PPPoE on WAN link for Centurylink gigabit service



  • I have tried to do this a number of times and can't make it work so I am hoping someone on the forum can help me with my issue.

    I have been using pfsense for a couple of years now but switched over from the local cable company to Centurylink as they just started offering gigabit service to my location. They provided a modem/router (technicolor C2000T) but I would prefer to use my pfsense device. I have followed the installation guide to set up the WAN link using PPPoE but have had no luck getting the link up. My understanding is Centurylink requires all WAN traffic to be tagged using VLAN 201. I believe I configured that but am happy to follow advice from others to confirm. Also, I have read they require a MTU setting of 1492 and I have configured this in the WAN settings page but still no luck.

    There are some other details I found looking at the settings on the C2000T that may or not be applicable so I will list them below in the interest of being detailed.

    The following are displayed on the Modem Status pages, they are not settable on this page, just displayed.

    ISP Protocol: PPPoE
    WAN Connection Type: Ethernet
    VLAN Type Selected: Auto Detect - Tagged 201
    MTU Size: 1484
    MSS SIze: 1444
    RWIN Size: 5776

    The following are the settings (I will list the other options like this) under the Advanced Setup tab of the C2000T.

    Broadband Settings page
    WAN Type: Auto Select (options for ADSL, VDSL and WAN Ethernet Port 5)
    WAN Type Selected: WAN Ethernet Port 5

    Transport Mode: Auto Select (options for Tagged and Untagged)
    Transport Mode Selected: Tagged - VLAN 201

    VLAN ID: 201 (text entry box)
    MTU: 1492 (text entry box)

    WAN Settings page
    ISP Protocol: Auto Select (options for PPPoE, IPoE, IPoE via Static IP (both tagged and untagged) and Transparent Bridging (both tagged and untagged)
    Protocol Selected: PPPoE

    PPP Username: xxxxxxx@qwest.net
    PPP Password: xxxxxxxx

    PPP Auto Connect: Enable (option for Disable)
    No PPP Credentials: Disable (option for Enable)

    IP Addressing Type: Dynamic IP (options for Single Static and Block of Static IP addresses)

    DNS Type: Dynamic DNS (option for Static DNS)

    I know this C2000T supports transparent bridging but before someone recommends using it that way please understand I would prefer to not use two devices to connect if I don't have to, that way I can return the C2000T and just use pfsense. I believe this should be possible as the way the C2000T is configured now the WAN link is just ethernet with some special parameters Centurylink has decided to use.

    Thank you in advance for the help anyone can give me.



  • Have you bridged the Technicolor pachyderm?

    Any time I move the PPPoE config off of an ISP DSL router and onto a pfsense WAN interface, I have to bridge the DSL modem.  I imagine that may be your issue here.

    Qwest may have that locked down or out though.

    Edit:  2 minutes of googling yielded this:
    http://internethelp.centurylink.com/internethelp/modem-c2000t-adv-bridging-ctl.html



  • almabes, thank you for the reply. I do know that the modem offers a bridging option, I would prefer to not have to use that mode as I want to return the C2000T. Reading through the documentation I have been able to find, the gigabit service they provide is not done using any type of DSL. So I believe I should be able use only my pfsense box to authenticate using PPPoE on the WAN interface.

    Also, I should have stated in my original email I am running the current release of pfsense (2.2.2).

    If you have any other thoughts or ideas I am open to trying them.

    Thank you again for trying to help me out.


  • LAYER 8 Netgate

    Why wouldn't you be able to return it after setting bridge mode?



  • I could. The problem is that I cannot get my pfsense device to authenticate on the WAN link/ethernet drop Centurylink provides. So returning the modem would (regardless of if it was in bridge mode or not) prevent my from accessing the internet.

    I am sorry I was not more clear in stating my issue.



  • I'm skeptical you're going to be able to stop using the C2000T altogether, they probably have additional checks, one idea that comes to mind would be to clone the WAN MAC address of the C2000T onto your pfsense WAN interface.



  • It looks like Centurytel uses some form of xDSL to provide your bandwidth.  You will not be able to eliminate the Technicolor modem from you setup, unless you replace it with some other xDSL modem.

