Help me convert ML-PPP CISCO config to pfsense
-
Good day fellow pfsense users!
In a few weeks we are moving shop to a bigger and better location.
Everything is great, except for the internet access.
Long story short, the only economical choice is stacking 2 dsl lines using ml-ppp.My internet provider wanted to sell me a cisco 1841 to do that, but I knew that pfsense is also quite capable of performing this function.
We are going to be using two dsl modems connected to a vlan capable 8 port switch, connecting the two modems and switch itself to pfsense through vlans 1-3.One of the engineers at my ISP was kind enough to send me a 'blank' config for their 1841's so that I could take their settings and apply it to pfSense.
Here comes my request; I think I understand the config, but I would really appreciate someone more knowledgable (that's all of you!) looking over my shoulder and helping me figure out what boxes to tick in pfSense..The config is as follows:
version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname >>>>(C4)<<<< ! boot-start-marker boot-end-marker ! enable secret >>>>(C5)<<<< username >>>>(C4)<<<< password >>>>(C5)<<<< ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip domain lookup no ftp-server write-enable ! ! ! interface FastEthernet0/0 no shutdown ip address >>>>(C1)<<<< >>>>(C3)<<<< duplex auto speed auto ! ! interface ATM0/0/0 no shutdown no ip address no atm ilmi-keepalive pvc >>>>(C6)<<<>>>(C7)<<<< encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface ATM0/1/0 no shutdown no ip address no atm ilmi-keepalive pvc 0 >>>>(C6)<<<>>>(C7)<<<< encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Dialer0 mtu 1492 ip unnumbered FastEthernet0/0 encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username >>>>(C4)<<<<@solcon.net password >>>>(C5)<<<< ppp multilink ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 permanent ! no ip http server ! dialer-list 1 protocol ip permit ! control-plane ! ! line con 0 stopbits 1 line aux 0 line vty 0 4 password >>>>(C5)<<<< login ! scheduler max-task-time 5000 end
It seems to me that most of that config is basic networking stuff, mostly set to auto.
The relevant bit appears to be this:interface Dialer0 mtu 1492 ip unnumbered FastEthernet0/0 encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username >>>>(C4)<<<<@solcon.net password >>>>(C5)<<<< ppp multilink
However I do not recognise these settings on pfSense's ml-ppp page.
Thanks for looking at this and any help you can offer!
Edit: Some things I read before making this post:
http://doc.pfsense.org/index.php/Multi-Link_PPP_(MP/MLPPP)
http://doc.pfsense.org/index.php/2.0_New_Features_and_Changes#Interfaces
http://www.webhostingtalk.nl/nl-internet-providers/118371-dsl-met-hoge-upload.html#axzz2LTscTNI4
http://www.mmacleod.ca/blog/2010/01/freebsd-and-multilink-ppp/
http://redmine.pfsense.org/issues/1489
http://forum.pfsense.org/index.php/topic,56012.msg299466.html#msg299466 -
Read over http://doc.pfsense.org/index.php/Multi-Link_PPP_%28MP/MLPPP%29 and then ask questions from there.
-
Read over http://doc.pfsense.org/index.php/Multi-Link_PPP_%28MP/MLPPP%29 and then ask questions from there.
Hello Podilarius, thanks for your reply.
That document is actually what led me to use two modems and vlans as opposed to buying a Cisco. I read the doc a few times, but what I don't get is how the Cisco config does not even mention most options on pfsense's pppoe page.
My assumption is that these things are auto negotiated as per the docs and the descriptions on the pppoe page on pfsense, but I want to be sure before diving in. -
On my PPPoE setup page, there is only select the interface and then username, password, and service name (which is usually left blank). There are no more options, are you having troubles connecting?
-
On my PPPoE setup page, there is only select the interface and then username, password, and service name (which is usually left blank). There are no more options, are you having troubles connecting?
Hello Podliarius, thanks again for your reply.
As of yet, we do not have access to said ml-ppp connection.
We are in the process of convincing our ISP that there is an alternative option to use ML-PPP other than buying an expensive Cisco.Since we are going to do something unsupported by our ISP, we are left to our own devices.
Despite that, and engineer working at our ISP has been helpful enough to send us a blank ML-PPP config for their Cisco device.What I am trying to work out is how this config would translate to pfSense.
It might well be the case that I only need to set a username and password and everything will work.But, on the chance that that is not the case, we would prefer to know in advance what the settings we need to change are.
Specifically, I am referring to the advanced options such as vjcomp(compression), tcpmssfix, shortseq, acfcomp and protocomp.The parts in the Cisco config about mtu and mss clamping won't be a problem, as I have already been informed that a normal MTU of 1500 will work fine.
