Difficulty connecting over PPPoE



  • Hi guys,

    I've been having considerable difficulty trying to establish a PPPoE connection from my pfSense box (running current 1.2.3-RELEASE on an "old" x86 PC).
    I want to make use of PPPoE to avoid double-NAT, reduce latency & simply to let my pfSense box do the heavy-lifting for me.

    I've found 2 posts that relates to the issue I'm experiencing, but does not address the issue or sufficiently provide a solution to the problem at hand:

    If I use the DSL "modem" to do the "dial-up", IP of 10.1.1.1 & pf has a WAN IP 10.1.1.254, gateway'ing through the device, it works OK.

    I've disabled all unneeded services (including DyDNS - which I don't use in any case), set the pf box to PPPoE, provided UID & PWD, & enabled dial-on-demand (timeout = 0), & rebooted.
    I'm using my old modem (little ISP-provided d-link) in full-bridge mode (MC/MUX; as per ISP instructions)

    When the box get back up, I ssh in & see the WAN gets a local IP:

    WAN*                    -> xl0 -> 192.0.2.112(PPPoE)

    When I cat the log: /var/log/system.log

    May 18 09:54:52 titaan mpd: [pppoe] rec'd signal usr1, opening
    May 18 09:54:52 titaan mpd: [pppoe] IPCP: Open event
    May 18 09:54:52 titaan mpd: [pppoe] bundle: OPEN event in state OPENED
    May 18 09:54:52 titaan mpd: [pppoe] opening link "pppoe"…
    May 18 09:54:52 titaan mpd: [pppoe] link: OPEN event
    May 18 09:54:52 titaan mpd: [pppoe] LCP: Open event
    May 18 09:54:53 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:54:53 titaan mpd: [pppoe] device is now in state OPENING
    May 18 09:55:02 titaan mpd: [pppoe] PPPoE connection timeout after 9 seconds
    May 18 09:55:02 titaan mpd: [pppoe] device: DOWN event in state OPENING
    May 18 09:55:02 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:55:02 titaan mpd: [pppoe] link: DOWN event
    May 18 09:55:02 titaan mpd: [pppoe] LCP: Down event
    May 18 09:55:02 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:02 titaan mpd: [pppoe] pausing 4 seconds before open
    May 18 09:55:02 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:55:06 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:06 titaan mpd: [pppoe] pausing 1 seconds before open
    May 18 09:55:06 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:55:07 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:07 titaan mpd: [pppoe] device is now in state OPENING
    May 18 09:55:16 titaan mpd: [pppoe] PPPoE connection timeout after 9 seconds
    May 18 09:55:16 titaan mpd: [pppoe] device: DOWN event in state OPENING
    May 18 09:55:16 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:55:16 titaan mpd: [pppoe] link: DOWN event
    May 18 09:55:16 titaan mpd: [pppoe] LCP: Down event
    May 18 09:55:16 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:16 titaan mpd: [pppoe] pausing 6 seconds before open
    May 18 09:55:16 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:55:22 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:22 titaan mpd: [pppoe] device is now in state OPENING
    May 18 09:55:31 titaan mpd: [pppoe] PPPoE connection timeout after 9 seconds
    May 18 09:55:31 titaan mpd: [pppoe] device: DOWN event in state OPENING
    May 18 09:55:31 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:55:31 titaan mpd: [pppoe] link: DOWN event
    May 18 09:55:31 titaan mpd: [pppoe] LCP: Down event
    May 18 09:55:31 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:31 titaan mpd: [pppoe] pausing 6 seconds before open
    May 18 09:55:31 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:54:37 titaan last message repeated 9 times
    May 18 09:55:37 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:37 titaan mpd: [pppoe] device is now in state OPENING
    May 18 09:55:46 titaan mpd: [pppoe] PPPoE connection timeout after 9 seconds
    May 18 09:55:46 titaan mpd: [pppoe] device: DOWN event in state OPENING
    May 18 09:55:46 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:55:46 titaan mpd: [pppoe] link: DOWN event
    May 18 09:55:46 titaan mpd: [pppoe] LCP: Down event
    May 18 09:55:46 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:46 titaan mpd: [pppoe] pausing 6 seconds before open
    May 18 09:55:46 titaan mpd: [pppoe] device is now in state DOWN
    May 18 09:55:52 titaan mpd: [pppoe] device: OPEN event in state DOWN
    May 18 09:55:52 titaan mpd: [pppoe] device is now in state OPENING

    & so on & so on & on & on….

    I can see the physical UTP link between DSL modem & pfSense box is up, that the DSL device is getting signal OK, but the pf box fails to initiate the connection.

    I'm starting to pull may hair here, and odds are I'll eventually end up re-installing my firewall  :(

    Can anyone please point me in the right direction? (maybe manually, verbosely, initiate the PPPoE connection to see what's happening?)
    I think I'm missing something simple yet crucial, and would appreciate any assistance anyone can lend me.

    Please, please, please....