    Around these parts, AT&T's high speed DSL offering uses crappy CPE with an embedded certificate for authentication.  You can't dump their crappy CPE, and it only somewhat supports a bridge mode.

    Bridge that puppy and get the PPPoE configuration on the WAN interface of pfSense.


  • LAYER 8 Netgate

    The C2000T has DSL and ethernet WAN ports it looks like.  OP can you port a picture of the back of the C2000T when the service is working?  If DSL, you'll need to use  a DSL modem of some sort.  If ethernet handoff you might be able to get it working with nothing but pfSense WAN.

    Also, you seem to have some uncertainty that you tagged VLAN 201 correctly.  What did Interfaces > (assign) look like when you tried it?

    From what I can tell if you tag vlan 201 to Centurylink's ONT it should work.  My couple minutes of searching yield:

    • People reporting PPPoE and/or DHCP working

    • People reporting you might need to clear the MAC address (ARP) table in the ONT with a reboot if you change routers.



  • O@Derelict:

    The C2000T has DSL and ethernet WAN ports it looks like.  OP can you port a picture of the back of the C2000T when the service is working?  If DSL, you'll need to use  a DSL modem of some sort.  If ethernet handoff you might be able to get it working with nothing but pfSense WAN.

    Also, you seem to have some uncertainty that you tagged VLAN 201 correctly.  What did Interfaces > (assign) look like when you tried it?

    From what I can tell if you tag vlan 201 to Centurylink's ONT it should work.  My couple minutes of searching yield:

    • People reporting PPPoE and/or DHCP working

    • People reporting you might need to clear the MAC address (ARP) table in the ONT with a reboot if you change routers.

    Just re-read the OP, and he states that the its set for Ethernet, so I retract my previous "Bridge that puppy" statement.  I misunderstood how CenturyLink handed off to you.

    First you'll need to know which interface is WAN, in my case it's re1

    Then, from the Interfaces (assign) menu option you will add VLAN 201 and assign it to your WAN interface (re1 in my case)

    You then can reassign your WAN interface to re1 VLAN 201

    Last you should be able to configure your PPPoE credentials on the WAN interface.








  • Thank you for the suggestions both almabes and Derelict. As soon as I am able I will configure as suggested and post images of the configuration with results.



  • Sorry for the delay in posting back an update. I was called out of town for an unscheduled trip.

    almabes and Derelict, I am happy to report that I now have a connected link on the WAN. However, pfsense can't seem to connect to the outside world even thought the link is UP. The version window in the dashboard states "Unable to check for updates" and the Gateway Monitoring Daemon (apinger) is stopped and under the Gateways the WAN_PPPOE status is Unknown.

    So far I have tried rebooting the ONT but that did not change anything (link still goes up, but no passing traffic). I tried using the MTU value of 1492 as my google searching said that was a Centurylink requirement as well as not putting a MTU value in (default) and that doesn't change anything, I get the link UP but no passing of traffic.

    Any other ideas you can think of to try?

    Let me know if you want me to post some specific image of a configuration tab from pfsense.

    Thank you again for any help you can provide.



  • Post a screenshot of Status–System Logs--PPP tab.

    Maybe that will point us in the right direction.

    Edit:
    Status--Interfaces might be helpful, too.



  • Ok. Both are attached.

    Thank you again for your help.






  • I decided to give Centurylink support a call to see what if anything they could do to help me. I spent about an hour on the phone with the GPON support engineer. He did state that they do not require a MTU of 1492, that is a direct contradiction to what the settings on my C2000T modem show. So I think I will keep trying it both ways. We tried a number of other configuration changes, but no matter what could not seem to get the entire link process to complete. He stated he could see that my system had established a link and taken the full 1 gigabit of bandwidth available but that the PPPoE authentication was not completing. He noted that authentication attempts are logged to their RADIUS server and that from the entries he could see it looked like the pfSense server was starting a connection and then requesting to closing the connection itself.

    I am going to continue trying to get this to work and will post updates if I make progress.

    If any other members of the forum have advice feel free to provide input.

    A special thank you to almabes for taking time to try and troubleshoot this with me.



  • Maybe this will help you.
    https://www.dslreports.com/forum/r29358085-VLAN-Tagging-on-Tomato-for-FTTH

    I have read about people successful in get CL to remove VLAN tagging, then you won't need their router at all.



  • Have you made any progress?

    I will soon be attempting the same thing with CenturyLink.



  • I, too, would love to hear the progress for this issue. I would like to be able to get rid of CT2000, and have pfsense connect directly to CenturyLink.



  • I received CenturyLink Gigabit Internet service two weeks ago and was able to immediately replace the C2000T with pfSense for use with the service. It was simple to setup.

    Here are the steps:

    • Create a VLAN with ID 201, Interfaces>Assign>VLANs

    • Assign the VLAN to the WAN parent interface

    • Create a PPP interface for the WAN, Interfaces>Assign>PPPs

    • Make the following PPP settings:

    Link type - PPPoE
                Link interface(s) - WAN interface with VLAN, e.g. igb1_vlan201
                Provide the Username and Password for the CenturyLink account
                Save

    At this point, the WAN interface will connect to the CenturyLink service.

    I have noticed that the C2000T is about 20 percent faster on download speed tests and on parity with upload speed tests when compared to pfSense running on a SG-4860. Not exactly sure why that would be the case. Still investigating.

    Screenshots of the settings below.

    ![Voila_Capture 2015-06-08_04-16-51_PM.png](/public/imported_attachments/1/Voila_Capture 2015-06-08_04-16-51_PM.png)
    ![Voila_Capture 2015-06-08_04-16-51_PM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-06-08_04-16-51_PM.png_thumb)
    ![Voila_Capture 2015-06-08_04-15-56_PM.png](/public/imported_attachments/1/Voila_Capture 2015-06-08_04-15-56_PM.png)
    ![Voila_Capture 2015-06-08_04-15-56_PM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-06-08_04-15-56_PM.png_thumb)



  • superweasel, thank you for posting some detail. For some reason new post to thread notifications were not reaching me so I was not aware that new posts had been made.

    I tried to follow your instructions and even went so far as to do a complete new install of 2.2.3 to make sure old configuration changes were not affecting me but I still can't get pfsense to work with Centurylink. By following your advice I have made more progress than before. I was unclear about what the WAN link should be set to on Interfaces (assign) so I put it to the PPPoE option created by following your instructions. pfsense then gets an IP address on the WAN link but clients on the LAN can't get to the internet. Screen shots are below, note in PPPtoWAN image that pfsense gets and IP address, can tell it is on the current release but the 1000baseT full duplex is missing. When I set the WAN back to em0 (default) I get the 1000baseT link full duplex but no IP address.

    I am sure there is some minor setting I am missing, and I would appreciate any further advice you have.

    Thank you in advance for any help you can provide.






  • With an IP address from CenturyLink, the WAN side of the house is all set. IP address from CenturyLink is the critical piece. With PPPoE, pfSense does not report connection speed or duplex.

    Make sure the PPPoE Gateway is set as the Default Gateway (System>Routing, see image below). You might also want to add the CenturyLink DNS servers to your DNS list (System>General>DNS servers, see image below).

    As for the LAN side, most likely a firewall issue or route issue. Make sure you are not blocking routes to the WAN from LAN (see image below). Just to verify, take a look at Diagnostics>Routes to see if LAN can route to WAN.

    Last one, in researching the speed issue with pfSense and gigabit PPPoE connections, I opened a support ticket with pfSense. As of v2.2.3, pfSense will not attain gigabit speeds with PPPoE (https://redmine.pfsense.org/issues/4821).

    ![Voila_Capture 2015-07-20_07-40-22_AM.png](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-40-22_AM.png)
    ![Voila_Capture 2015-07-20_07-40-22_AM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-40-22_AM.png_thumb)
    ![Voila_Capture 2015-07-20_07-34-11_AM.png](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-34-11_AM.png)
    ![Voila_Capture 2015-07-20_07-34-11_AM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-34-11_AM.png_thumb)
    ![Voila_Capture 2015-07-20_07-34-58_AM.png](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-34-58_AM.png)
    ![Voila_Capture 2015-07-20_07-34-58_AM.png_thumb](/public/imported_attachments/1/Voila_Capture 2015-07-20_07-34-58_AM.png_thumb)



  • superweasel, many thanks for your posts. I am now up and running on pfSense!. It turns out the inability for clients to access the WAN was because CenturyLink was moving the IP the assigned to me at the same time I was trying to browse the web from a client. With others asking "when is the internet going to be up again?" instead of taking time to make sure things were right I just assumed there was some setting I was missing.

