Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help me convert ML-PPP CISCO config to pfsense

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      iFloris
      last edited by

      Good day fellow pfsense users!

      In a few weeks we are moving shop to a bigger and better location.
      Everything is great, except for the internet access.
      Long story short, the only economical choice is stacking 2 dsl lines using ml-ppp.

      My internet provider wanted to sell me a cisco 1841 to do that, but I knew that pfsense is also quite capable of performing this function.
      We are going to be using two dsl modems connected to a vlan capable 8 port switch, connecting the two modems and switch itself to pfsense through vlans 1-3.

      One of the engineers at my ISP was kind enough to send me a 'blank' config for their 1841's so that I could take their settings and apply it to pfSense.
      Here comes my request; I think I understand the config, but I would really appreciate someone more knowledgable (that's all of you!) looking over my shoulder and helping me figure out what boxes to tick in pfSense..

      The config is as follows:

      
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname >>>>(C4)<<<<
!
boot-start-marker
boot-end-marker
!
enable secret >>>>(C5)<<<<
username >>>>(C4)<<<< password >>>>(C5)<<<<
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
interface FastEthernet0/0
 no shutdown
 ip address >>>>(C1)<<<< >>>>(C3)<<<<
 duplex auto
 speed auto
!
!
interface ATM0/0/0
 no shutdown
 no ip address
 no atm ilmi-keepalive
 pvc >>>>(C6)<<<>>>(C7)<<<<
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface ATM0/1/0
 no shutdown
 no ip address
 no atm ilmi-keepalive
 pvc 0 >>>>(C6)<<<>>>(C7)<<<<
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 mtu 1492
 ip unnumbered FastEthernet0/0
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username >>>>(C4)<<<<@solcon.net password >>>>(C5)<<<<
 ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
no ip http server
!
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
 password >>>>(C5)<<<<
 login
!
scheduler max-task-time 5000
end

      It seems to me that most of that config is basic networking stuff, mostly set to auto.
      The relevant bit appears to be this:

      interface Dialer0
 mtu 1492
 ip unnumbered FastEthernet0/0
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username >>>>(C4)<<<<@solcon.net password >>>>(C5)<<<<
 ppp multilink

      However I do not recognise these settings on pfSense's ml-ppp page.

      Thanks for looking at this and any help you can offer!

      Edit: Some things I read before making this post:
      http://doc.pfsense.org/index.php/Multi-Link_PPP_(MP/MLPPP)
      http://doc.pfsense.org/index.php/2.0_New_Features_and_Changes#Interfaces
      http://www.webhostingtalk.nl/nl-internet-providers/118371-dsl-met-hoge-upload.html#axzz2LTscTNI4
      http://www.mmacleod.ca/blog/2010/01/freebsd-and-multilink-ppp/
      http://redmine.pfsense.org/issues/1489
      http://forum.pfsense.org/index.php/topic,56012.msg299466.html#msg299466

      one layer of information
      removed

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Read over http://doc.pfsense.org/index.php/Multi-Link_PPP_%28MP/MLPPP%29 and then ask questions from there.

        1 Reply Last reply Reply Quote 0
        • I
          iFloris
          last edited by

          @podilarius:

          Read over http://doc.pfsense.org/index.php/Multi-Link_PPP_%28MP/MLPPP%29 and then ask questions from there.

          Hello Podilarius, thanks for your reply.
          That document is actually what led me to use two modems and vlans as opposed to buying a Cisco. I read the doc a few times, but what I don't get is how the Cisco config does not even mention most options on pfsense's pppoe page.
          My assumption is that these things are auto negotiated as per the docs and the descriptions on the pppoe page on pfsense, but I want to be sure before diving in.

          one layer of information
          removed

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            On my PPPoE setup page, there is only select the interface and then username, password, and service name (which is usually left blank). There are no more options, are you having troubles connecting?

            1 Reply Last reply Reply Quote 0
            • I
              iFloris
              last edited by

              @podilarius:

              On my PPPoE setup page, there is only select the interface and then username, password, and service name (which is usually left blank). There are no more options, are you having troubles connecting?

              Hello Podliarius, thanks again for your reply.
              As of yet, we do not have access to said ml-ppp connection.
              We are in the process of convincing our ISP that there is an alternative option to use ML-PPP other than buying an expensive Cisco.

              Since we are going to do something unsupported by our ISP, we are left to our own devices.
              Despite that, and engineer working at our ISP has been helpful enough to send us a blank ML-PPP config for their Cisco device.

              What I am trying to work out is how this config would translate to pfSense.
              It might well be the case that I only need to set a username and password and everything will work.

              But, on the chance that that is not the case, we would prefer to know in advance what the settings we need to change are.
              Specifically, I am referring to the advanced options such as vjcomp(compression), tcpmssfix, shortseq, acfcomp and protocomp.

              The parts in the Cisco config about mtu and mss clamping won't be a problem, as I have already been informed that a normal MTU of 1500 will work fine.

              one layer of information
              removed

              1 Reply Last reply Reply Quote 0
              • P
                podilarius
                last edited by

                I think for a PPPoE connection 1492 MTU actually works better. All except for TCPmssFix is auto negotiated on PPPoE link initialization. TCPmssFix is enabled by default and probably should be left that way. Even in the CISCO config that was sent you have "dsl operating-mode auto" on the 2 member interfaces and the main dialer is all auto except for username and password. On second look, they are setting up PPPoA and not PPPoE. However, according to http://forum.pfsense.org/index.php/topic,1884.msg24643.html#msg24643 setting the modems to bridge allows PPPoE and your config should work.

