specific? A service name maybe?

                                        A 1 Reply Last reply Reply Quote 0
                                        • A
                                          aelakkad @stephenw10
                                          last edited by

                                          @stephenw10 They operate in the UAE and Egypt, and yea I asked they don't need a service name nor a vlan

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            But does the particular service you are subscribed to have a name that might give better search results?

                                            A 2 Replies Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.