    As to your bug report, I would like to help prove an issue as my pfSense system is yielding about 1/3 to 1/2 the performance I get when using the technicolor modem. I will message you directly about that.

    Thank you again for the detail you provided. I appreciate it.



  • I am guessing the PPPoE requirement is region specific as I did not need to set this up here in the Twin Cities (Support also confirmed this as well).

    Cheers,

    Dan



  • @superweasel:

    Last one, in researching the speed issue with pfSense and gigabit PPPoE connections, I opened a support ticket with pfSense. As of v2.2.3, pfSense will not attain gigabit speeds with PPPoE (https://redmine.pfsense.org/issues/4821).

    Thanks for tracking this down.  I've been wondering why I can't get gigabit over centurylink but was able to between hosts on the WAN and LAN interfaces.  Didn't think that PPPoE would have been the factor here.



  • Can anyone confirm that the PPPoE performance issue has been addressed in v.2.3?

    Thanks!



  • I have just upgraded to CenturyLink Fiber Gigabit as well, and after getting pfSense to connect to the PPPoE, I can only manage at most 300 Mbps Down and 350 Mbps Up.

    My CPU info is included in attachment.

    I have both Gigabit NIC's on the LAN and WAN.

    When I hook up the CenturyLink C2100T I can get 700+Mbps Up and Down. Can anyone pull high speeds with pfSense?

    ![Pfsense Version.PNG](/public/imported_attachments/1/Pfsense Version.PNG)
    ![Pfsense Version.PNG_thumb](/public/imported_attachments/1/Pfsense Version.PNG_thumb)



  • I had the opposite problem.  I got ~900 up/down when my pfSense was connected directly to the ONT and establishing the PPPoE connection, but only get ~700 up/down when the C2100T is in place to provide routing for my /29 subnet.

    attached is my cpu info.




  • I have tried everything suggested in this thread - VLAN201 on WAN, PPPoE on VLAN201, and input username and password. It then says that it is "up" but no IP address is received and not internet.

    Any thoughts for further actions?

    Thanks,

    Tyler



  • Bump… Gave this a try last month, hoping for a solution, or advice for how to build the PPPoE with multithread available.



  • According to https://redmine.pfsense.org/issues/4821 it is related to igb driver, are you all using Intel igb NICs? Currently solution is only to change the hardware — more powerful CPU that can handle 1Gbit with single core and/or other Intel card, that uses em(4) driver.



  • @teeler123:

    I have tried everything suggested in this thread - VLAN201 on WAN, PPPoE on VLAN201, and input username and password. It then says that it is "up" but no IP address is received and not internet.

    Any thoughts for further actions?

    Thanks,

    Tyler

    What version of pfsense do you have? 2.4.1 had a bug that didn't not let the VLAN interface work. 2.4.2-RELEASE  fixes that and it should work. I just set my up as VLAN 201 interface on the WAN hardware port, PPoE interface on the VLAN 201 interface, and finally assign the PPoE interface to the WAN port under interface assignments

    ![Screen Shot 2017-11-21 at 23.09.02.png](/public/imported_attachments/1/Screen Shot 2017-11-21 at 23.09.02.png)
    ![Screen Shot 2017-11-21 at 23.09.02.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-21 at 23.09.02.png_thumb)
    ![Screen Shot 2017-11-21 at 23.09.02.png](/public/imported_attachments/1/Screen Shot 2017-11-21 at 23.09.02.png)
    ![Screen Shot 2017-11-21 at 23.09.02.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-21 at 23.09.02.png_thumb)
    ![Screen Shot 2017-11-21 at 23.04.17_2.png](/public/imported_attachments/1/Screen Shot 2017-11-21 at 23.04.17_2.png)
    ![Screen Shot 2017-11-21 at 23.04.17_2.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-21 at 23.04.17_2.png_thumb)



  • This post is deleted!


