PPPoE & RADIUS = crash?



  • Hi,

    I finally got my PPPoE running:

    #############################

    My pfsense WAN IP: 192.168.0.100/24
    My pfsense LAN IP: 10.1.10.1/8

    #############################

    My PPTP configuration:

    Server address: 11.1.10.1
    Remote address range: 11.1.1.0
    128 Bit encryption: yes

    #############################

    My PPPoE configration:

    LAN
    24 Bit
    No. PPPOE users: 10
    Server address: 12.1.10.1
    Remote address range: 12.1.1.0

    #############################

    EVERYTHING WORKED FINE until I installed FreeRADIUS for better Authentication controlling … PPTP is still running under the same configuration as I wrote it here .. even with RADIUS support ... but PPPoE does nothing .. with or without RADIUS ... I acctually left my old configuration, but it's not working anymore ;-(

    Has any body an idea why that happend? And maybe how to solve that .... ? Do I maybe use some wrong IP addresses ... because I'm not pretty sure .. before I installed the RADIUS server I just had to play arround with the PPPoE config and it's IP ranges ... it was kind of luck that I found the right combination between Server IP and remote adress range - so there might be an failure of mine.

    Here is the error log I got from pfsense:

    May 9 03:25:22 	mpd: mpd: pid 6186, version 3.18 (root@builder6.pfsense.com 13:56 13-Feb-2007)
    May 9 03:25:22 	mpd: mpd: already running as process 6183
    May 9 03:25:22 	mpd: [pt3] ppp node is "mpd6183-pt3"
    May 9 03:25:22 	mpd: [pt3] using interface ng4
    May 9 03:25:22 	mpd: [pt4] ppp node is "mpd6183-pt4"
    May 9 03:25:22 	mpd: [pt4] using interface ng5
    May 9 03:25:22 	mpd: [pt5] ppp node is "mpd6183-pt5"
    May 9 03:25:22 	mpd: [pt5] using interface ng6
    May 9 03:25:22 	mpd: [pt6] ppp node is "mpd6183-pt6"
    May 9 03:25:22 	mpd: [pt6] using interface ng7
    May 9 03:25:22 	mpd: [pt7] ppp node is "mpd6183-pt7"
    May 9 03:25:22 	mpd: [pt7] using interface ng8
    May 9 03:25:22 	mpd: [pt8] ppp node is "mpd6183-pt8"
    May 9 03:25:22 	mpd: [pt8] using interface ng9
    May 9 03:25:22 	mpd: [pt9] ppp node is "mpd6183-pt9"
    May 9 03:25:22 	mpd: [pt9] using interface ng10
    May 9 03:25:22 	mpd: [pt10] ppp node is "mpd6183-pt10"
    May 9 03:25:22 	mpd: [pt10] using interface ng11
    May 9 03:25:22 	mpd: [pt11] ppp node is "mpd6183-pt11"
    May 9 03:25:22 	mpd: [pt11] using interface ng12
    May 9 03:25:22 	mpd: [pt12] ppp node is "mpd6183-pt12"
    May 9 03:25:22 	mpd: [pt12] using interface ng13
    May 9 03:25:22 	mpd: [pt13] ppp node is "mpd6183-pt13"
    May 9 03:25:22 	mpd: [pt13] using interface ng14
    May 9 03:25:22 	mpd: [pt14] ppp node is "mpd6183-pt14"
    May 9 03:25:22 	mpd: [pt14] using interface ng15
    May 9 03:25:22 	mpd: [pt15] ppp node is "mpd6183-pt15"
    May 9 03:25:22 	mpd: [pt15] using interface ng16
    May 9 03:25:26 	check_reload_status: reloading filter
    May 9 03:33:43 	mpd: mpd: caught fatal signal term
    May 9 03:33:43 	mpd: [pt0] IPCP: Down event
    May 9 03:33:43 	mpd: [pt0] IFACE: Close event
    May 9 03:33:43 	mpd: [pt1] IPCP: Down event
    May 9 03:33:43 	mpd: [pt1] IFACE: Close event
    May 9 03:33:43 	mpd: [pt2] IPCP: Down event
    May 9 03:33:43 	mpd: [pt2] IFACE: Close event
    May 9 03:33:43 	mpd: [pt3] IPCP: Down event
    May 9 03:33:43 	mpd: [pt3] IFACE: Close event
