DIY Router for VPN running pfsense with Vodafone fibrex

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › DIY Router for VPN running pfsense with Vodafone fibrex

Brend

89 posts

Master Geek

#236086 17-May-2018 11:09

So I got myself one of these HP 8200 SFF elite PCs and thought - build a router!

It is way overkill but, for a reason. What I want to do is have a router that can manage multiple VPN connections without losing too much throughput and it has to be able to manage the workload. I have an Asus RT-n66u with Merlin software - this little beast is quite capable, but unfortunately can not manage the workload. Eric (Merlin) and other have advised me to buy a newer more powerful router, but I think it might end up running out of steam too. So... go for overkill!! I reckon, the i5 processor with 8GB RAM and 500GB HDD will manage quite well.

My main goal apart from normal routing/security/etc will be:
(a) Run multiple VPN connections (to do away with VPN on all devices)
(b) Force certain connections (websites) through specific VPN connections from any device (to do away with switching VPNs)

I have Vodafone fibrex (200 dl and 20 ul).

I have been tinkering away on pfsense but can not get an internet connection. I spoke with customer care at Vodafone and they pointed me to their Network settings for your broadband modem (link removed coz I am new). Here are the settings:

Enable connection: Check
VDSL Name: Internet_VDSL
FibreX Name: Internet_Ethernet
Service type: INTERNET, TR069, VOICE
Connection Type: IP routing (IP)
MTU: 1500
MSS: 0
NAT: NAPT
VLAN: Check
VLAN ID: 10
802.1p: 0
IP protocol version: IPv4 + IPv6
IPv4 address type: DHCP
Static DNS: Uncheck
IPv6 addressing type: DHCP

And this is where I realised how far out of my depth I am. It's greek ... latinish greek! I can not find all the settings in pfsense to set the connection up. And all attempts I made was in vain.

TL:DR
I need to set up my DIY router for Vodafone fibrex
1. Which is the preferred routing software pfsense/OPNsense/Sophos (I have downloaded all three and is currently trying pfsense 2.4.3)
2. Is there an idiot's guide for me to get the connection running (WAN and LAN shows it is up-linked, but no IP for WAN)
3. How do I set it up to have my network running on 192.168.2.x

Hopefully we can have a sensible conversation which can help others too. I did use search, but could not find my solution. If this thread is a duplication - apologies. Please move it to the right thread.

1 | 2 | 3

1207 posts

Uber Geek

#2018076 17-May-2018 22:21

If FibreX is still as I remember my brother's cable connection, then you can not use a normal router to connect to the cable - you have to use the Vodafone router, which includes the necessary (DOCIS?) modem for the cable signals. So to do what you want, you probably need to somehow put the FibreX router into bridging mode on its LAN Ethernet port and connect that to your router PC on its WAN port. The FibreX router would need to do the VLAN stuff unless it has an option to pass that through to your router PC (unlikely). So what your PC's WAN port should then get is normal Ethernet (no VLAN tagging), and be able to get an IPv4 address via DHCPv4 and IPv6 address block delegation via DHCPv6, and then proceed from there. If the FibreX router can not be put into bridging mode, then it will need to be the main router and it will be doing IPv4 NAT. You can still have your PC as a second router, not doing NAT, and it can do VPNs for you, but it is more complex to operate like that. At least there does not seem to be PPPoE to worry about - that simplifies things a bit.

Mighty Ape

Shop now on Mighty Ape (affiliate link).

hio77

'That VDSL Cat'
12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

Subscriber

#2018087 17-May-2018 23:41

add a vlan for your interface and set it to wan.

put in DHCP for ip, and you should be good to go.

fe31nz:

If FibreX is still as I remember my brother's cable connection, then you can not use a normal router to connect to the cable

pretty sure that was shortlived and since has a new device.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Brend

89 posts

Master Geek

#2018159 18-May-2018 10:07

fe31nz:

If FibreX is still as I remember my brother's cable connection, then you can not use a normal router to connect to the cable - you have to use the Vodafone router, which includes the necessary (DOCIS?) modem for the cable signals. So to do what you want, you probably need to somehow put the FibreX router into bridging mode on its LAN Ethernet port and connect that to your router PC on its WAN port. The FibreX router would need to do the VLAN stuff unless it has an option to pass that through to your router PC (unlikely). So what your PC's WAN port should then get is normal Ethernet (no VLAN tagging), and be able to get an IPv4 address via DHCPv4 and IPv6 address block delegation via DHCPv6, and then proceed from there.

My ISP gave me a modem box and a Huawei router. I ditched the Huawei for the superior Asus. I connected the modem to WAN port and changing my LAN to 192.168.2.1 and pretty much plug-n-play. It work quite easily. I did have to add VLAN10 though which is easy as pie on the Asus. The modem has only one port - WAN. The ISP provides auto IPs and won't place it in bridge mode. My reckoning is if I can so easily plug-n-play with the Asus, there should be a fairly easy way to setup pfsense to do the same. No?

