AT&T 2Wire Device with PFSense and Virtual IPS (V2.0 RC1)



  • Good Evening all..

    First I found this post that seems to address my issue, but there is not information in it to help, and it refers to a DSLReports posting with an answer but no link to the DSLReports forum..  http://forum.pfsense.org/index.php/topic,6049.msg35568.html#msg35568

    So after many years of clean AT&T DSL service with a Netopia Router in Bridge mode, today AT&T spent almost 12 years attempting to replicate the service on UVerse with a "2Wire" interface.

    Well, it seems that the "2Wire" according to their support people can't do this which I find had to believe.

    Basic install was a/29 with .80 being the network, .81 being the Netopia, .82 being the Soekris 4801 (WAN), and .83-.86 being "virtual IPs"with various NAT and 1-1 Nat mapping defined in PFSense..

    Does anyone here have a Uverse "2Wire" working in this way..  Can you share  or reference me somewhere.  If not I will have to have the UVerse link pulled and go back to the DSL next week….

    TIA !!!!  An best wishes for Happy New Year
        ==================



  • Those 2wire boxes are a buggy pain, aside from being a headache to configure the things that do work. You must have a unique MAC address for every IP address (amongst other bugs like the stateful firewall being impossible to turn off entirely, blocking traceroute entirely, and more crap). You can work around having to have a unique MAC per IP by using only CARP VIPs as they each have a unique MAC. The other issues…well you're stuck with those. I've been living with it for about a year and a half though I'm not happy.







  • That's not applicable when you have a static /29.

    Good to know…   Thanks!



  • Well,  I have thrown in the towel, BUT AT&T managed to not follow their own policy and issued a disconnect on the DSL before the UVerse install  So the attempt by them to fall back to DSL last night failed an I am on UVerse with no inbound connectivity right now.

    Oh well..  No idea where this is going to end up :-(

    Oh, one correction in my original post, 12 Hours not 12 Years..  It was a very long day..

    –----------------------



  • Looking at the CARP option –

    Not really sure what I am doing here and have not found a good tutorial yet..

    Might you be able to shed some light on what values / which options you placed here..
      http://172.16.200.20/pkg_edit.php?xml=carp_settings.xml&id=0

    I am assuming this section ?

    Configuration Synchronization Settings (XMLRPC Sync)

    An the NIC address of the 2Wire 3800-HGV-B that the PFsense box is linked to.

    An then enable the Synchronize Virtual IPs

    Any other options that need to be enabled  ??

    Thanks --

    @cmb:

    Those 2wire boxes are a buggy pain, aside from being a headache to configure the things that do work. You must have a unique MAC address for every IP address (amongst other bugs like the stateful firewall being impossible to turn off entirely, blocking traceroute entirely, and more crap). You can work around having to have a unique MAC per IP by using only CARP VIPs as they each have a unique MAC. The other issues…well you're stuck with those. I've been living with it for about a year and a half though I'm not happy.



  • You're looking at the config sync, you don't need or want that unless you're going to do a full blown HA setup. All you have to do is add CARP type VIPs under Firewall>Virtual IPs for your additional IPs.



  • Okay,

    Now I see.  (Did a Firmware upgrade so I am now on V 2.01 just to be safe..

    In looking at carp and with the 2Wire 3800 in mind..

    I don't think I need a Virtual IP Password ?

    I would leave the VHID Group as 1 for all the four Virtual address ?

    An the Advertising Frequency Base / Shew alone ?

    Or am I missing something ..  Have not played with CARP before.

    Thank you for your help –

    @cmb:

    You're looking at the config sync, you don't need or want that unless you're going to do a full blown HA setup. All you have to do is add CARP type VIPs under Firewall>Virtual IPs for your additional IPs.



  • @Phonebuff:

    I don't think I need a Virtual IP Password ?
      I would leave the VHID Group as 1 for all the four Virtual address ?
      An the Advertising Frequency Base / Shew alone ?
      Or am I missing something ..  Have not played with CARP before. 
      Thank you for your help –

    Enter whatever you want for the password, just enter something.
    Each VIP must have a unique VHID.
    Leave the Base and Skew alone.



  • Thank you all for your responses and HELP !!!

    BUT, I have gone back to the old DSL link and written off this aborted try at UVerse.  The speed
    was an improvement, but not enough to justify the grief and time it was taking with all the
    customer no-service / support calls.

    It seems to work great if you have a single dynamic or static IP but start to do any real business
    services behind the demark and you are just asking for trouble and issues.

    –--  Again thank you all, and here is hoping for a great 2012..


Locked