Pppoe server units

aldo

sorry complete misunderstanding I dont know where you got the openvpn interface thing from.(maybe another thread. well anyway this bit of it is below. wires seem to be crossed. this problem is seperate from any thing else. Are you talking about the thread in the support mailing list.
I have found my own fix for that and did not expect that to be fixed for V1. just wanted feedback. This thread is for this issue. I would make it function as it is meant to in respect to gui and number of units. If there are some great ideas about the ng interfaces i would love to here them.

PPPOE UNITS PROBLEM

the problem seem to lye vpn.inc and in the passing of the subnet in the web interface.
you can set the subnet in the web interface (pppoe_vpn.php) but the pppoe units uses this field in the (vpn.inc)
for actual pppoe_units

maybe if the web interface was more consistant with the pptp interface the problem would not exist.
See the snips below

SNIP vpn.inc

line 865 for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
line 866 $mpdconf .= " load pppoe{$i}\n";
line 867 }
line 868
line 869 for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {

SNIP config.xml

<pppoe><username><password><provider><radius></radius>
<remoteip>10.250.2.0</remoteip>
<localip>192.168.2.1</localip>
<mode>server</mode>
<interface>lan</interface>
<n_pppoe_units>24</n_pppoe_units></provider></password></username></pppoe>

note the n_pppoe_units which is acutally the subnet not the number of units. but in vpn.inc
it is being parsed as the number of pppoe units.

I will have a look at ammending the pppoe_vpn.php page tomorrow. but i was finding it a little
difficult to read at home on a 15 inch monitor. I am sure it will make more sence on two 21 inch ones.

aldo

@sullrich:

#1 OLSR is a feature that in part the employer who pays my salary wants it in. Sorry, but I have to eat.

#2 A lot of work was done by 2-3 people on their own to get OpenVPN up to speed, I didnt spend any time on it.

#3 Reflection was a mistake, I agree as I worked my ass of on it and didnt get paid for it as promised.

#4 OLSR WAS in there prior to the feature freeze as well!  It just lacked a GUI.

The problem with PPPoE is that you said its useless to you unless it has interfaces similar to OpenVPN.  Sorry, but that is just too much work and will cause all kinds of problems for 1.0.

PPPoE Server will be back in 1.1 so its not a complete loss, and all the functionality is still present, I simply removed the link from the main menu to it.

we irrespective of what i think personally about this issue Scott you and the other developers have done a sterling job overall. And thanks for your justifications, they make me seem a little harsh and feel a little bad. I apolosie for my manner.

aldo

It seems that i have isolated most of the issues and have created a ticket to reflect these
changes required. If anyone could give me some direction on how to create the rdr rules on the pppoe alias i would be greatful.
as i have made all the changes nessercary to our developer build for the moment.

and it is only the rdr that is a problem now.

http://cvstrac.pfsense.com/tktview?tn=854

sullrich

Like I said prior, adding rdr capabilities to 1.0 is not going to be easy, nor is it something we are planning on doing.  It will delay the release a LOT and we cannot afford this.

aldo

@sullrich:

Like I said prior, adding rdr capabilities to 1.0 is not going to be easy, nor is it something we are planning on doing.  It will delay the release a LOT and we cannot afford this.

i understand i just thought that your ideas about how you would plan to do it would be good. cos then i could look at the idea. don't worry i did'nt mean to cause strife. i have noted the issues that i have found and could fix myself and was just looking for any more info.

aldo

@aldo:

@sullrich:

Like I said prior, adding rdr capabilities to 1.0 is not going to be easy, nor is it something we are planning on doing.  It will delay the release a LOT and we cannot afford this.

i understand i just thought that your ideas about how you would plan to do it would be good. cos then i could look at the idea. don't worry i did'nt mean to cause strife. i have noted the issues that i have found and could fix myself and was just looking for any more info.

attached is the diff for vpn_pppoe.php

vpn_pppoe.php.diff.txt

sullrich

We dont need to calculate that value since its calculated from the subnet mask that the person chooses.

