4. PFsesne is behind ISP ADSL modem

PFsesne is behind ISP ADSL modem

  • J

    All, My PFsense 2.0.2 firewall is sitting behind ISP modem and I set the modem in bridged mode, disabled NAT. Trying to setup PFsense as PPPoE but WAN interface doesn't get an IP from ISP when i provided the login details. if i enable the DHCP on modem it gets LAN IP which rules out the issue with NIC card (USB to Ethernet adapter). trying to setup site-to-site VPN but i can't unless i have a public IP on PFsense WAN interface. any help would be appreciated. thanks

    0
  • C

    Do you really have to use PPPoE? I have adsl2+ modem bridget and WAN interfce type is DCHP - thats it.

    0
  • J

    Typically consumer ADSL routers won't do what you're proposing.  'Bridge' mode usually means that the router uses the same IP address on the LAN interface as it gets from the ISP, so if you have (e.g.) a /29 subnet allocation from the ISP you will get x.y.z.1 =router x.y.z.2-6 for your use, and you can dole out those addresses via DHCP.

    I have only ever seen the Draytek Vigor 120 which is a true 'bridge' - in effect a PPPoE / PPPoA media converter.

    Have you looked at port-forwarding / DMZ options on your 'modem'? You don't necessarily need your pfSense WAN interface to be 'public' so long as the public traffic will reach it.

    0
  • J

    Closeau, i've that setup in one of our offices which works charm. but, this one i have tried to put ADSL modem in bridge mode, it's still in bridge mode by the way and PFsense doesn't get IP through DHCP. But it gets LAN IP if i enable dhcp on modem.
    Jonallport, DMZ is on at the moment, PFsense deals with port forwarding and PFsense has a private IP which is on diff subnet from LAN IP. in this case, VPN is temperamental.
    Let me know if you need more info. cheers

    0
  • J

    When you say
    @jai23155:

    VPN is temperamental.

    what are the symptoms?

    0
  • J

    It connects occasionally and disconnects automatically or It shows as connected at one end and disconnected at other end. cheers

    0
  • J

    Are both ends pfSense?
    Do the settings match (!)?

    0
  • J

    Yes, both ends PFsense and settings do match. thanks

    0
  • J

    Phase 1 proposal checking is set to?

    0
  • J

    see attached


    0
  • J

    Have you tried proposal checking=obey?

    0
  • J

    haven' tried it. thing is if I enable IPSec VPN and keep trying, the users cant use IPsec clients. so i have to do it out of ours. if it is up n running, they don't need IPsec clients. cheers

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy