PPPoE issue? [SOLVED]

badgernaut

Hi,

Re: pfSense-LiveCD-2.2-DEVELOPMENT-amd64-20140904-1821

I'm having no luck trying to setup PPPoE on my pfSense box, connected to my DrayTek Vigor120 ADSL2+ modem (that does PPPoA-PPPoE bridging). I've looked over pages and pages of current and historical forum posts, and have tried things like:

• checking /var/etc/mpd_wan.conf has null service name configured (and trying with the default '' by hacking /etc/inc/interfaces.inc to build the file with a '' instead)
• checking logs: clog /var/log/system | egrep '(mpd|ppp)'

…but no matter what I try to do, I still get the following repeating failed attempts at creating the PPPoE link:

Sep 12 17:08:14 	ppp: [wan_link0] LCP: Down event
Sep 12 17:08:14 	ppp: [wan_link0] Link: DOWN event
Sep 12 17:08:14 	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
Sep 12 17:08:05 	ppp: [wan_link0] PPPoE: Connecting to ''
Sep 12 17:08:05 	ppp: [wan_link0] Link: reconnection attempt 1
Sep 12 17:08:03 	ppp: [wan_link0] Link: reconnection attempt 1 in 2 seconds
Sep 12 17:08:03 	ppp: [wan_link0] LCP: Down event
Sep 12 17:08:03 	ppp: [wan_link0] Link: DOWN event
Sep 12 17:08:03 	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
Sep 12 17:07:54 	ppp: [wan_link0] PPPoE: Connecting to ''
Sep 12 17:07:54 	ppp: [wan_link0] LCP: LayerStart
Sep 12 17:07:54 	ppp: [wan_link0] LCP: state change Initial --> Starting
Sep 12 17:07:54 	ppp: [wan_link0] LCP: Open event
Sep 12 17:07:54 	ppp: [wan_link0] Link: OPEN event
Sep 12 17:07:54 	ppp: [wan] Bundle: Interface ng0 created
Sep 12 17:07:54 	ppp: web: web is not running
Sep 12 17:07:54 	ppp: process 21153 started, version 5.7 (root@builder-10.0-b3-amd64 07:20 29-Apr-2014)
Sep 12 17:07:54 	ppp:
Sep 12 17:07:54 	ppp: Multi-link PPP daemon for FreeBSD

I appreciate I'm using the above snapshot of an Alpha build, but could you tell me if this is a known problem with the snapshot or something I can theoretically get to work?

Some things I've noticed that may or may not be an issue:

• 'ifconfig -a' shows both my base WAN interface and the created PPPoE interface ('pppoe0') configured with an MTU of 1500 (even when I set the MTU of the PPPoE iface to 1492 in the Web GUI). I would at least expect the 'pppoe0' iface to be set correctly? Would this be a problem?
• when I hack the /etc/inc/interfaces.inc file to add the 'log -bund -iface …' line in the mpd5 section, it doesn't appear to give me any extra logging info. Can someone tell me how I can enable detailed mpd/ppp logging so I can do some more debugging? I may have missed a log file, but I thought mpd5 logs to system/ppp.log? The current logging output (above) doesn't give me much to go on...

Some things in the back of my mind:

• might my ISP require a specific form of CHAP auth? The mpd5 documentation says that 'set link accept chap' has chap as an alias for chap-md5 chap-msv1 chap-msv2, "but favours Microsoft CHAP over md5" - given that I don't know how mpd5 works, could this be a problem? (Again, if I had better logging output, it might tell me?)
• might there be a problem having pfSense in a PPPoE Client mode trying to connect to my Vigor120 modem?

Any pointers? If someone can throw me a bone, I'll keep trying  ::)

Cheers,

b4dg3rn4ut

P.S. the reason I need to use the 2.2 snapshot, is that my hardware is only recognised in FreeBSD v10.x …  :'(

eri--

It seems that you just do not have a proper link on your ethernet interface!

badgernaut

Thanks ermal, I hope it is that simple! (I couldn't deduce that from the logs - the trigger for the Link Down events appears to be the 'PPPoE connection timeout after 9 seconds' event.)