  • I finally got this setup working with my sg-2440, but there's NO WAY this device supports a gigabit connection as claimed in the literature. Default CL modem sees speeds around 860/775 wheras setup with my sg-2440 I'm getting 450/450.


  • Rebel Alliance Netgate Administrator

    Have you tried the work around in this Redmine ticket: https://redmine.pfsense.org/issues/4821

    You should be able to get a lot more speed out of the 2440.

    Can you verify your PowerD settings; it should be enabled and either Hiadaptive, or Maximum should be the profile.



  • @chrismacmahon said in PPPoE on WAN link for Centurylink gigabit service:

    https://redmine.pfsense.org/issues/4821

    I have tried the workaround. I'm currently running with the following /boot/loader.conf.local and max out around 530mbps:

    hw.igb.fc_setting=0
    net.isr.dispatch=deferred
    net.inet.tcp.tso=0

    I'm not sure what powerD is. I'll have to look into that now...



  • Oh wow! Enabling powerD and setting to maximum really helped. I'm seeing 820/820 which is about as good as I think I can do given that my fiber run zigzags across 6 different poles and then I have about a 70ft cat6 run from the ONT. I consider this resolved.

    Thanks for the tips!


  • Rebel Alliance Netgate Administrator

    Glad we got you sorted out.



  • So, here's documentation of the entire process of getting CenturyLink Gigabit GPON service working at full speed with pfSense. This applies only to PPPoE "internet only" service from Century Link. The internet+prism TV service uses IPoE and is configured differently.

    The hw.igb.fc_setting=0 below disables flow control for the Intel NICs in the Netgate SG-2440. Different hardware will require a different option. Other than this, the instructions below should be hardware agnostic. Assuming your hardware is fast enough, you should see performance comparable, or very near to CL supplied hardware.

    Diagnostics -> Edit File
    Path to file: /boot/loader.conf.local
    Click Load to load the existing file.
    Add:

    net.isr.dispatch=deferred
    net.inet.tcp.tso=0
    hw.igb.fc_setting=0

    Save and Reboot

    In the pfSense GUI:

    System -> Advanced -> Miscellaneous -> Power Savings
    Check "Enable PowerD" and set to "Maximum" or Hiadaptive" for all power states.

    Interfaces -> Assignmnents -VLANs
    Add a new VLAN interface. In the edit dialog:

    Parent Interface: <the physical interface of your WAN port>
    On the SG-2440 this is most likely igb0, so we'll assume that for the rest of this config.

    VLAN Tag: 201
    Save

    Interfaces -> Assignments -> PPPs
    Add a new PPP
    Link Type: PPPoE
    Link Interface: igb0.201
    Username: CenturyLink Supplied
    Password: CenturyLink Supplied
    Service name: <leave blank>
    Configure NULL service name: checked
    Save

    Interfaces -> Assignments -> Interface Assignments
    WAN: select PPPoE0(igb0.201) - < CL Username > from the drop down
    Save

    Interfaces -> WAN
    verify that IPv4 Configuration Type is PPPoE

    Under PPPoE Configuration
    Verify Username and Password are present
    Save

    Status -> Interfaces
    Verify WAN Interface (wan, pppoe0)
    Status: up
    PPPoE: up
    IPv4 Address: <is present>


  • Netgate Administrator

    Nice result!

    Be aware that setting net.isr.dispatch=deferred will give you better PPPoE speeds but might cause problems with ALTQ if you need shaping.

    And, yeah, you need to have powerd (speedstep) enabled on those ADI SG series devices to see the full CPU speed.

    Steve



  • @billmcg
    Worked great !!!
    Thx.



  • Hi there. Tried to get my protectli modem with pfsense working with centurylink fiber optic(internet only) following the above instructions. I was unable to edit
    /boot/loader.conf.local
    as I couldnt find it. there is a file
    /boot/loader.conf.orig
    or loader.conf
    I followed the rest of the instructions, but WAN/VLAN not connecting...
    Could anyone direct me as to where that file resides or how to figure out what I may be doing wrong?
    Much appreciated, thank you.


Log in to reply