pfSense as a UFB Router

Forums › New Zealand Broadband › pfSense as a UFB Router

wrswrsnz

4 posts

Wannabe Geek

#144252 12-May-2014 19:14

Hi, today I signed up for UFB and I'm trying to prepare for it's arrival in a few weeks.

I use pfSense as a firewall which means I don't need a router and can connect it directly to the ONT.
I'm not that strong with my pfSense setup but I have been able to find enough info to initially prepare it for the change.

There are a few people who have set it up to do what I'm trying to achieve but there is very little information how.
The purpose of this post is to have the information available for anyone else wanting to do the same.

This info comes from the pfSense Forums, post id 59436.0

1. Go to Interfaces -> (assign) and click on the VLANs tab to create the VLAN,
2. go to Interfaces -> (assign) and click on the "+" at the bottom right to add the VLAN to the pool of interfaces available to pfSense,
3. go to Interfaces -> (assign) and click on the PPPs tab then click on the "+" to add a new PPPoE interface (if necessary) then configure it
4. go to Interfaces -> (assign) to set the pfSense WAN interface to the newly configured PPPoE interface.

It's not that clear to people like me with little experience with pfSense so here's what I've done so far (will be updated if there are errors + if I learn it needs to be different):
1. Go to Interfaces -> (assign) and click on the VLANs tab to create the VLAN
        Parent interface: select your WAN port (em1 on mine)
        VLAN tag: 10
        Description: VLAN10
        Click SAVE

2. go to Interfaces -> (assign) and click on the "+" at the bottom right to add the VLAN to the pool of interfaces available to pfSense
       The new VLAN10 will show up as OPT1 (if no other VLANs already exist)
       Click SAVE

3. go to Interfaces -> (assign) and click on the PPPs tab then click on the "+" to add a new PPPoE interface (if necessary) then configure it
       Link Type: PPPoE
       Link interface(s): em1_vlan10
       Description: pick a name that means something
       Username: bob.smith
       Password: ***********
       Service name: leave blank
       Click SAVE

4. go to Interfaces -> (assign) to set the pfSense WAN interface to the newly configured PPPoE interface.
      Set WAN interface to the new PPPoE(em1_vlan10) - pick a name that means something

At this time I don't know if this info is correct - please feel free to assist. I'll edit this post with corrected info as I learn so the most correct data is always at the top (if it's possible to edit)...

1 | 2

2642 posts

Uber Geek
+1 received by user: 1660

Trusted

#1042616 12-May-2014 20:12

Edit: This post was probably wrong so I removed it.

Aredwood

3885 posts

Uber Geek
+1 received by user: 1749

#1042618 12-May-2014 20:19

Are you sure? Im on Chorus UFB and you need to set VLAN to 10 For the interface going to the ONT. Don't know if the other Local Fibre Companies Also require VLAN tagging though.

wrswrsnz

4 posts

Wannabe Geek

#1042624 12-May-2014 20:30

I'll be on Chorus too. Not sure what actual setting I'll need yet (tagged or untagged - I think it will be tagged from what I've read to date) - will find out during the last stage when they come to configure it. Sounds like I could be on the right track for now. It's going to be a few weeks before it's all done but I'll edit my first post with the actual install details that work once all done. Thanks for the feedback.

muppet

2642 posts

Uber Geek
+1 received by user: 1660

Trusted

#1042646 12-May-2014 20:49

Hmm ok, I am just going off my setup here but you're right, I'm not with Chorus (Ultrafast here).

I'll edit my original post.

RJKIng

57 posts

Master Geek
+1 received by user: 3

#1042647 12-May-2014 20:49

Currently using pfsense on a pc engine box, my fiber goes in next week so will be interested to try this out.

RJKing

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1042659 12-May-2014 21:09

VLAN10 is standard across every LFC and Chorus. Without an 802.1q tag you can't have 802.1p, so this means no high priority CIR.

Some ISPs do offer the ability to offer untagged UNI ports.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

bonkas

315 posts

Ultimate Geek
+1 received by user: 12

#1042797 13-May-2014 09:25

When I was setting my pfsense up I had to configure mine a little bit differently as those steps did not work for me...

I only completed step 1, opened the VLAN interface and set the PPPoE credentials there - Hard to explain as I dont have the router in front of me.

