Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Project - Bridging Vodafone Siro Broadband + pfSense

  • 26-08-2018 3:23pm
    #1
    Registered Users, Registered Users 2 Posts: 13


    Hello everybody,
    I'm looking for some help with a mini project for study/college.

    I'm trying to bridge my Vodafone router so I can use pfSense as my firewall in my home.

    The setup will be a bridge from Vodafone to a virtualised pfSense. I've spent a few days following various guides online but can't get pfSense to see my static Vodafone IP so I'm thinking I must doing something very wrong.

    I have 2 routers available to test, my current HG659 and my older HG658c

    I would prefer to get the HG658c doing the bridging and keep my Live router as backup until the pfSense is fully working e.g. do my testing on the 658 at night and the plug the 659 back in for normal daily family household access.

    Where to start ??

    To get the Vodafone router to bridge and then test if it's actually bridging, this is hard for me to verify as I don't have an alternative router to PPPoE to? e.g. a Linksy or Netgear type device.

    So leave pfSense to the side for now ...

    How can I bridge my 658/659 and how can I test it's bridging??

    Looking forward to your help.


Comments

  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    giphy.gif

    1. Why the hell are you bridging a GPON service? (Ethernet interface)
    2. The 658 is 10/100, slower than the minimum 150Mb package, using that should be a crime

    Give your host box a 2nd nic if not already present, pass that directly to the PF guest, make sure the driver gives you VLAN controls (it will), connect to ONT and connect. Use whatever you like for wifi after that.


    I don't know VFs auth setup on SIRO but I'm sure somebody has posted it.


  • Registered Users, Registered Users 2 Posts: 13 wesfox


    1. I thought that's what I had to do??
    2. Only using it in a lab/test environment until perfected, I realise it's slow. It's so I don't disrupt the family .. testing at night.

    So basically .. new nic bridged to pf -
    can I use a powerline to carry the ONT to the 2nd nic ? Siro installation - my office .. other side of the house !!

    I think the auth is serial@vfieftth.ie pw broadband but thats for the bridged setup ??

    edit

    as proof of concept could I ...

    powerline ONT to NIC - bridge NIC to pf VM and run PPPoE setup on pf ?? set up DHCP and test connectivity on another linux VM


  • Registered Users, Registered Users 2 Posts: 13 wesfox


    Proof of concept achieved .. using ONT with powerline did not work

    Bridged router and used powerline, pfSense WAN up with PPPoE settings .. speed test 83Mb/sec .. Happy

    I have a Afga card .. could I provide an AP via pfSense?


  • Registered Users, Registered Users 2 Posts: 740 ✭✭✭Dero


    I've done this (for somebody else, no Siro here :(). As Ed E said, you don't need any bridged modem. I used Shorewall on a Linux VM (CentOS 7) rather then pfSense, but there is really no difference for something like this.

    It should be just a matter of adding a VLAN with ID 10 to the NIC connected to the ONT and running the PPPoE session on that.

    As noted, PPP credentials are "<serial>@vfieftth.ie" and "broadband".

    My setup above does 150/20 with <5ms ping no bother.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Dero wrote: »
    Linux VM (CentOS 7) rather then pfSense, but there is really no difference for something like this

    BSD is always superior :D

    Dero wrote: »
    It should be just a matter of adding a VLAN with ID 10 to the NIC connected to the ONT and running the PPPoE session on that.

    Yes, the 658C above is just acting as a VLAN tag stripper. Thats it. Configuring that on the host makes it redundant.

    I have a Afga card .. could I provide an AP via pfSense?

    Possible, but IMO it's usually best to use real gear unless you only want to cover a single room.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 13 wesfox


    So by adding VLAN 10 in device manager on the card I should be able on connect the ONT directly. Perfect.

    From doing a little research, there is not great support on pfsence for wifi cards, most recommend either a Unifi AP or reusing the Vodafone router as an AP so I'll go with re-using the VF router, I have a few switches (managed and unmanaged) to get that working.


  • Registered Users, Registered Users 2 Posts: 14,555 ✭✭✭✭Marlow


    Yes.

    Configure vlan10.

    Set up pppoe session.

    Use the serial number from Vodafones router as username.

    Use ANY password.

    Job done. Don't leave a c**p Huawei device inbetween there. Seriously!!.

    /M


  • Registered Users, Registered Users 2 Posts: 13 wesfox


    Having issues connecting direct ??
    Changed NIC to VLAN 10 but did not receive traffic to pfsense via PPPoE

    Bridged router to pfsense (same setting less the vlan setting) works and I’m getting full speed 135-140 Mb so it’s okay. I would prefer direct but I’m not wasting anymore time on it, it’s working and routing and I won’t gain much minus the huawei .. I’m using the HG659 for the bridge not the HG658c.

    So project as it stands ..

    PfSense on Hyper V

    Bridge via Huawei HG659 using PPPoE
    WAN on pfSense has my Static IP

    LAN 2nd NIC connected to unmanaged GB switch.

    OPT 3rd NIC connected to unmanaged GB switch 2

    WiFi AP (huawei 658c) on Isolated network via switch 2 all outbound to net no access to LAN.

    Nmap scan no open ports (a first, usually 1 or 2 Huawei vuln ports)

    Speeds

    LAN - 135 to 140 Mbps
    AP - 20 to 45 (range dependent, work in progress, new AC access point)

    Happy with the progress so far ..

    To do

    pfBlocker
    New AP, AC or MIMO ??
    Rebuild Nextcloud on Hyper V
    Possibly try Sophos Home UTM as inside/outside firewall (maybe) it looks very good.

    Any advice or further suggestions??


  • Registered Users, Registered Users 2 Posts: 14,555 ✭✭✭✭Marlow


    I'm not sure, what you mean with changing NIC to Vlan10.

    You might only have changed the setting for what's the native vlan for your NIC.

    It's important, that the traffic you send your PPPoE session out on is tagged with VLan 10. So you need to check, if your interface is configured to tag the traffic.

    /M


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    He's using the HG659 to strip/add .11Q tags.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 14,555 ✭✭✭✭Marlow


    ED E wrote: »
    He's using the HG659 to strip/add .11Q tags.

    Yes .. but he's doing that, because he couldn't get it work with the board directly on the ONT.

    The reason it didn't work directly is probably because what he changed, so for example setting the native vlan to vlan10 opposed to creating a tagged interface, which would have been right way to do it.

    One less point of failure then and one less device to power.

    /M


  • Registered Users, Registered Users 2 Posts: 13 wesfox


    I went to device manager to my network interface and changed it to vlan10?
    I will do more research and troubleshooting this evening !! I understand vlan on Cisco but limited experience outside of that.

    You say single point of failure ?? I say I’ve always had a SPF haha the original router 😂 remember it’s only a project .. a proof of concept

    Since last message .. Nextcloud is now up and running an secured . Accessible from outside and split dns inside

    NTop and pfBlocker this week


Advertisement