PPPoe connection cannot reconnect after periodic 24h reset and CRASHES



  • Hello everyone,

    I configured a network of 3 subnetworks (one interface for each) and one interface for the router (pppoe).

    The PPPoe connection works fine, but from time to time there is a problem with it.

    The problem is that my ISP automatically initiates a reset of the link every 24 hours. So to prevent a disconnection during opening hours, I initiate myself a reset of the connection every day at 05:00 in the morning with the periodic reset in the pppoe settings.

    But it works not perfect, because from time to time, my pppoe connection is down (pending in gateway status).

    I have to go on the interfaces status page and click on the "connect button" myself (sometimes I have to do it twice because it fails)

    After that everything is fine until the next reset that fails.

    Is there any connection/retry setting to avoid this? Can this be implemented in a further version like… after 24 hours try 4 times with a pause of 10 seconds to reconnect?

    Thanks in advance



  • Unfortunately I can't give you any advise but I am interested in your topic.
    So far, all my installs have an old pfsense box (some of them i386) and a ADSL router.
    Since the ADSL router is there, I so far haven't had the need to configure PPPoE.
    But that's about to change. One of my providers is about to leave ADSL and will install a FTTH link terminated with an ONT. That will force me to do the PPPoE on the pfSense box and I need it to be reliable and stable.
    So, how reliable/stable is pfSense when dealing with PPPoE?
    Cheers



  • Hi rds_correia,

    I couldn't remember that i had any problem until pfsense hit 2.1 and the small numbers with that problem 2.1.1… to 2.1.3

    Just today I had a CRASH at reconnect time! (report in attachment)

    Dyndns works better with pppoe.
    Better traffic shaping and QoS (small but noticeable different)

    I would prefer the constellation with pfsense -> modem over the pfsense -> router version until someone finds a fix for my problem?!

    crash.txt



  • One of my internet access points is PPPoE with new IP every 24h, but I never had to restart the connection by hand. Sounds a little bit like a lousy-provider problem…

    You could have a daily Cron job established to restart your interface, I guess, but I can't give you details on the code, sorry!



  • @DaReaLDeviL:

    I would prefer the constellation with pfsense -> modem over the pfsense -> router version until someone finds a fix for my problem?!

    Sorry, I lost you there. Isn't it supposed to be?
    ISP <–--> Modem/Router/ONT/etc <----> pfSense <----> LAN
    Then either you do PPPoE on the Modem or you do it on pfSense, right?



  • Sorry for my confusing answer.

    ISP <–--> Modem <----> pfSense <----> LAN

    is the right description. PPPoE is on the PFSense, so you have more control and less sources of error.
    A year ago I have to use the router of my isp and shared control of it. The isp does the firmware updates,
    and every time they have done it... the dhcp server on the router changed to active. Only one short example
    of the problems that I had.

    Today I had a crash again! Don't know how to go ahead :(
    Same time... 5:30 am (reconnect time)

    I'm not sure if my problem base something to do with https://forum.pfsense.org/index.php?topic=41061.210



  • Could you solve your problem in the meantime? I've got a similar one: after my pfsense executed the planned disconnect (or the isp did it) it is sometimes (1 of 3 or 4) not able to reestablish the wan link again.
    Before I used a separate router in front of the pfsense which established the pppoe connection and I never had problems like this, but now that I turned the router into a dumb modem I have to manually reconnect every few days. By the way, I am running 2.3.4_1



  • Is there any connection/retry setting to avoid this? Can this be implemented in a further version like… after 24 hours try 4 times with a pause of 10 seconds to reconnect?

    It comes all with the configuration likes you have done in pfSense and what is in front of pfSense!
    Here in Germany many or nearly all ISPs are doing that "break" and the most of us prefer to set
    the time also to the early night or morning hours.

    So at first it would be nice for us all to know all devices in front of the pfSense firewall box.

    The problem is that my ISP automatically initiates a reset of the link every 24 hours. So to prevent a disconnection during opening hours, I initiate myself a reset of the connection every day at 05:00 in the morning with the periodic reset in the pppoe settings.

    You mention you did set up to have this break from the internet in the early morning at 05:00 o clock, right?
    Where have you set it up? On the pfSense or on a common router in front of the pfSense? Is this an AVM Fritz!Box?