If the FibreX router can not be put into bridging mode, then it will need to be the main router and it will be doing IPv4 NAT. You can still have your PC as a second router, not doing NAT, and it can do VPNs for you, but it is more complex to operate like that. At least there does not seem to be PPPoE to worry about - that simplifies things a bit.

It is not a router - just a box with a WAN port

Brend

89 posts

Master Geek

#2018162 18-May-2018 10:10

hio77:

add a vlan for your interface and set it to wan.

put in DHCP for ip, and you should be good to go.

Thanks, but I did this. No joy.

Spyware

3728 posts

Uber Geek

Lifetime subscriber

#2018164 18-May-2018 10:13

https://www.geekzone.co.nz/forums.asp?forumid=66&topicid=223945

EDIT: may not apply with IPoE rather than PPPoE??

Brend

89 posts

Master Geek

#2018171 18-May-2018 10:19

Spyware:

https://www.geekzone.co.nz/forums.asp?forumid=66&topicid=223945

EDIT: may not apply with IPoE rather than PPPoE??

Thanks. I am running on 2.4.3 which is fine supposedly since the issue of 2.4.1 was sorted in 2.4.2

I don't know about the PPPoE - I am just stupid with these things. And in their settings, Vodafone mentions nothing about PPPoE. Please elaborate

waikariboy

892 posts

Ultimate Geek

ID Verified

Trusted

#2018305 18-May-2018 12:58

You need to create PPoE connection on your WAN port. PPoE is the network protocol they use.

Balm its gone!

Brend

89 posts

Master Geek

#2018308 18-May-2018 13:00

When I tried that, it asked for a username and password. We don't have a UN or PW

hio77

'That VDSL Cat'
12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

Subscriber

#2018318 18-May-2018 13:18

Vodafone prefer DHCP over PPPoE now.

PPPoE you can do something like user@vodafone.co.nz and password.

Last i checked they don't validate on it just like spark.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Bugzptr

43 posts

Geek

ID Verified

Lifetime subscriber

#2018320 18-May-2018 13:34

If this is a FibreX connection over cable (is TelstraClear cable) then you'll only require vlan10 and DHCP

That's what I've got here in Chch and it works fine.

Brend

89 posts

Master Geek

#2018323 18-May-2018 13:37

hio77:

Vodafone prefer DHCP over PPPoE now.

PPPoE you can do something like user@vodafone.co.nz and password.

Last i checked they don't validate on it just like spark.

Thanks - I will try this

Bugzptr:

If this is a FibreX connection over cable (is TelstraClear cable) then you'll only require vlan10 and DHCP

That's what I've got here in Chch and it works fine.

It is fibrex and I have tried VLAN10 with no success. The dashboard shows the connection is up, but shows no IP and I do not have internet access

olivernz

476 posts

Ultimate Geek

ID Verified

Trusted

Lifetime subscriber

#2018413 18-May-2018 15:31

Hey,

Needed to check twice if i didn't write that comment. ;-)

I'm exactly in the same space. Ended up with Opnsense. Was just the most understandable and well documented one from my view. Sophos was just too confusing and didn't want to pin my luck on outgoing product UTM.

Have a Dell 9910 i5 something or another with 3 NICs and a 24port managed switch + Wifi gear. Should get me to where I am going. But waiting on Fibre now. they just put it in the road so I can order any day now. Any day!!!! C'mon!

So once that is in we'll see if I can get a connection.

Cheers oliver

sultanoswing

814 posts

Ultimate Geek

#2018990 19-May-2018 14:12

The good news it that once you actually get your WAN up and running, pfSense will do all that you indicate you want in your first post - with some tweaking. But then, it sounds as though you're up for it!

I have an HP 6300 SFF running pfSense 2.4.3 on BigPipe Fibre (PPPoE) and have VLAN for a Guest network and a VPN Server. pfSense (and OPNSense) are *very* feature rich.

Brend

89 posts

Master Geek

#2018991 19-May-2018 14:16

Still battling on. Been trying with OPNsense last night. Actually got connected and then something happened. Machine hung and I factory resetted, but cant get it going again. Me sad panda...

olivernz

476 posts

Ultimate Geek

ID Verified

Trusted

Lifetime subscriber

#2021802 24-May-2018 12:57

Brend: Still battling on. Been trying with OPNsense last night. Actually got connected and then something happened. Machine hung and I factory resetted, but cant get it going again. Me sad panda...

Persevere! These things are not easy and there is no way to really make it in any way more comfortable. One of the upsides is that you actually learn a LOT when confronted with these issues. I've now added a 24 port fully managed switch to my mix which has a 550 page manual. So yeah, it will take me weeks to get it sorted. But in the end I will have a safer environment for my kids and have learnt a HEAP! ...by the way, still being challenged by my MikroTik router too. Just so much stuff to configure.

1 | 2 | 3