                1 Reply Last reply Reply Quote 0
                • I
                  iFloris
                  last edited by

                  @podilarius:

                  I think for a PPPoE connection 1492 MTU actually works better. All except for TCPmssFix is auto negotiated on PPPoE link initialization. TCPmssFix is enabled by default and probably should be left that way. Even in the CISCO config that was sent you have "dsl operating-mode auto" on the 2 member interfaces and the main dialer is all auto except for username and password. On second look, they are setting up PPPoA and not PPPoE. However, according to http://forum.pfsense.org/index.php/topic,1884.msg24643.html#msg24643 setting the modems to bridge allows PPPoE and your config should work.

                  Thanks Podilarius, that is exactly the cisco-pfsense translation I was looking for!

                  We are buying dirt-cheap TP-link modems as described by Javik here.
                  These modems can be set to bridge so PPPoE would then work if I understand correctly.

                  Also good to read that you too think that everything in the cisco config has been set to auto.
                  Now we can confidently tell our ISP that using seperate modems and pfSense is a viable alternative to their Cisco.

                  Perhaps they will even consider deploying this setup themselves..

                  I will update this page in a few weeks when everything has been installed and set up to let everyone know how things turned out, so that someone looking for similar information can find it.

                  one layer of information
                  removed

                  1 Reply Last reply Reply Quote 0
                  • I
                    iFloris
                    last edited by

                    Update:

                    Since my last post we have moved to our new location.
                    There are quite a few things that I have learned in the past weeks concerning multi wan, PPPoE and PPPoA, ML-PPP and DSL in general.
                    With Podliarius' information/translation I was able to convince my provider that the setup as proposed would work.

                    Unfortunately, we ran into quite a few snags along the way.
                    We purchased two TD8816 modems, but these we unable to provide the required bridging.
                    RFC1483 is not the same as PPPoA -> PPPoE media conversion. PPPoE only works if the ISP actually has the protocol running somewhere.
                    In the case of our ISP as I understand it, everything is pure ATM until past the DSLAM.

                    Instead, we needed modems that were able to masquerade as PPPoA client in a transparant fashion, while providing a PPPoE server on the router's side.
                    Searching this forum, I came across a post by Stephenw10 referring to a specific modem capable of PPPoA -> PPPoE translation.
                    We purchased two of these modems and pfsense was able to connect to our ISP through them.

                    However, ML-PPP does not seem to be active. We contacted our ISP and they insist that they have explicitly enabled ML-PPP on their end.
                    In the PPP log, I see a lot of chatter, but I am unable to determine if pfSense is even attempting to connect with ML-PPP.

                    ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM c29a637b
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #175
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM c29a637b
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #174
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM c29a637b
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #173
ppp: [wan_link1] LCP: state change Starting --> Req-Sent
ppp: [wan_link1] LCP: Up event
ppp: [wan_link1] Link: UP event
ppp: [wan_link1] PPPoE: connection successful
ppp: PPPoE: rec'd ACNAME "Vigor2000 PPPoE"
ppp: [wan_link1] PPPoE: Connecting to ''
ppp: [wan_link1] Link: reconnection attempt 1630
ppp: [wan_link1] Link: reconnection attempt 1630 in 2 seconds
ppp: [wan_link1] LCP: LayerStart
ppp: [wan_link1] LCP: state change Stopped --> Starting
ppp: [wan_link1] LCP: Down event
ppp: [wan_link1] Link: DOWN event
ppp: [wan_link1] PPPoE: connection closed
ppp: [wan_link1] LCP: LayerFinish
ppp: [wan_link1] LCP: state change Req-Sent --> Stopped
ppp: [wan_link1] LCP: parameter negotiation failed
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #172
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #171
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #170
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #169
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #168
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #167
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #166
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #165
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #164
ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28
ppp: [wan_link1] MP SHORTSEQ
ppp: [wan_link1] MP MRRU 2048
ppp: [wan_link1] MAGICNUM 3be9b6e4
ppp: [wan_link1] MRU 1492
ppp: [wan_link1] PROTOCOMP
ppp: [wan_link1] LCP: SendConfigReq #163
ppp: [wan_link1] LCP: state change Starting --> Req-Sent
ppp: [wan_link1] LCP: Up event
ppp: [wan_link1] Link: UP event
ppp: [wan_link1] PPPoE: connection successful
ppp: PPPoE: rec'd ACNAME "Vigor2000 PPPoE"
ppp: [wan_link1] PPPoE: Connecting to ''
ppp: [wan_link1] Link: reconnection attempt 1629
ppp: [wan_link1] Link: reconnection attempt 1629 in 4 seconds
ppp: [wan_link1] LCP: LayerStart
ppp: [wan_link1] LCP: state change Stopped --> Starting

                    Regardless of ML-PPP, both DSL connections work and I can choose which IP I want to use on WAN by using the login data for either DSL connection.

                    So, we are three quarters of the way there.
                    Can someone help me figure out if there is something wrong on my end or if there is something my ISP needs to set up?

                    one layer of information
                    removed

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.