Hmm… perhaps it's a Layer 1 issue!

...but then again, would the interface show up as UP and RUNNING?

I'll check at a lower level and see...

badgernaut

Well… Thought it might work if I used a crossover cable instead of a straight through...  :-[ No difference. Still fails to establish PPPoE connection  ::)

There was a post about Draytek firmware being buggy, I'll try a different version and see.

It would be good to get more verbose logging: does anyone know how to enable that?

hoanghaibinh

Have you tried to dial internet directly from your ADSL modem yet? was it successful? Then, when you connect pfsense WAN interface to internet via modem using PPPoE, did you joint pfsense with modem directly or via a switch (or hub)? If you joint them indirectly, it would be fail. Try do it directly.

iFloris

@badgernaut:

There was a post about Draytek firmware being buggy, I'll try a different version and see.

What you are trying to do can be done, as we use a similar setup using two Draytek Vigor 120 modems.
The modems do pppoa to pppoe conversion. Pfsense load balances between the two dsl lines.
Both modems are running the stock firmware, or to clarify: I have never updated the firmware on either modem.

Pfsense version is an old 2.2 snap:
2.2-ALPHA (amd64)
built on Wed Sep 11 18:17:37 EDT 2013
FreeBSD 8.3-RELEASE-p11
(But I will not upgrade till 2.2 release, because angry mob with pitchforks should something go wrong again)

If there is something I can look up for you to help, let me know.

badgernaut

@hoanghaibinh:

Have you tried to dial internet directly from your ADSL modem yet? was it successful? Then, when you connect pfsense WAN interface to internet via modem using PPPoE, did you joint pfsense with modem directly or via a switch (or hub)? If you joint them indirectly, it would be fail. Try do it directly.

Thanks hoang: I'm not going via a Layer2 hub, I'm connecting directly with a crossover cable.

I tried with a Windows 7 machine, and PPPoE worked fine through the 120… Haven't yet tried authenticating via the modem yet, but assume that will work. Will try later.

@iFloris:

@badgernaut:

There was a post about Draytek firmware being buggy, I'll try a different version and see.

What you are trying to do can be done, as we use a similar setup using two Draytek Vigor 120 modems.
The modems do pppoa to pppoe conversion. Pfsense load balances between the two dsl lines.
Both modems are running the stock firmware, or to clarify: I have never updated the firmware on either modem.

Pfsense version is an old 2.2 snap:
2.2-ALPHA (amd64)
built on Wed Sep 11 18:17:37 EDT 2013
FreeBSD 8.3-RELEASE-p11
(But I will not upgrade till 2.2 release, because angry mob with pitchforks should something go wrong again)

If there is something I can look up for you to help, let me know.

Thanks iFloris: I've just flashed with the very latest firmware from Draytek (3.2.6.1), which claims to have some fixes for PPPoE and PPPoA on the ISP side. A new install of the latest pfSense 2.2 Beta snapshot, tried again… It worked! ...for a couple of hours... Then went back to not being able to establish a PPPoE link again.  :'(

There's something fruity going on between the modem (in bridge mode) and pfSense. Probably a combination of Draytek's firmware implementing their interpretation of the standard, alongside mpd5 (in FreeBSD, the module pfSense uses) interpreting it a slightly different way... Needs more investigation!

Wolf666

I have installed pfSense 2.2-Beta (amd64) (release 06OCT) on a box with a Supermicro ASRi-2558 board. I also use a Vigor120 v.2 (my ISP is PPPoA ONLY, Tiscali Italy).

