pfSense & TelstraClear Cable

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › pfSense & TelstraClear Cable

1080p

1332 posts

Uber Geek
Inactive user

#81459 13-Apr-2011 09:43

Has anyone here had experience in setting up pfSense and a TelstraClear Cable connection?

I am running the 2.0-RC1 build from a few days ago and can't seem to grab an IP from the TelstraClear's modem.

I have attempted to configure the modem with both DHCP and Static options (power-cycling each time) but only ever receive 0.0.0.0 as an IP and pfSense keeps 'Gathering Data' about the connection.

1 | 2

BDFL - Memuneh
79140 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#458146 13-Apr-2011 09:57

The modem doesn't give addresses. You have to use a router plugged to it, or configure the software with the IP configuration received from TesltraClear when your connection was installed (the one used in your router or PC).

1080p

1332 posts

Uber Geek
Inactive user

#458161 13-Apr-2011 11:15

Cheers freitasm,

I was able to grab some help via their IRC channel and it now works. If anyone else ever needs to set this up here is what worked for me.

- Set your WAN type to Static.

- Enter the IP address given to you (either written on the modem box or entered into your PC or router). The subnet needs to be entered in CIDR notation (mine was 255.255.255.0 so converting that to CIDR gives /24). I doubt TelstraClear use different subnet sizes but if they do (you have a subnet other than 255.255.255.0 take a look here: http://networking.ringofsaturn.com/IP/subnets.php)

- Enter the gateway IP from the modem box/your PC or router in the Gateway field.

- DNS can be setup from the 'System > General Setup' page. You can use TelstraClear's DNS or any public DNS.

nzruss

6 posts

Wannabe Geek

#463839 29-Apr-2011 20:56

I just helped my brother-in-law over the phone to set up his windows XP laptop to his telstra clear Motorola 5101 modem with the same problem as above.

Firstly, I cant understand why 'in todays world' it requires a customer to manually enter IP addresses and Netmask into their freaking windows connection settings. We have DHCP you know. What are they doing giving customers a 2101 that requires manual configuration of the PC. THis stuff can be done in the router. GRRRR.

Secondly, the guy from the help desk left him hanging, with a bunch of numbers on a piece paper. What a PITA.

We got it all working - but i advised him to switch internet service providers ASAP. - and ask the new provider for a new modem - one that comes pre-configured with and has wireless. (I believe slingshot or telecom sort that out nicely.)

That really annoyed me.

For anyone else out there that cannot connect their tesltra clear Motorola 5101 modem, ( i have no idea how you are reading this.. but) you need to do this:

Click start > Control Panel > Network Connections > Local Area Network > Properties:
Under the "This connection uses the following items" make sure all boxes are ticked.
Click on the "Internet Protocol (TCP/IP)" so it turns blue (and still has a tick).
Select "Properties"

Chose the option "Use the following IP address", and enter the Information given to you by Telstra Clear.
May as well chose "User the following DNS server addresses" and enter:
Preferred: 8.8.8.8
Alternate: 208.67.220.220

Click OK.
Click OK.
Click Close.

Then phone another ISP and change internet service providers.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#463882 30-Apr-2011 00:03

nzruss: I just helped my brother-in-law over the phone to set up his windows XP laptop to his telstra clear Motorola 5101 modem with the same problem as above.

Firstly, I cant understand why 'in todays world' it requires a customer to manually enter IP addresses and Netmask into their freaking windows connection settings. We have DHCP you know. What are they doing giving customers a 2101 that requires manual configuration of the PC. THis stuff can be done in the router. GRRRR.

Secondly, the guy from the help desk left him hanging, with a bunch of numbers on a piece paper. What a PITA.

We got it all working - but i advised him to switch internet service providers ASAP. - and ask the new provider for a new modem - one that comes pre-configured with and has wireless. (I believe slingshot or telecom sort that out nicely.)

That really annoyed me.

For anyone else out there that cannot connect their tesltra clear Motorola 5101 modem, ( i have no idea how you are reading this.. but) you need to do this:

Click start > Control Panel > Network Connections > Local Area Network > Properties:
Under the "This connection uses the following items" make sure all boxes are ticked.
Click on the "Internet Protocol (TCP/IP)" so it turns blue (and still has a tick).
Select "Properties"

Chose the option "Use the following IP address", and enter the Information given to you by Telstra Clear.
May as well chose "User the following DNS server addresses" and enter:
Preferred: 8.8.8.8
Alternate: 208.67.220.220

Click OK.
Click OK.
Click Close.