I fixed all the other issues but I still havent seen anything reported on how it works.

aldo

will checkout the changes you have made and try again.
my understanding of part of the issue was here.

• if (($_POST['pppoe_subnet'] && !is_ipaddr($_POST['remoteip']))) {
  $input_errors[] = "A valid remote start address must be specified.";

and here

Subnet netmask

• <select id="n_pppoe_units" name="n_pppoe_units">+    </select>
          for($x=0; $x<33; $x++) {
• if($x == $pconfig['n_pppoe_units'])

• if($x == $pconfig['pppoe_units'])
  $SELECTED = " SELECTED";
  else
  $SELECTED = "";

when you ask in the web gui for subnet mask you put this value into pppoe units. i did not see this changed. so my diff fixes this add adds pppoe units in. I saw that n_pppoe_units seems to be auto calculated in your recent commit but i dont think you dealt with this part of the problem.

aldo

the vpn_consilidation seems to stop the replication of the configuration.

I just noticed a small error in my previous post but i think you will understand me.
If you like i will rediff it with just the subnetmask fix that seems to be required.

sullrich

Yes you are correct.  This appears to be anothe rproblem.  I'll check into this but would appreciate you checking the rest of my changes out.

sullrich

@aldo:

the vpn_consilidation seems to stop the replication of the configuration.

I just noticed a small error in my previous post but i think you will understand me.
If you like i will rediff it with just the subnetmask fix that seems to be required.

Go for it.

aldo

pppoe replication of config file only seems to occur at boot time now.
each time pfsense is rebooted it adds the config to the bottom of the exsisting file.

maybe the contents of /var/etc/mpd-vpn should be removed on each reboot.

aldo

just noticed the aliases for ptpp and pppoe in pf
seem to be allocated like so ptpp ng0 to 16
pppoe ng 17 to 31. this seems to be based on the default values
that are hardcoded for these. so even if ptpp if off
it will stilll have ng0 to ng16 allocated to it.

other changes seem fine.

the pppoe_subnet issue seems to be a little more difficult.
I know you dont like my patch but it works right. In respect
to the subnet and the n_pppoe_units setting is that it should
be possible to have a subnet of /24 but have a unit setting
of anything up to 254. The example would be multiple NAS devices
and one IPpool. You might set each Nas with the same /24 and
allocate Ip's from one radius pool. also you might have a subnet
of /24 with internal allocations but only activate 25 units.
but in three months add 30 more units cos you have more clients.

just thoughts i know how you feel about this staying hardcoded.
but it looks easier if it was not.

sullrich

@aldo:

just noticed the aliases for ptpp and pppoe in pf
seem to be allocated like so ptpp ng0 to 16
pppoe ng 17 to 31. this seems to be based on the default values
that are hardcoded for these. so even if ptpp if off
it will stilll have ng0 to ng16 allocated to it.

Okay, this should be fixed now.

@aldo:

other changes seem fine.

the pppoe_subnet issue seems to be a little more difficult.
I know you dont like my patch but it works right. In respect
to the subnet and the n_pppoe_units setting is that it should
be possible to have a subnet of /24 but have a unit setting
of anything up to 254. The example would be multiple NAS devices
and one IPpool. You might set each Nas with the same /24 and
allocate Ip's from one radius pool. also you might have a subnet
of /24 with internal allocations but only activate 25 units.
but in three months add 30 more units cos you have more clients.

just thoughts i know how you feel about this staying hardcoded.
but it looks easier if it was not.

I was waiting on an updated patchset :)

aldo

sorry scott just an update i have one patch done but not 100% happy have been busy working on a large project and tinkering with quagga on pfsense which has been going well. will have a better one for you by the end of the weekend

sullrich

Okay, no problem-o.

sullrich

PPPoE is fully working now.

Please cvs_sync.sh releneng_1 and test!

Tested so far:

• Port forwards

• Firewall rules

• Radius