-
I think for a PPPoE connection 1492 MTU actually works better. All except for TCPmssFix is auto negotiated on PPPoE link initialization. TCPmssFix is enabled by default and probably should be left that way. Even in the CISCO config that was sent you have "dsl operating-mode auto" on the 2 member interfaces and the main dialer is all auto except for username and password. On second look, they are setting up PPPoA and not PPPoE. However, according to http://forum.pfsense.org/index.php/topic,1884.msg24643.html#msg24643 setting the modems to bridge allows PPPoE and your config should work.
-
I think for a PPPoE connection 1492 MTU actually works better. All except for TCPmssFix is auto negotiated on PPPoE link initialization. TCPmssFix is enabled by default and probably should be left that way. Even in the CISCO config that was sent you have "dsl operating-mode auto" on the 2 member interfaces and the main dialer is all auto except for username and password. On second look, they are setting up PPPoA and not PPPoE. However, according to http://forum.pfsense.org/index.php/topic,1884.msg24643.html#msg24643 setting the modems to bridge allows PPPoE and your config should work.
Thanks Podilarius, that is exactly the cisco-pfsense translation I was looking for!
We are buying dirt-cheap TP-link modems as described by Javik here.
These modems can be set to bridge so PPPoE would then work if I understand correctly.Also good to read that you too think that everything in the cisco config has been set to auto.
Now we can confidently tell our ISP that using seperate modems and pfSense is a viable alternative to their Cisco.Perhaps they will even consider deploying this setup themselves..
I will update this page in a few weeks when everything has been installed and set up to let everyone know how things turned out, so that someone looking for similar information can find it.
-
Update:
Since my last post we have moved to our new location.
There are quite a few things that I have learned in the past weeks concerning multi wan, PPPoE and PPPoA, ML-PPP and DSL in general.
With Podliarius' information/translation I was able to convince my provider that the setup as proposed would work.Unfortunately, we ran into quite a few snags along the way.
We purchased two TD8816 modems, but these we unable to provide the required bridging.
RFC1483 is not the same as PPPoA -> PPPoE media conversion. PPPoE only works if the ISP actually has the protocol running somewhere.
In the case of our ISP as I understand it, everything is pure ATM until past the DSLAM.Instead, we needed modems that were able to masquerade as PPPoA client in a transparant fashion, while providing a PPPoE server on the router's side.
Searching this forum, I came across a post by Stephenw10 referring to a specific modem capable of PPPoA -> PPPoE translation.
We purchased two of these modems and pfsense was able to connect to our ISP through them.However, ML-PPP does not seem to be active. We contacted our ISP and they insist that they have explicitly enabled ML-PPP on their end.
In the PPP log, I see a lot of chatter, but I am unable to determine if pfSense is even attempting to connect with ML-PPP.ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM c29a637b ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #175 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM c29a637b ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #174 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM c29a637b ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #173 ppp: [wan_link1] LCP: state change Starting --> Req-Sent ppp: [wan_link1] LCP: Up event ppp: [wan_link1] Link: UP event ppp: [wan_link1] PPPoE: connection successful ppp: PPPoE: rec'd ACNAME "Vigor2000 PPPoE" ppp: [wan_link1] PPPoE: Connecting to '' ppp: [wan_link1] Link: reconnection attempt 1630 ppp: [wan_link1] Link: reconnection attempt 1630 in 2 seconds ppp: [wan_link1] LCP: LayerStart ppp: [wan_link1] LCP: state change Stopped --> Starting ppp: [wan_link1] LCP: Down event ppp: [wan_link1] Link: DOWN event ppp: [wan_link1] PPPoE: connection closed ppp: [wan_link1] LCP: LayerFinish ppp: [wan_link1] LCP: state change Req-Sent --> Stopped ppp: [wan_link1] LCP: parameter negotiation failed ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #172 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #171 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #170 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #169 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #168 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #167 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #166 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #165 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #164 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #163 ppp: [wan_link1] LCP: state change Starting --> Req-Sent ppp: [wan_link1] LCP: Up event ppp: [wan_link1] Link: UP event ppp: [wan_link1] PPPoE: connection successful ppp: PPPoE: rec'd ACNAME "Vigor2000 PPPoE" ppp: [wan_link1] PPPoE: Connecting to '' ppp: [wan_link1] Link: reconnection attempt 1629 ppp: [wan_link1] Link: reconnection attempt 1629 in 4 seconds ppp: [wan_link1] LCP: LayerStart ppp: [wan_link1] LCP: state change Stopped --> Starting
Regardless of ML-PPP, both DSL connections work and I can choose which IP I want to use on WAN by using the login data for either DSL connection.
So, we are three quarters of the way there.
Can someone help me figure out if there is something wrong on my end or if there is something my ISP needs to set up?