Then phone another ISP and change internet service providers.

Do NOT use these DNS servers with TelstraClear, you will only be causing him grief. Using Google's and OpenDNS DNS servers will cause massive problems, so I suggest you advise him of this before he starts wondering why his internet connection if performing so badly.

As for entering the details into your PC/router this is required because TelstraClear only provide modems which are nothing but a layer 2 bridge. The modem isn't a router so entering the IP details into a PC or configuring a router is necessary.

Talkiet

4787 posts

Uber Geek

Trusted

#463888 30-Apr-2011 00:30

sbiddle: [snipped stuff]
Do NOT use these DNS servers with TelstraClear, you will only be causing him grief. Using Google's and OpenDNS DNS servers will cause massive problems, so I suggest you advise him of this before he starts wondering why his internet connection if performing so badly.
[snip]

I've given up on repeating this to people...

Sure, GO AHEAD PEOPLE, use overseas DNS servers that will give far worse performance than those of your ISP. Use DNS servers that are not aware of any localisation or caching your own ISP may be doing.

But PLEASE, when you call your ISP to complain about slow performance on some site or other (because you WILL at some point), PLEASE remember to tell your ISP you're NOT using the correct DNS settings because someone on the Internet told you to use ones on the other side of the world.

The ones 200-300ms away, instead of the ones 10-30ms away.

Cheers - N

Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.

freitasm

BDFL - Memuneh
79140 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#463897 30-Apr-2011 08:42

nzruss: I just helped my brother-in-law over the phone to set up his windows XP laptop to his telstra clear Motorola 5101 modem with the same problem as above.

Firstly, I cant understand why 'in todays world' it requires a customer to manually enter IP addresses and Netmask into their freaking windows connection settings. We have DHCP you know. What are they doing giving customers a 2101 that requires manual configuration of the PC. THis stuff can be done in the router. GRRRR.

Because, as explained, the modem is a modem, not a router. So you can decide yourself to either connect a PC or use a router if wanted - or anything else. Much more flexible.

nzruss: We got it all working - but i advised him to switch internet service providers ASAP. - and ask the new provider for a new modem - one that comes pre-configured with and has wireless. (I believe slingshot or telecom sort that out nicely.)

If you move him to Slingshot you will lose a friend...

nzruss: May as well chose "User the following DNS server addresses" and enter:
Preferred: 8.8.8.8
Alternate: 208.67.220.220

If you use any other DNS your PC/LAN will receive IP addresses that are located in the US, bypassing any local cache deployed in New Zealand, making things a lot slower. This is true for TelstraClear, Telecom, Slingshots, Vodafone and others.

Use the TelstraClear ClearNet DNS and the connection will be much more reliable.

nzruss

6 posts

Wannabe Geek

#463945 30-Apr-2011 15:08

Firstly, wow. Plenty of passion about TCL and DNS here. I'm surprised why you all seem to think it's OK for an ISP to leave my non-techie bother in law with a post-it note with IP addresses on it. Would you do that to your grandmother?

freitasm:
nzruss: I just helped my brother-in-law over the phone to set up his windows XP laptop to his telstra clear Motorola 5101 modem with the same problem as above.

Firstly, I cant understand why 'in todays world' it requires a customer to manually enter IP addresses and Netmask into their freaking windows connection settings. We have DHCP you know. What are they doing giving customers a 2101 that requires manual configuration of the PC. THis stuff can be done in the router. GRRRR.

Because, as explained, the modem is a modem, not a router. So you can decide yourself to either connect a PC or use a router if wanted - or anything else. Much more flexible.

There are plenty of modems out there with DHCP (modem router combo's) which for most home users should be supplied (and it can be turned off for expert users). TCL expecting a non-techie customer to configure their laptop IP's manually every time they come home from work is not acceptable. This might be fine for an IT person, but not fine for 'the average customer'. The number of frustrated callers they get should be a reflection of that. THey'd be better off supplying decent hardware reducing load on their call centre and improving customer satisfaction.

nzruss: We got it all working - but i advised him to switch internet service providers ASAP. - and ask the new provider for a new modem - one that comes pre-configured with and has wireless. (I believe slingshot or telecom sort that out nicely.)