    May 9 03:33:43 	mpd: [pt4] IPCP: Down event
    May 9 03:33:43 	mpd: [pt4] IFACE: Close event
    May 9 03:33:43 	mpd: [pt5] IPCP: Down event
    May 9 03:33:43 	mpd: [pt5] IFACE: Close event
    May 9 03:33:43 	mpd: [pt6] IPCP: Down event
    May 9 03:33:43 	mpd: [pt6] IFACE: Close event
    May 9 03:33:43 	mpd: [pt7] IPCP: Down event
    May 9 03:33:43 	mpd: [pt7] IFACE: Close event
    May 9 03:33:43 	mpd: [pt8] IPCP: Down event
    May 9 03:33:43 	mpd: [pt8] IFACE: Close event
    May 9 03:33:43 	mpd: [pt9] IPCP: Down event
    May 9 03:33:43 	mpd: [pt9] IFACE: Close event
    May 9 03:33:43 	mpd: [pt10] IPCP: Down event
    May 9 03:33:43 	mpd: [pt10] IFACE: Close event
    May 9 03:33:43 	mpd: [pt11] IPCP: Down event
    May 9 03:33:43 	mpd: [pt11] IFACE: Close event
    May 9 03:33:43 	mpd: [pt12] IPCP: Down event
    May 9 03:33:43 	mpd: [pt12] IFACE: Close event
    May 9 03:33:43 	mpd: [pt13] IPCP: Down event
    May 9 03:33:43 	mpd: [pt13] IFACE: Close event
    May 9 03:33:43 	mpd: [pt14] IPCP: Down event
    May 9 03:33:43 	mpd: [pt14] IFACE: Close event
    May 9 03:33:43 	mpd: [pt15] IPCP: Down event
    May 9 03:33:43 	mpd: [pt15] IFACE: Close event
    May 9 03:33:45 	mpd: mpd: process 6183 terminated
    May 9 03:33:46 	mpd: mpd: pid 7035, version 3.18 (root@builder6.pfsense.com 13:56 13-Feb-2007)
    May 9 03:33:46 	mpd: [pt0] ppp node is "mpd7035-pt0"
    May 9 03:33:46 	mpd: mpd: local IP address for PPTP is 0.0.0.0
    May 9 03:33:46 	mpd: [pt0] using interface ng1
    May 9 03:33:46 	mpd: [pt1] ppp node is "mpd7035-pt1"
    May 9 03:33:46 	mpd: [pt1] using interface ng2
    May 9 03:33:46 	mpd: [pt2] ppp node is "mpd7035-pt2"
    May 9 03:33:46 	mpd: [pt2] using interface ng3
    May 9 03:33:46 	mpd: [pt3] ppp node is "mpd7035-pt3"
    May 9 03:33:46 	mpd: [pt3] using interface ng4
    May 9 03:33:46 	mpd: [pt4] ppp node is "mpd7035-pt4"
    May 9 03:33:46 	mpd: [pt4] using interface ng5
    May 9 03:33:46 	mpd: [pt5] ppp node is "mpd7035-pt5"
    May 9 03:33:46 	mpd: [pt5] using interface ng6
    May 9 03:33:46 	mpd: [pt6] ppp node is "mpd7035-pt6"
    May 9 03:33:46 	mpd: [pt6] using interface ng7
    May 9 03:33:46 	mpd: [pt7] ppp node is "mpd7035-pt7"
    May 9 03:33:46 	mpd: [pt7] using interface ng8
    May 9 03:33:46 	mpd: [pt8] ppp node is "mpd7035-pt8"
    May 9 03:33:46 	mpd: [pt8] using interface ng9
    May 9 03:33:46 	mpd: [pt9] ppp node is "mpd7035-pt9"
    May 9 03:33:46 	mpd: mpd: pid 7038, version 3.18 (root@builder6.pfsense.com 13:56 13-Feb-2007)
    May 9 03:33:46 	mpd: mpd: already running as process 7035
    May 9 03:33:46 	mpd: [pt9] using interface ng10
    May 9 03:33:46 	mpd: [pt10] ppp node is "mpd7035-pt10"
    May 9 03:33:46 	mpd: [pt10] using interface ng11
    May 9 03:33:46 	mpd: [pt11] ppp node is "mpd7035-pt11"
    May 9 03:33:46 	mpd: [pt11] using interface ng12
    May 9 03:33:46 	mpd: [pt12] ppp node is "mpd7035-pt12"
    May 9 03:33:46 	mpd: [pt12] using interface ng13
    May 9 03:33:46 	mpd: [pt13] ppp node is "mpd7035-pt13"
    May 9 03:33:46 	mpd: [pt13] using interface ng14
    May 9 03:33:46 	mpd: [pt14] ppp node is "mpd7035-pt14"
    May 9 03:33:46 	mpd: [pt14] using interface ng15
    May 9 03:33:46 	mpd: [pt15] ppp node is "mpd7035-pt15"
    May 9 03:33:46 	mpd: [pt15] using interface ng16
    May 9 03:33:49 	check_reload_status: reloading filter
    

