PFsesne is behind ISP ADSL modem

jai23155

All, My PFsense 2.0.2 firewall is sitting behind ISP modem and I set the modem in bridged mode, disabled NAT. Trying to setup PFsense as PPPoE but WAN interface doesn't get an IP from ISP when i provided the login details. if i enable the DHCP on modem it gets LAN IP which rules out the issue with NIC card (USB to Ethernet adapter). trying to setup site-to-site VPN but i can't unless i have a public IP on PFsense WAN interface. any help would be appreciated. thanks

Clouseau

Do you really have to use PPPoE? I have adsl2+ modem bridget and WAN interfce type is DCHP - thats it.

jonallport

Typically consumer ADSL routers won't do what you're proposing.  'Bridge' mode usually means that the router uses the same IP address on the LAN interface as it gets from the ISP, so if you have (e.g.) a /29 subnet allocation from the ISP you will get x.y.z.1 =router x.y.z.2-6 for your use, and you can dole out those addresses via DHCP.

I have only ever seen the Draytek Vigor 120 which is a true 'bridge' - in effect a PPPoE / PPPoA media converter.

Have you looked at port-forwarding / DMZ options on your 'modem'? You don't necessarily need your pfSense WAN interface to be 'public' so long as the public traffic will reach it.

jai23155

Closeau, i've that setup in one of our offices which works charm. but, this one i have tried to put ADSL modem in bridge mode, it's still in bridge mode by the way and PFsense doesn't get IP through DHCP. But it gets LAN IP if i enable dhcp on modem.
Jonallport, DMZ is on at the moment, PFsense deals with port forwarding and PFsense has a private IP which is on diff subnet from LAN IP. in this case, VPN is temperamental.
Let me know if you need more info. cheers

jonallport

When you say
@jai23155:

VPN is temperamental.

what are the symptoms?

jai23155

It connects occasionally and disconnects automatically or It shows as connected at one end and disconnected at other end. cheers

jonallport

Are both ends pfSense?
Do the settings match (!)?

jai23155

Yes, both ends PFsense and settings do match. thanks

jonallport

Phase 1 proposal checking is set to?

jai23155

see attached

jonallport

Have you tried proposal checking=obey?

jai23155

haven' tried it. thing is if I enable IPSec VPN and keep trying, the users cant use IPsec clients. so i have to do it out of ours. if it is up n running, they don't need IPsec clients. cheers