If you move him to Slingshot you will lose a friend...

I don't believe so. I've helped a number of non-technical friends move to VARIOUS ISPs and slingshot have been the most customer friendly (for non-technical users). They provide pre-configured modem-routers and things 'just work' out of the box. Also they are guided through setting up wireless security nicely. They are NOT left holding a piece of paper phoning their brother-in-law in another city. (I am with world-exchange but for different reasons.)

nzruss: May as well chose "User the following DNS server addresses" and enter:
Preferred: 8.8.8.8
Alternate: 208.67.220.220

If you use any other DNS your PC/LAN will receive IP addresses that are located in the US, bypassing any local cache deployed in New Zealand, making things a lot slower. This is true for TelstraClear, Telecom, Slingshots, Vodafone and others.

Use the TelstraClear ClearNet DNS and the connection will be much more reliable.

Do not confuse performance and reliability. My brother in Law, as am I, are more interested in his reliability and security than a few milliseconds performance on an initial page query (remember your PC has a DNS cache).

(In terms of performance, have you benchmarked TCL's DNS? Have you run the 'DNS spoofability test?" Check out GRC dot com DNS benchmark tool and their on-line spoofability test against TCL's DNS. I'd be interested in the results. )

While TCL's DNS may be CLOSER, if their server doesn't have capacity or their server happens to be a slow dog, the overall performance will be worse than using one overseas with a higher capacity & optimized for performance. But as i said, performance isn't my main concern.

Open DNS and Google's DNS servers have proven to be very reliable (in my experience). OpenDNS are distributed around the world and use AnyCast routing to resolve (under RFC 3258). The closest OpenDNS server is located in Singapore. I cannot vouch for the reliability of TCL's DNS server, and don't know how many they have or whether they are load-balanced.

Google and OpenDNS also offer a (thin) additional layer of security (misspelling correction and phishing protection) and have DNSSec. Not sure about TCL's.

Also, do you listen to the "security now" podcast on the This week in tech network? Check out Episode 155 all about DNS.

At the end of the day, my Bro-In-Law us up and running and he's happy. Not holding a piece of paper with numbers on it.

Mighty Ape

Shop now on Mighty Ape (affiliate link).

Talkiet

4787 posts

Uber Geek

Trusted

#463947 30-Apr-2011 15:14

Sorry you took it personally, but yes, there have been tests done comparing NZ and the 3rd part overseas DNS options - I'm sure Mauricio will link them shortly.

Bear in mind that pretty much every experienced and informed engineer in the country will recommend using your own IPS's DNS servers.

There are some benefits as you point out, but on balance, in NZ, because of our remote location, and because of some of the content delivery and caching approaches taken here, using your ISP's DNS server is a better choice, pretty much 100% of the time.

Cheers - N

Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.

nzruss

6 posts

Wannabe Geek

#463953 30-Apr-2011 15:24

Didn't take it personally. No worries whatsoever.

Have just run the benchmark on a bunch of NZ DNS's and their uncached performance isn't something to write home about. - (especially iHug). It'll be interesting to do this again during peak usage times.

I usually set up one DNS using the ISP's DNS, and one on a non-ISP DNS. I've had a number of instances of the ISP's DNS going down so having the router sort out other options (on its own) is a good idea don't you think?

We'll, i'd consider myself a fairly experienced engineer. Just clicked over 20 years in this field. As for well informed... well... having worked around the world, and I keep as up to date as i can.

But this conversation shouldn't be about DNS, it should be about customer service for non-technical customers.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#463967 30-Apr-2011 16:51

nzruss:
Firstly, wow. Plenty of passion about TCL and DNS here. I'm surprised why you all seem to think it's OK for an ISP to leave my non-techie bother in law with a post-it note with IP addresses on it. Would you do that to your grandmother?

A standard TCL install includes the configuration of a PC or router by the technician. They should not leave the property until this is complete. Was the PC there when TCL came to do the install? If not it'll explain why the situation has arisen - and I think it's very unfair to blame TCL for that.