    ^^ I don't know why it's talking about ng** interfaceses … because I acctually use "re0" as LAN and "ath0" as WAN ?!

    I would be really happy about every kind of a good clue ;-)

    Thanks

    LeoLinux



  • the ngxx interfaces are the vpn tunnels from the ptpp server



  • pptp server and pppoe server use the same interfaces net graph ng0-ng what ever. you can now start them both to gether but there is some more work to get them to run side by side.

    basically it does not work you can only run either pppoe server or pptp server



  • "basically it does not work you can only run either pppoe server or pptp server"
    ^^
    yes I just noticed that ;-/ is it really impossible or might it be possible to get it running?
    what vpn mode is better faster safer  -  PPPoE or PPTP … I think it's PPPoE Server - isn't it?

    ... and is there any possibility to set a speed limit to each user via the RADIUS? and where do I set up th IP adress to each user if I use RADIUS in the new pfsense Reease 1.2-BETA-1?

    and a third question ... I settet up a successfully running pptp server several times ... and after that I had to make a rule like that in firewall --> rules --> pptp:

    to let traffic pass:

    Action: Pass
    Interface PPTP
    Protocol any
    Source PPTP Clients
    Destination any
    Description PPTP Clients –> any

    ^^ worked fine so far
    ... but know I want to do the same fo my PPPoE (PPTP is not running during that) but it would not work. if I start a connection over PPPoE I can't ping anything except my pfsense router.

    it looked like that:

    Action: Pass
    Interface PPPoE
    Protocol any
    Source PPPoE Clients
    Destination any
    Description PPPoE Clients –> any

    what's the matter ? Did I forget anything?

    Thanks

    LeoLinux



  • @LeoLinux:

    yes I just noticed that ;-/ is it really impossible or might it be possible to get it running?
    what vpn mode is better faster safer  -  PPPoE or PPTP … I think it's PPPoE Server - isn't it?

    just difficult at the moment not impossible it is on my plan
    better safer faster they are very different things pptp is really for tunnelling pppoe of AAA

    @LeoLinux:

    … and is there any possibility to set a speed limit to each user via the RADIUS? and where do I set up th IP adress to each user if I use RADIUS in the new pfsense Reease 1.2-BETA-1?

