PPPoE-Installation?



  • I'm currently trying to install pfsense to use it as router. My problem is that the designated machine only has 1 physical nic - Internet connection is established via PPPoE…
    Is there any way to enable the Webinterface with only 1 physical nic?

    Thanks in advance
    Braindead One



  • No, you must have at least two Ethernet interfaces.



  • But why? Sending lan- and pppoe-traffic over the same line is perfectly possible (and, as long as the lan is trusted, perfectly secure). I dont need a dedicated WAN-Interface



  • NIC's are cheap and easy to come by, developer time isn't.  this would, without a doubt, introduce all kinds of issues due to the back end design of the system, and there's no telling how the PPPoE client would or wouldn't handle this.  I wouldn't consider it "perfectly secure" either since you're putting your LAN and WAN on the same broadcast domain.  Wouldn't be difficult to end up wtih some unintended consequences.

    A firewall needs two interfaces, period.  Anything else is a kludy hack.



  • is it possible with a managed switch and VLAN's??



  • While i agree that you shouln't just plug your T1 into your Lan switch i still don't see the point with DSL-Connections…
    What you suggest is:

    [Nic0]->Switch->Lan
    [Nic1]->DSL-Modem
    [ppp0]->Internet

    While my suggestion is:

    [Nic0]->Switch->Lan|DSL-Modem
    [ppp0]->Internet

    Since PPPoE encapsulates Internet-Traffic there will be no collisions, and once the connection is established there are 2 Interfaces…
    Problem is that i want to put the box into a closet where it's already difficult to have 1 ethernet-cable ;)



  • Then put a switch in the closet and you should be able to use 2 NICs in the pfSense box.



  • @kikawala:

    Then put a switch in the closet and you should be able to use 2 NICs in the pfSense box.

    This would be a real waste of Money… I'd have to buy a switch just to split the 1 Cable i put into the closet into 2...



  • basically to review what I meant with the VLAN's…

    I could have my pfsense box with 2 NIC's, a wired NIC, and a wireless nic.

    The wired NIC could have 3 VLAN's for example, wan (vlan1), lan (vlan2), and dmz (vlan3).  And then setup a port on the switch for VLAN 1 to plug in the modem, have like 3 ports for VLAN 2, one port as a trunk going into the pfsense box, and the rest on VLAN 2.
    I can't see why the PPPoE wouldn't work over a VLAN.

    Hmmm....something to try once I get home.

    Although this setup might be a little crowded on a 100Mb link, but still, my internet connection tops out 4.4Mb, and my DMZ rarely gets used.

    With a setup like this a really low profile case could be used as well.



  • I think it was you that posted that multiple VLANs in this setup works.  As previously mentioned, we require two interfaces - they can be one physical with multiple logical, but there must be two interfaces.

    –Bill



  • @Braindead_One:

    While my suggestion is:

    [Nic0]->Switch->Lan|DSL-Modem
    [ppp0]->Internet

    @Braindead_One:

    This would be a real waste of Money… I'd have to buy a switch just to split the 1 Cable i put into the closet into 2...

    Do you already have a switch as your "suggestion" suggests?  Or not?  Cause if you do, then only one more nic is required to make a pfSense box work for you and like previously mentioned, and will end up being your least headache as cheap and easy as nics are these days.  What FW/router solution are you using right now, if any?  Where does the "one" cable in the closet go to?

    I have DSL and make the PPPoE connection with my pfSense box and this is how I have it set up.
    Internet>DSL Modem>pfSense Box>Switch>LAN

    It doesn't make much sense, even if it does work, to use one nic to do everthing just to say your not wasting money.  If all you want is a router, then a DSL Modem and a switch (still confusing as to whether you have one or not) is all that is necessary since most DSL modems these days have a built-in router; you just add the switch or hub.

    If pfSense will not work for you then don't use it.  Its not very nice to ask (demand) these hard working guys who are doing this for free to implement something that could create serious problems in their product that would be never have any practical use for %99.9 of its users.