Everything is working pretty fine, PPPoE authentication from pfSense is straight forward and connection (10/1) is stable.

badgernaut

@Wolf666:

I have installed pfSense 2.2-Beta (amd64) (release 06OCT) on a box with a Supermicro ASRi-2558 board. I also use a Vigor120 v.2 (my ISP is PPPoA ONLY, Tiscali Italy).

Everything is working pretty fine, PPPoE authentication from pfSense is straight forward and connection (10/1) is stable.

Hi Wolf,

That's promising! Could you tell me the exact Draytek firmware you are using? Also, was it on a factory reset (using factory defaults) on the Vigor 120 v2 modem, or have you changed any of the settings?

Thanks  :)

Wolf666

@badgernaut:

@Wolf666:

I have installed pfSense 2.2-Beta (amd64) (release 06OCT) on a box with a Supermicro ASRi-2558 board. I also use a Vigor120 v.2 (my ISP is PPPoA ONLY, Tiscali Italy).

Everything is working pretty fine, PPPoE authentication from pfSense is straight forward and connection (10/1) is stable.

Hi Wolf,

That's promising! Could you tell me the exact Draytek firmware you are using? Also, was it on a factory reset (using factory defaults) on the Vigor 120 v2 modem, or have you changed any of the settings?

Thanks  :)

I updated the firmware to:

Vigor120_v2_v3.2.6.1_A_STD –--> Annex A for modem code 321311. (Standard)

I then made a factory reset and let those default settings (included GUI user and blank password). I only set up parameters of my ISP PPPoA connection (excluded user and PWD, of course) and activated PPPoA<–->PPPoE function (PPPoE Pass-through) and changed Modem IP to a different subnet. (Modem 10.0.0.1, Routers 192.168.x.x).

Save, power cycle.

I then first tested the modem with a Netgear3700 (OpenWRT) and R7000 (DD-WRT), just to check connectivity with several and working FW type, everything was ok.

Last I connected Vigor to pfSense unit (Switched OFF) I then switched on the pfSense unit (previously set up WAN with PPPoE, my ISP login and auto dial ON) waited for boot sequence and in few second it got connection.

I totally renewed my LAN (adding pfSense and this new modem), everything is up and running from 3 days.

badgernaut

@Wolf666:

I then made a factory reset and let those default settings (included GUI user and blank password). I only set up parameters of my ISP PPPoA connection (excluded user and PWD, of course) and activated PPPoA<–->PPPoE function (PPPoE Pass-through) and changed Modem IP to a different subnet.

When you say you activated PPPoA-PPPoE function, which setting was that? In mine it appears to be all set correctly after a factory reset with default values. Have I missed a setting? (I leave the 'PPPoE Client (enable/disable)' enabled; the PPPoA-PPPoE Bridging is already ticked but also greyed out so I couldn't change it.)

I'll try your steps in the same order, tonight. Thanks!

badgernaut

Finally got it all working  :D

Latest firmware, and leaving the PPPoE Client Mode to default-enabled (an old forum post said that this should be disabled) seemed to work.

I think there may still be a small issue with successful PPPoE connections/links being dependent on the order in which the devices are booted up (e.g. modem has to be booted up first, then pfSense box); I don't have time to do a thorough investigation at the moment, though. I would hope that the order wouldn't matter, but from experience I know this takes extra effort and isn't always implemented.

Thanks for everyone's help! :)

casinmirad

For me PPPoE client on pfsense have issues on connecting, same setup with a Windows machine as PPPoE client connects ok.

Something you could try for troublshoot is doing this is SSH

tcpdump -i [interface]

or

tcpdump -i [interface] pppoed

Where [interface] is your interface name, e.g. em0; em0_vlan5

The second command will output the negotiation packets of a PPPoE session so you can pinpoint where exactly it fails.

In a single case I have a pfsense box that will only connect when and only when I run the tcpdump command, most probably something went bad with the installation of pfsense, but anyway it happened and only affect PPPoE sessions.

badgernaut

I haven't got around to using TCPdump, will have a look over the weekend.

That is weird: have you changed iptables?