    Kind regards

    • J


  • After talking to members on the IRC channel (thanks, guys), I upgraded to the latest v.2 beta, but the problem persists:

    May 18 13:09:06 titaan wan: [wanL1] PPPoE connection timeout after 9 seconds
    May 18 13:09:06 titaan wan: [wanL1] Link: DOWN event
    May 18 13:09:06 titaan wan: [wanL1] LCP: Down event
    May 18 13:09:06 titaan wan: [wanL1] Link: reconnection attempt 7 in 2 seconds
    May 18 13:09:08 titaan wan: [wanL1] Link: reconnection attempt 7
    May 18 13:09:08 titaan wan: [wanL1] PPPoE: Connecting to ''
    May 18 13:09:17 titaan wan: [wanL1] PPPoE connection timeout after 9 seconds
    May 18 13:09:17 titaan wan: [wanL1] Link: DOWN event
    May 18 13:09:17 titaan wan: [wanL1] LCP: Down event
    May 18 13:09:17 titaan wan: [wanL1] Link: reconnection attempt 8 in 1 seconds
    May 18 13:09:18 titaan wan: [wanL1] Link: reconnection attempt 8
    May 18 13:09:18 titaan wan: [wanL1] PPPoE: Connecting to ''
    May 18 13:09:27 titaan wan: [wanL1] PPPoE connection timeout after 9 seconds
    May 18 13:09:27 titaan wan: [wanL1] Link: DOWN event
    May 18 13:09:27 titaan wan: [wanL1] LCP: Down event
    May 18 13:09:27 titaan wan: [wanL1] Link: reconnection attempt 9 in 3 seconds
    May 18 13:09:30 titaan wan: [wanL1] Link: reconnection attempt 9
    May 18 13:09:30 titaan wan: [wanL1] PPPoE: Connecting to ''
    May 18 13:09:39 titaan wan: [wanL1] PPPoE connection timeout after 9 seconds
    May 18 13:09:39 titaan wan: [wanL1] Link: DOWN event
    May 18 13:09:39 titaan wan: [wanL1] LCP: Down event
    May 18 13:09:39 titaan wan: [wanL1] Link: reconnection attempt 10 in 3 seconds
    May 18 13:09:42 titaan wan: [wanL1] Link: reconnection attempt 10
    May 18 13:09:42 titaan wan: [wanL1] PPPoE: Connecting to ''
    May 18 13:09:51 titaan wan: [wanL1] PPPoE connection timeout after 9 seconds
    May 18 13:09:51 titaan wan: [wanL1] Link: DOWN event
    May 18 13:09:51 titaan wan: [wanL1] LCP: Down event

    In fact, it has now seemed to have gone from bad to worse, since the pf box does not pick up that the ethernet interface is live, even though the DSL device indicates as much.

    Only recourse left to me at this stage is a complete reinstall (which I desperately hope to avoid)

    If anyone has insight into this matter, it will be much appreciated

    cheers

    • J

  • Rebel Alliance Developer Netgate

    The complete lack of reply on the ISP side makes me wonder if that traffic is even getting past the modem and onto the DSL line.

    Do you have another modem device to try?



  • It's me I'm johnny from the OP.

    I didn't actually expect anyone to read the post when I wrote it, sorry you had to trudge through that wall of text to not even get an answer. All I can add is when I was having the 9 second timeouts it was because the original gateway/modem wasn't properly configured in bridge mode. That specific model (some rebadged ZyXEL gateway) had a peculiarity whereby setting it to bridge mode through the admin page didn't really set it to bridge mode. The only way was to run through some wizard it had. I found out by chance after lots of searching.

    Since writing it I changed the gateway/modem. The new modem/gateway's quirk was PfSense has to be connected via the ethernet port marked 'HG' (Home Gateway I guess) to actually forward the PPPoE session.

    What model is your modem?



  • Thanks for the replies, fellas.

    I've tried making use of 2 separate modems (both D-Link ADSL2+ devices):

    • "old" DSL-502T (gen II, H/W v.C5, F/W v.3.00B01T01.TX), which is an extremely simple device with only a single UTP port
    • newly-acquired TD-8840 (F/W: 3.06L.03-T1.0a-090807.A2pB023k.d17m), which I'm presently using as a (redundant) gateway on a separate subnet (/8). what's pretty funky about this device, is that I see in the logs that it runs busybox, FWIW :)

    I've tried resetting both to factory defaults (using reset pin) & going through the respective wizards, as well as setting them to full-bridge manually. Since neither provide connectivity, it's possible that it's an issue with this particular product-range (although other users of similar devices function fine, AFAIK).

    Next, I may need to substitute the pfSense with another gateway device capable of connecting over PPPoE (thinking about using a DD-WRT box), to check that these devices are even capable of performing in such a capacity correctly.

    Since I'm not even seeing my firewall attempting to establish a connection, I'm considering scratching my pfSense box & reinstall from scratch.


  • Rebel Alliance Developer Netgate

    You may also need to talk to your ISP to confirm the VCI/VPI that the modem should talk on. Sometimes the default settings on a modem or combo box  (0/35 or 8/35) is not what the ISP uses on the line.



  • Yip; already done that.

    VPI/VCI is confirmed at 0/100 & Encapsulation is VC/MUX (as per ISP guidelines).
    I've tried migrating/retaining the settings provided by the ISP, that work when using the DSL device to handle the dial-up (PPPoA), and so reduce the number of variables I need to account for.

    Since using PPPoE, bridging & controlling my own firewall falls outside of what my ISP is willing to support (i.e anything other than PPPoA), I'll need to figure this one out for myself.



  • Did a complete rebuild of my pfSense box, both v.1.2.3 release & the latest v.2 beta.
    I've even tried upgrading the firmware on both ADSL devices, but still I get the same results.

    PPPoE still fails to initiate the connection.

    In v.1.2.3, the system at least does be the courtesy of showing UTP link state information (up, full-duplex, etc)

    I'll have to try & source yet another ADSL2+ device from somewhere….


  • Rebel Alliance Developer Netgate

    Part of the problem may be that PPPoA is not the same as PPPoE and thus might not work at all with your ISP.



  • Good point; thanks for the info tid-bit.
    That may very well explain the issue I'm experiencing.

    I'll poke around in the local forums.

    I've not had such issues with other ISP's in the past.

    Are there other methods that you can think of that I can employ to achieve similar results?


Locked