Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsesne is behind ISP ADSL modem

    Scheduled Pinned Locked Moved IPsec
    12 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jai23155
      last edited by

      All, My PFsense 2.0.2 firewall is sitting behind ISP modem and I set the modem in bridged mode, disabled NAT. Trying to setup PFsense as PPPoE but WAN interface doesn't get an IP from ISP when i provided the login details. if i enable the DHCP on modem it gets LAN IP which rules out the issue with NIC card (USB to Ethernet adapter). trying to setup site-to-site VPN but i can't unless i have a public IP on PFsense WAN interface. any help would be appreciated. thanks

      1 Reply Last reply Reply Quote 0
      • C
        Clouseau
        last edited by

        Do you really have to use PPPoE? I have adsl2+ modem bridget and WAN interfce type is DCHP - thats it.

        –--------------------------------------------------------------
        Multible Alix 2D13, APU1,APU2,APU3 - pfSense 2.4.x 64bit
        Multible Vmware vSphere - pfSense 2.4.x 64bit

        pfSense - FreeNAS - OwnCloud

        1 Reply Last reply Reply Quote 0
        • J
          jonallport
          last edited by

          Typically consumer ADSL routers won't do what you're proposing.  'Bridge' mode usually means that the router uses the same IP address on the LAN interface as it gets from the ISP, so if you have (e.g.) a /29 subnet allocation from the ISP you will get x.y.z.1 =router x.y.z.2-6 for your use, and you can dole out those addresses via DHCP.

          I have only ever seen the Draytek Vigor 120 which is a true 'bridge' - in effect a PPPoE / PPPoA media converter.

          Have you looked at port-forwarding / DMZ options on your 'modem'? You don't necessarily need your pfSense WAN interface to be 'public' so long as the public traffic will reach it.

          1 Reply Last reply Reply Quote 0
          • J
            jai23155
            last edited by

            Closeau, i've that setup in one of our offices which works charm. but, this one i have tried to put ADSL modem in bridge mode, it's still in bridge mode by the way and PFsense doesn't get IP through DHCP. But it gets LAN IP if i enable dhcp on modem.
            Jonallport, DMZ is on at the moment, PFsense deals with port forwarding and PFsense has a private IP which is on diff subnet from LAN IP. in this case, VPN is temperamental.
            Let me know if you need more info. cheers

            1 Reply Last reply Reply Quote 0
            • J
              jonallport
              last edited by

              When you say
              @jai23155:

              VPN is temperamental.

              what are the symptoms?

              1 Reply Last reply Reply Quote 0
              • J
                jai23155
                last edited by

                It connects occasionally and disconnects automatically or It shows as connected at one end and disconnected at other end. cheers

                1 Reply Last reply Reply Quote 0
                • J
                  jonallport
                  last edited by

                  Are both ends pfSense?
                  Do the settings match (!)?

                  1 Reply Last reply Reply Quote 0
                  • J
                    jai23155
                    last edited by

                    Yes, both ends PFsense and settings do match. thanks

                    1 Reply Last reply Reply Quote 0
                    • J
                      jonallport
                      last edited by

                      Phase 1 proposal checking is set to?

                      1 Reply Last reply Reply Quote 0
                      • J
                        jai23155
                        last edited by

                        see attached

                        pfsense.jpg
                        pfsense.jpg_thumb

                        1 Reply Last reply Reply Quote 0
                        • J
                          jonallport
                          last edited by

                          Have you tried proposal checking=obey?

                          1 Reply Last reply Reply Quote 0
                          • J
                            jai23155
                            last edited by

                            haven' tried it. thing is if I enable IPSec VPN and keep trying, the users cant use IPsec clients. so i have to do it out of ours. if it is up n running, they don't need IPsec clients. cheers

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.