    yes and no if/when problems with ip shaper and pf get sorted YES now NO
    add the ip addresses to your radius server users under FRAMEDIPADDRESS

    @LeoLinux:

    … but know I want to do the same fo my PPPoE (PPTP is not running during that) but it would not work. if I start a connection over PPPoE I can't ping anything except my pfsense router.

    it looked like that:

    Action: Pass
    Interface PPPoE
    Protocol any
    Source PPPoE Clients
    Destination any
    Description PPPoE Clients –> any

    dont know of any reason that does not work check that the client has a valid address inside the range.
    check advanced outbound nat
    see if you can ping client from firewall
    it does work maybe your remote ip overlaps something



  • Hi,

    just difficult at the moment not impossible it is on my plan
    better safer faster they are very different things pptp is really for tunnelling pppoe of AAA

    what is AAA?
    Do you think it's possible to let PPPoE run under WAN and PPTP under LAN?

    dont know of any reason that does not work check that the client has a valid address inside the range.
    check advanced outbound nat
    see if you can ping client from firewall
    it does work maybe your remote ip overlaps something

    • I left Outbound Nat by default .. I didn't make any changes - my pfsense is just freshly installed - the only thing I changed was the PPPoE server which I enabled, and I installed RADIUS Server. by the way .. why do I ALWAYS have to start the RADIUS installation 2 times before it works 100% - is this a bug or just on my hardware?

    • I can ping every client INSIDE my LAN but not google or anything outside of my WAN anymore. (I'm teesting my PPPoE inside of my LAN)

    • what does that mean overlap?

    my pfsense's IP is: 10.1.10.1/8

    I setted up my PPPoE subnet mask to 8 Bit

    (btw. I just don't understand why I could choose a subnet mask because there could only connect 254 poeple at the same time … ?! and even thats not working for me .. because if I choose "No. PPPOE users" to 254 my PPPoE client wont connect anymore ;-/ it's only working until 200 .. sometimes ...

    my PPPoE Server IP is: 12.1.10.1
    and my PPPoE Clients starting at: 12.0.0.0 --> I can type what ever I want .. pfsense is always resetting it to 12**.0.0.0**

    add the ip addresses to your radius server users under FRAMEDIPADDRESS

    so it's not possible for the pfsense freeradius edition to Users an IP? And another question would be if I can instal the freeradius webinterface to pfsence: http://www.freeradius.org/dialupadmin.html .. something like that with more options …. I think many options are not shown in the pfsense version ...

    yes and no if/when problems with ip shaper and pf get sorted YES now NO

    why don't you guys want to change that? In my opinion that's a very big reason for chaning it - I think that's why we all want to have pfsense - because it rocks ;-) except a few bugs  ;-) but I can't programm so I shut up ;-)

    AND when we are talking about bugs … why the hell does pfsense want to sync time during the boot ?!?! that sucks .. it hangs there about over a minute and gets nothing .... I'm pretty sure you can remove that - can't you?

    and only one more thing .. a long time ago I wrote you guys an eMail... I offered myselfe to help you getting pfsense translated into german - but nobody resonsed - so one more time: are you interestead in my help?

    Thanks for your help!

    LeoLinux



  • @LeoLinux:


    and only one more thing .. a long time ago I wrote you guys an eMail... I offered myselfe to help you getting pfsense translated into german - but nobody resonsed - so one more time: are you interestead in my help?

    Multilanguage support is only in the HEAD codetree (what probably will become 2.0). Until that happens there will be a lot of changes everywhere. Starting to translate only makes sense once the 2.0 goes somewhere near beta imo as the translations will break if text in the english version is changed or as some things will be added later before you can start to translate them. When the time has come we'll be happy to accept any support we can get for the translations.