There are plenty of modems out there with DHCP (modem router combo's) which for most home users should be supplied (and it can be turned off for expert users). TCL expecting a non-techie customer to configure their laptop IP's manually every time they come home from work is not acceptable. This might be fine for an IT person, but not fine for 'the average customer'. The number of frustrated callers they get should be a reflection of that. THey'd be better off supplying decent hardware reducing load on their call centre and improving customer satisfaction.

Except you're completerly missing the role of a cable modem. It simply acts as a layer 2 bridge, it has no routing capabilities. It can't support DHCP because it's not designed to do that. The vast majority of customers would all have a router connected behind their modem, not a PC. In this case if they're required to change their IP every day they should be buying a cheap router to save the hassle.

There are a number of reasons why DHCP isn't used, including the architecture of the network. A lot of cable networks around the world simply allocate static IP's rather than building in the complexities of routing PPPoE or DHCP servers. Things are very different to the DSL world.

Open DNS and Google's DNS servers have proven to be very reliable (in my experience). OpenDNS are distributed around the world and use AnyCast routing to resolve (under RFC 3258). The closest OpenDNS server is located in Singapore. I cannot vouch for the reliability of TCL's DNS server, and don't know how many they have or whether they are load-balanced.

Google and OpenDNS also offer a (thin) additional layer of security (misspelling correction and phishing protection) and have DNSSec. Not sure about TCL's.

Also, do you listen to the "security now" podcast on the This week in tech network? Check out Episode 155 all about DNS.

At the end of the day, my Bro-In-Law us up and running and he's happy. Not holding a piece of paper with numbers on it.

He WILL experience DNS issues using the DNS severs you have given him. Forget security aspects - Google DNS and OpenDNS can't cope with the CDN's and transparent caches used extensively by ISP's. By giving him those DNS servers he'll autonmaticlaly bypass the TCL Google box for example and suffer poor YouTube performance. He'll also suffer extremely poor performance from any Akamai hosted content. This isn't just a TCL issue, it's a global issue as CDN's become more common.

And yes there are a few supporters of TelstraClear's cable network on here. No other residential broadband offering in NZ comes close in terms of performance.

freitasm

BDFL - Memuneh
79140 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#463968 30-Apr-2011 16:59

nzruss:
freitasm:
If you use any other DNS your PC/LAN will receive IP addresses that are located in the US, bypassing any local cache deployed in New Zealand, making things a lot slower. This is true for TelstraClear, Telecom, Slingshots, Vodafone and others.

Use the TelstraClear ClearNet DNS and the connection will be much more reliable.

Do not confuse performance and reliability. My brother in Law, as am I, are more interested in his reliability and security than a few milliseconds performance on an initial page query (remember your PC has a DNS cache).

While TCL's DNS may be CLOSER, if their server doesn't have capacity or their server happens to be a slow dog, the overall performance will be worse than using one overseas with a higher capacity & optimized for performance. But as i said, performance isn't my main concern.

I'm sorry my explanation (and sbiddle's and others') wasn't clear enough. It's not about the miliseconds resolving a name. It's not about the DNS per se. It is about what response you get.

I will give you a real life example. A few years back TelstraClears users were really disappointed with YouTube performance. Most videos would buffer and play, buffer and stop, play, and so on...

After much complaining the company ran a project, with Google, to deploy a local Google server within their network. This local Google cache is not only providing YouTube videos, but other Google services as you can imagine. Search, Picasa, Google Apps, and others. So everything Google is faster.

But it's only faster if you are using TelstraClear's own DNS because they know about this local internal server. If you use other DNS the names will resolve to IP addresses that will most likely be in the US. Obviously downloading content from the US will take a lot longer than downloading from a local cache in your own network. It's not about the miliseconds.

Now expand this to other services that use local caches, such as those provide by Akamai. Apple (iTunes, patches, trailers), Microsoft (Windows Update), Xero, even Facebook. If you use an external DNS then it's likely you will be downloading content from US than from an Auckland-based server.

For example, try using Facebook from TelstraClear while having an external DNS. You will see that most of the times CSS files won't download, and pictures will be broken.

