SG2100 - How do I connect to GPON ONU interface?
-
No the laptop must not be in the same subnet as the GPON modem.
So leave the laptop in the LAN subnet (192.168.2.0/24) and try to access the GPON at 192.168.1.10. That should be routed through by pfSense.
However the GPON device may be unable (or unwilling!) to respond to anything outside it's own subnet. In which case you'd need to add a VIP on the pfSense WAN in the 192.168.1.X subnet and an outbound NAT rule to translate your traffic to it.
Like this except you don't need a new interface because it's not a PPPoE device:
https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html#configure-nat -
Thank you @stephenw10
Okay, the laptop is on the 192.168.2.0/24 subnet. However, I cannot access the GPON module. I don't think this is an issue with the NAT, I think there is a problem with bridging the interfaces or something else. Is there a guide that I can read more about on how to do this?
-
Ok try this. Add an IPAlias VIP to the WAN as 192.168.1.100/24.
Then try to ping 192.168.1.10 from pfSense directly.
It will use the VIP as source directly. I would expect the GPON interface to respond to ping.
If that works try Diag > Test Port to 192.168.1.10 on port 80 and/or 443 and see if it's listening.
If both those work then you just need a NAT rule to allow access from the LAN.
-
What module are you using out of interest? I got one for testing but it doesn't respond at all for some reason.
-
Thank you for sharing these steps
I changed the LAN IP back to 192.168.1.1 instead of adding a VIP
I tried to ping 192.168.1.10 from pfsense and that failed
I tried test port to port 22 to 192.168.1.10 and the connection failed
Only port 22 is opened as per the manual
The module is https://www.fs.com/de-en/products/133619.html
-
Here is what the connection looks like
-
@stealthmode said in SG2100 - How do I connect to GPON ONU interface?:
I changed the LAN IP back to 192.168.1.1 instead of adding a VIP
Ok that won't work.
The LAN interface must remain in a different subnet to the gpon module management otherwise it can't route to it. It will only work with a VIP on the WAN so it routes the traffic out to the GPON module.
You could set the WAN directly to 192.168.1.100 but I assumed you want that as DHCP so it pulls a public address once the fibre is connected. Using a VIP allows that.
-
Thank you, sorry about that.
I reverted the config, assigned the LAN IP as 192.168.2.1
Assigned an IP alias VIP for the LAN interface to 192.168.1.100 / 24
Tried the Ping test and ensured that the source interface was set as 192.168.1.100, the ping failed
Tried port test on 22 and ensure that the source interface was set as 192.168.1.100, the connection to port 22 failed
-
@stealthmode said in SG2100 - How do I connect to GPON ONU interface?:
Assigned an IP alias VIP for the LAN interface to 192.168.1.100 / 24
The IPAlias VIP has to be on the WAN, where the GPON module is.
-
@stephenw10 Damn it... thank you...
That worked, the ping worked finally :D
-
Nice! Ok so if it works from pfSense itself it can also work from a LAN client if you have the right outbound NAT rule. I would try to make the rule as specific as possible so it never over-matches. So probably from LANsubnet to 192.168.1.10 address.
-
@stephenw10 Thank you for all your help... can you please let me know if something is wrong with my NAT configuration?
I tried setting the interface as both LAN and WAN but not able to ping from my laptop... sorry for the trouble
-
Ok I would use hybrid mode rather than manual. Otherwise you will need to add NAT rules for all other traffic.
The one user rule should be on the WAN interface. It translates traffic as it leaves the WAN.
The translation (NAT) address should be the VIP. If that's 1.15 that should be OK.
-
@stephenw10 Awesome, that worked, thank you thank you thank you so much.... how can I buy you a beer/coffee?.... thank you so much
-
No worries, glad to help.