  • Only other option I can think of is that you only need 2 pairs for a 100TX connection and you have 4 pairs in a CAT5 cable.  You can use 2 network splitters (one in the closet, one at the other end) like the one in the attached image.





  • @charincol:

    @Braindead_One:

    While my suggestion is:

    [Nic0]->Switch->Lan|DSL-Modem
    [ppp0]->Internet

    @Braindead_One:

    This would be a real waste of Money… I'd have to buy a switch just to split the 1 Cable i put into the closet into 2...

    Do you already have a switch as your "suggestion" suggests?  Or not?  Cause if you do, then only one more nic is required to make a pfSense box work for you and like previously mentioned, and will end up being your least headache as cheap and easy as nics are these days.  What FW/router solution are you using right now, if any?  Where does the "one" cable in the closet go to?

    I have DSL and make the PPPoE connection with my pfSense box and this is how I have it set up.
    Internet>DSL Modem>pfSense Box>Switch>LAN

    It doesn't make much sense, even if it does work, to use one nic to do everthing just to say your not wasting money.  If all you want is a router, then a DSL Modem and a switch (still confusing as to whether you have one or not) is all that is necessary since most DSL modems these days have a built-in router; you just add the switch or hub.

    If pfSense will not work for you then don't use it.  Its not very nice to ask (demand) these hard working guys who are doing this for free to implement something that could create serious problems in their product that would be never have any practical use for %99.9 of its users.

    I Already have a switch, but it is in different room. There is only room for 1 Cable to the closet, so i'd have to buy a second switch just to split the 1 Cable into 2. And that would really be a waste of money ;)

    I never asked nor demanded anyone to implement anyting! I Just asked whether it is possible to start the Webinterface when there is ony 1 nic and, after the "no" by cmb i asked why….

    I think it's an unnecessary limitation that the Webinterface only works if 2 nics are Present.



  • See http://forum.pfsense.org/index.php?topic=61.msg220#msg220 for details on how Thinair has had success in making this work.  He doesn't say whether the web interface is working or not.  But he uses a managed switch to set up a trunk line so both PPPoE and LAN traffic run on one cable.



  • Everything works as it did when I had multiple NIC's, but this does require the use of a managed switch.

    Although that splitter looks like a pretty cool idea, I know something like that would come in handy for me for certain network drops in my home (provided they're not gigabit links.)



  • @thinair:

    provided they're not gigabit links.

    What do you need gig for in your house?



  • @ZGamer:

    What do you need gig for in your house?

    I don't, I was just stating that these can't be used with gig links (gig uses all 4 pair)



  • @ZGamer:

    @thinair:

    provided they're not gigabit links.

    What do you need gig for in your house?

    For p40n of course!



  • @sullrich:

    @ZGamer:

    @thinair:

    provided they're not gigabit links.

    What do you need gig for in your house?

    For p40n of course!

    I'll run gig in my house when I get FTTH.



  • @ZGamer:

    @thinair:

    provided they're not gigabit links.

    What do you need gig for in your house?

    File server



  • @Braindead_One:

    I Already have a switch, but it is in different room. There is only room for 1 Cable to the closet, so i'd have to buy a second switch just to split the 1 Cable into 2. And that would really be a waste of money ;)

    I never asked nor demanded anyone to implement anyting! I Just asked whether it is possible to start the Webinterface when there is ony 1 nic and, after the "no" by cmb i asked why….

    I think it's an unnecessary limitation that the Webinterface only works if 2 nics are Present.

    You can't be a firewall without two interfaces (whether they're logical or physical).  I'm aware that the PPPOE interface is a logical NIC - however we don't treat it as another NIC, it doesn't exist until the connection is up.  So you need either two physical NICs or 1 NIC with multiple VLANs (which are exposed in the webGUI).  I don't see the requirements for two NICs ever changing, however some day we might expose the PPPOE logical NIC as another NIC in the webGUI which will allow what you want.  There are some rather nasty underlying problems with how NICs are setup that need to be addressed first.

    –Bill


Log in to reply