  • @LeoLinux:

    what is AAA?
    Do you think it's possible to let PPPoE run under WAN and PPTP under LAN?

    authorisation access and accounting
    pppoe is only a client on wan so this is fine.

    what is AAA?
    Do you think it's possible to let PPPoE run under WAN and PPTP under LAN?

    my pfsense's IP is: 10.1.10.1/8
    my PPPoE Server IP is: 12.1.10.1

    (btw. I just don't understand why I could choose a subnet mask because there could only connect 254 poeple at the same time … ?! and even thats not working for me .. because if I choose "No. PPPOE users" to 254 my PPPoE client wont connect anymore ;-/ it's only working until 200 .. sometimes ...

    what version are you running 1.3 branch has lots of changes to mpd daemon that runs pppoe and pptp and all 254 are available there is some code change to allow all 1000 pppoe tunnels works fine on the right hardware. it seems like you need to understand these things a little better before asking quiet so many questions. great things to know.
    hardware platform running on
    embedded full install
    version of pfsense

    add the ip addresses to your radius server users under FRAMEDIPADDRESS

    i dont know about that package you will have to ask the pkg maintainer
    we use pfsense as a firewall only and have external radius servers

    why don't you guys want to change that? In my opinion that's a very big reason for chaning it - I think that's why we all want to have pfsense - because it rocks ;-) except a few bugs  ;-) but I can't programm so I shut up ;-)

    look into it before you ask silly questions this is not a pfsense issue

    AND when we are talking about bugs … why the hell does pfsense want to sync time during the boot ?!?! that sucks .. it hangs there about over a minute and gets nothing .... I'm pretty sure you can remove that - can't you?

    this does not live in this thread your time servers, dns or sometime must be wrong because ours works just fine



  • @aldo

    I'm sorry asking about RADIUS.

    Thanks for the PPPoE informations.

    what version are you running 1.3 branch has lots of changes to mpd daemon that runs pppoe and pptp and all 254 are available there is some code change to allow all 1000 pppoe tunnels works fine on the right hardware. it seems like you need to understand these things a little better before asking quiet so many questions. great things to know.
    hardware platform running on
    embedded full install
    version of pfsense

    ^^ what kind of hardware are you talking about?
    ^^ you're right - I have to learn a lot of stuff - but that's why I'm here - and I'm happy that I get answers of you guys!!! ;-)

    @hoba

    Multilanguage support is only in the HEAD codetree (what probably will become 2.0). Until that happens there will be a lot of changes everywhere. Starting to translate only makes sense once the 2.0 goes somewhere near beta imo as the translations will break if text in the english version is changed or as some things will be added later before you can start to translate them. When the time has come we'll be happy to accept any support we can get for the translations.

    When do you think will 2.0 be ready? How should we go on? Do you want to cantact me via e-Mail when your ready or do you want to give me a date when I should mail you?

    Leander



  • @LeoLinux:

    @hoba

    Multilanguage support is only in the HEAD codetree (what probably will become 2.0). Until that happens there will be a lot of changes everywhere. Starting to translate only makes sense once the 2.0 goes somewhere near beta imo as the translations will break if text in the english version is changed or as some things will be added later before you can start to translate them. When the time has come we'll be happy to accept any support we can get for the translations.

    When do you think will 2.0 be ready? How should we go on? Do you want to cantact me via e-Mail when your ready or do you want to give me a date when I should mail you?

    Leander

    There's really no eta on this yet. Before 2.0 will come out there will be at least one other version in between (1.3 which is already in the works). I recommend "sit back, relax and enjoy the ride" for now. We'll announce when 2.0 gets ready for translation and ask for help when the time has come.



  • @LeoLinux:

    ^^ what kind of hardware are you talking about?

    is the platform embedded or low ram this might be why it cannot create all the pppoe or pptp ng interfaces
    1.3 of mpd (version 1.2 of pfsense) has an issue in the daemon where it stops after 200 and something so
    i think this is problery your problem.



  • my Hardware is about an Intel III with 350 MHz and 368MB MB RAM installed on a CF card with 256 MB 50% space left. 10 MB swap wich was never ever used by pfsense.

    Leander


Log in to reply