    I couldn't remember that i had any problem until pfsense hit 2.1 and the small numbers with that problem 2.1.1… to 2.1.3

    It depends also all on the setting in the pfSense WANsetup. If there is configured out that the pfSense should be looking
    at the WAN on packet loss or connection lost is a wide difference is able to judge about the crash or reconnecting
    and fine running without any attention of you.

    Dyndns works better with pppoe.
    Better traffic shaping and QoS (small but noticeable different)

    PPPoE is cou single core usage and not so fast as without, so it is more slowing down your entire WAN connection.

    I would prefer the constellation with pfsense -> modem over the pfsense -> router version until someone finds a fix for my problem?!

    There are two camps talking about the pro and the contra of this both ways, so each must be choosing it by his own!
    Pro for AVM FB: (in front of the pfSense)

    • With a AVM FB in front of the pfSense I am able to set up the time for the daily break or cut off from the internet
    • With a AVM FB in front of the pfSense I am able to use the IPSec VPN together with their iOS and Android VPN
      Apps, the Windows VPN Application or plain the ShrewSoft VPN client software without any problems.
    • With the AVM FB in front of the pfSense I don´t need additional VOIP Hardware and get fax abilities on top of this
    • With the AVM FB in front of the pfSense you will be able to set up at the WAN interface of the pfSense a static IP
      address and it is not anymore using the single CPU core at the WAN side!

    Contra for AVM FB: (in front of the pfSense)

    • You may has now a double NAT situation and a so called router cascade, so you will be not able to
      use all functions and packets like other users and customers.
    • You will loose peding on the double NAT ca. ~3% - 5% from the entire throughput of your Internet connection.
    • You may be not able to use the VPN capabilities from the pfSense firewall or you must open one port at the AVM FB
    • You must or should be placing the entire hardware behind the AVM FB to get over VPN connection to this but
      without the ability to use Squid as a Proxy between the Internet and without IDS such snort that is inspecting
      all packets!

    Contra for the modem: (in front of the pfSense)
    If you are using VDSL2 & Vectoring there are not many modems out for that!

    • DrayTek Vigor 130 (first choice), ZYXEL VMG1312-B30A (second choice) and AllNet VDSL2 Modems (budget)
      (ALLNET ALL4781-VDSL2-SFP / Switch Modul (Mini-GBIC), VDSL2 Telco) if it is supporting your ISP you may
      only need a free SFP slot! And the change to newer Internet connections will be faster with less hassle of all!!!
    • You often need a Cisco VOIP adapter (working well with the German Telekom All-IP-Internet accounts) behind
      the pfSense firewall
    • You cut yourself the fax abilities from the AVM FB or should be placing a small fax server inside of the DMZ
    • On other Internet connections if you may change the ISP
    • You may not be able to set the time to intermit (break) or cut your Internet connection at a specific time!

    Pro for the modem: (in front of the pfSense)

    • All abilities, functions and options are given to you and able to insert, use or serve for you
    • less hassle to set up for you
    • less problems for you with any kind of maintenance and updates
    • ISP plastic routers are often only be able to hit 200 - 300 MBit/s at the WAN (here in Germany) but the modems
      are able to serving more to oyur pfSense and if your pfSense is real strong you can use it longer times.

    ISP <–--> Modem <----> pfSense <----> LAN

    Or ISP –- ONT --- Modem --- pfSense --- Switch --- LAN is also able to walk here.

    If there will be no VPN in the game play I would suggest to  set up the following;

    • Go and watch out for the Gateway settings
    • Set up at pfSense an static IP address from the routers network to the WAN set up
    • Turn off the WAN gateway monitoring


  • How do the ISPs "reset" the connection for you all? (I might be getting impacted by something similar)



  • How do the ISPs "reset" the connection for you all? (I might be getting impacted by something similar)

    How they do it in real I don´t really know, but with more and more FTTH or FTTC accounts they will also give many
    IP Adresses a very long lease time, that will be then no problem to connect the home network for many users, but
    all ADSL/ADSL2/VDSL/VDSL2 Internet accounts are affected to this behavior here in Germany.


Log in to reply