Not only because of the overhead of fetching this from overseas servers but because the local proxy will resolve those requests for local Akamai servers, but your client request was for a completely different DNS. At some point their firewalls will start thinking those responses were unsolicited because the pairs don't match, and those responses will simply be dropped.

I hope have cleared now the whole "miliseconds" misunderstanding.

nzruss: Do not confuse performance and reliability. My brother in Law, as am I, are more interested in his reliability and security than a few milliseconds performance on an initial page query (remember your PC has a DNS cache).

Since you are throwing numbers, I have 27+ years of working in IT, and the last 14 years was working with telcos. I am not foolish to confuse performance and reliability, although reliability is a component of performance.

As for my comment about Slingshot... Sure, they have a modem/router that will come ready to work out of the box. But your friend will tell you all about low speeds every time he meets you after that...

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#463969 30-Apr-2011 17:01

Some good links showing why Google DNS and OpenDNS are bad

http://apcmag.com/why-using-google-dns-opendns-is-a-bad-idea.htm

http://delendanet.blogspot.com/2011/01/opendns-and-slowness-with-youtube-and.html

cyril7

9052 posts

Uber Geek

ID Verified

Trusted

Subscriber

#463970 30-Apr-2011 17:02

I am not a big supporter of TCL for a number of reasons, however their cable Broadband network is by far the best out there and I think you will find few who will disagree, not for any whimsical fan support (there is plenty to slam TCL for) but for the fact that it works very well, is well provisioned (ie peaktime has little negative effect) and unless a local drunk takes out a pole its pretty reliable.

As for the DHCP thing, as Steve says its quite the norm on cable networks to not have any DHCP or PPPoE type of authentication, this applies to HFC networks both in the US and Europe, both of which probably supply 50% or more of the internet connections in those countries.

Cyril

freitasm

BDFL - Memuneh
79140 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#463971 30-Apr-2011 17:14

I will give you another example using Geekzone... We do a lot of stuff behind the scenes to accelerate the site. We also use a CDN, for everywhere else but New Zealand.

We use a geo-balanced DNS in a way that if you are in New Zealand cdn.geekz1.com should resolve to a local IP and all our resources (images, CSS, scripts) will be downloaded directly from our server with Datacom (AKL). Otherwise it will point to the CDN.

We done this because we wanted max speed for New Zealand users, and max speeds for US and European users (where there are MaxCDN nodes).

Now try this using NSLOOKUP, first with Google DNS, then with TelstraClear DNS:

NSLOOKUP

> server 8.8.8.8
> cdn.geekz1.com

Name: geekz1.sohosolutionsltd.netdna-cdn.com
Address: 67.201.31.3
Aliases: cdn.geekz1.com

> server 203.97.78.43
> cdn.geekz1.com

Name: nzcdn.geekz1.com
Address: 202.175.128.164
Aliases: cdn.geekz1.com

As you can see, your friend using Google DNS (8.8.8.8) will get all Geekzone resources (except from the main html content) from US servers (the closest one is LAX). If his network is configured to use the TelstraClear DNS (203.97.78.43 and 44) he would get all from our servers in Auckland.

The difference is about 200ms latency to LAX or 10ms latency to Auckland. Now imagine this happening with Facebook, YouTube, and everything else...

nzruss

6 posts

Wannabe Geek

#463972 30-Apr-2011 17:15

Clarification: Wasn't referring to DHCP at the ISP, but providing a half decent cablemodem with DHCP (or DHCP&router combo) to non-technical users. In today's environment it's not uncommon for home users to have a number of devices. THe few years I spent in the US, all the ISP's seemed to have learned they have less service calls from doing just that. THere are plenty of devices at close to the same cost...

Sure customers can buy a cheap router on put it on the back of their modem, and figure it all out themselves... if they have half a clue. (my b-i-l doesnt). His old machine was hosed and he got a new laptop from work and had to go through all this to sort it out. I thought it was crazy for an ISP to leave him hanging.

Points taken on the CDN issue and cache issues. I've never expereinced them, but yeah.

We did set his ISP recommended DNS as his first DNS, and i'll keep an eye on how his performance is across services and change the second one back if he does. I've let him know this might occur, and what to do if it does.

Cheers

1 | 2