If you get stuck and need to check settings and such, just send me a message.

D1NZ

194 posts

Master Geek
+1 received by user: 14

#1042940 13-May-2014 12:13

You sure your username is correct?

Username: bob.smith

normally there is @snap.net.nz or whatever your ISP is, it's e-mail liked.

check with your ISP for the correct setting normally can be found on ISPs website

by the way, what version of pfSense are you using? I wouldn't bother with 2.2-ALPHA atm as still buggy, even on my testbed machine.

CPU: Intel Xeon E3-1225 V2 @ 3.20Ghz
RAM: A-data ECC 4GB x 2 1600MHz
SSD: Samsung 840 Pro 120GB
Motherboard: Intel S1200KPR server board mini-ITX
NIC: Intel Ethernet Server Adapter I350-T2

Lazarui

136 posts

Master Geek
+1 received by user: 27

#1042968 13-May-2014 12:31

Also there is a few ISP's That use DHCP instead of PPPoE, so you may want to make a edit up there, if the pfSense is cabaple. (Which it should be....)

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1042974 13-May-2014 12:40

D1NZ: You sure your username is correct?

Username: bob.smith

normally there is @snap.net.nz or whatever your ISP is, it's e-mail liked.

check with your ISP for the correct setting normally can be found on ISPs website

by the way, what version of pfSense are you using? I wouldn't bother with 2.2-ALPHA atm as still buggy, even on my testbed machine.

It's not linked to email, it's just that for most ISPs it'll connect back to a radius server of some sort.

The format will be whatever your ISP uses - which doesn't always mean it's got a @ in it.

Some ISPs also used port based auth so it doesn't matter what you enter.

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#1042983 13-May-2014 12:58

Make sure 'service name' is empty too.

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

ripdog

548 posts

Ultimate Geek
+1 received by user: 373
Inactive user

#1043085 13-May-2014 15:16

One example of DHCP UFB is Orcon. I love how easy it is to set up, all you need is to set the router MAC to the MAC of the genius router you were sent, VLAN 10 tagging, and standard DHCP on the WAN port. Job done.

I understand PPP adds a decent amount of overhead which cripples 200+ megabit services. The ASUS RT-AC66U, one of the most powerful routers on the market today, is unable to push 300mbit over WAN when PPPoE is in use. Plain Ethernet and it goes to over 800mbit.

No doubt custom-supplied ISP routers can do better with specific optimizations, but I do wonder if ISPs will instead choose to switch to DHCP as UFB speeds increase?

Lorenceo

904 posts

Ultimate Geek
+1 received by user: 336

Trusted

#1043098 13-May-2014 15:49

I'm pretty sure I've read comments on here from ISP staff that IPv6 cannot work with the current DHCP implementation on many of the LFCs yet.
Until the connections get faster than my router can handle as a PPPoE client, I'm not too concerned. Fibre's not even available where I live yet.

ripdog

548 posts

Ultimate Geek
+1 received by user: 373
Inactive user

#1043102 13-May-2014 15:54

Lorenceo: I'm pretty sure I've read comments on here from ISP staff that IPv6 cannot work with the current DHCP implementation on many of the LFCs yet.
Until the connections get faster than my router can handle as a PPPoE client, I'm not too concerned. Fibre's not even available where I live yet.

Yes, I understand Orcon is waiting for Chorus to finish up DHCP work before IPv6 can be offered on UFB. I honestly don't expect this to be happening any time soon, NZ ISPs collectively don't give a rats arse about IPv6. Even Snap, the first residential ISP with IPv6 in NZ, has been promising static addresses for at least 2 years, with nothing to show.

EDIT: Here it is.

As with the rest of the world, nobody cares until they run out of addresses. And then they run CGNAT. And then comes the heat death of the universe. Sigh.

But the PPPoE thing isn't a problem for consumers, it's a problem for ISPs - after all, most customers run on ISP-supplied hardware.

wrswrsnz

4 posts

Wannabe Geek

#1043118 13-May-2014 16:02

I heard back from my ISP a short time ago.
I won't need a VLAN as they strip tagging sent by their supplier (seems strange to do so if it's already there??)
All I need is to set pfSense to use PPPoE on the Wan and use the correct username and password.

I'm with NOW, used to be Airnet.

1 | 2