Date: Thu, 04 May 2023 08:02:22 +1000 From: Ian Smith <smithi@nimnet.asn.au> To: Gary Aitken <freebsd@dreamchaser.org> Cc: Kristof Provost <kp@FreeBSD.org>,questions@freebsd.org Subject: Re: PPPoE bridge / vlan? setup help needed Message-ID: <547039FF-357F-4B16-80C6-D2AC2B710C38@nimnet.asn.au> In-Reply-To: <b8c78059-94ab-cb2c-e60d-6db11683f0cf@dreamchaser.org> References: <7c972cc1-3c49-ad0a-b86f-91bd0b978537@dreamchaser.org> <9A04451E-1BC7-402D-A5A5-B1B6466DBE56@FreeBSD.org> <b8c78059-94ab-cb2c-e60d-6db11683f0cf@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 May 2023 3:49:57 am AEST, Gary Aitken <freebsd@dreamchaser=2Eorg> wrot= e: > Thanks all for your replies; > Slow following up; trying not to ask questions I can find the answer > to somewhere else, trying to do my due diligence=2E=2E=2E No worries, but don't hesitate to ask (as I too often do :) > On 5/2/23 00:37, Kristof Provost wrote: > > On 2 May 2023, at 3:32, Gary Aitken wrote: > >> Having trouble setting up a dsl modem as a bridge=2E ISP info: Fixed >=20 > >> IP LLC-Based multiplexing VPI 0 VCI 100 > =2E=2E=2E > > With the disclaimer that it=E2=80=99s been ~15 years since I last loo= ked at >=20 > > the relevant tech, but I think you=E2=80=99re confusing PPP over ATM > (PPPoA)=20 > > with PPP over Ethernet (PPPoE)=2E > >=20 > > VPI/VCI are ATM concepts, and do not exist in Ethernet land=2E > Having never done this before I've had trouble understanding how to > go about it, and more trouble finding info=2E Obviously have/had some > things cross-wired in my head, and probably still do=2E 10 years ago, everyone knew about DSL modems; now, rarer in rich countries= =2E > It's my understanding that the modem connects to the ADSL line using > ATM technology, and as such uses the vpi and vci I've given it in its > configuration=2E As nearly as I can tell it makes that connection ok= =2E > In its status report I see the line up and at the proper speed, > proper > vpi and vci=2E It also reports the IP addr and mask for my LAN end of > the link, but no IP info for the ADSL port=2E Correct=2E > So the question becomes how does it connect to the fbsd firewall? > Do I actually need to run ppp or mpd if it's bridged? Yes=2E Your choice is to run the unit as a router plus modem (router mode= , where it handles the PPPoE|A connection) or 'just' a modem, handing off r= aw frames to your PPPoE client, such as userppp or mpd5=2E You've chosen to run it as a bridge, which has advantages but also some di= fficulty, as you're experiencing=2E One advantage that's a difficulty if y= ou get it wrong is that the (likely limited) firewall in the modem plus rou= ter mode is now up to you=2E I call that a plus, but plenty would rather n= ot=2E > In talking to my ISP, who's limiting information because they > don't like to deal with customer-owned equipment (i=2Ee=2E not rented > from them, but also understandably avoid the time needed to educate > the uneducated), I asked if in bridged mode they ran PPPoE or PPPoA, > and he said the modem should "just connect to the firewall machine > like any other network"=2E Yeah, sorry =2E=2E=2E mosf ISP helpdesk drones know 10% of SFA=2E Finding= the right ISP is more than half the challenge, so ignore my suggestions to= seek help there=2E > so I could be wrong, but I tried leaving ppp out of the link: Couldn't work, but clues from addresses: > Relevant IPs reported by modem in modem-router mode, linked up: > ADSL Port: > 66=2E109=2E136=2E47 255=2E255=2E255=2E255 ADSL link IP > 69=2E51=2E80=2E35 gateway address Ok, 66=2E109=2E136=2E47/32 is the local PPP (point to point protocol) addr= ess=2E That's the one your initial setup, below, refused to accept, because your = end was insisting on "my=2Eisp=2Eassigned=2Eip" which I think is your addre= ss in your assigned /29, NOT the (also probably fixed) IP address of your s= ide of the PPP link (=2E=2E=2E47) As mentioned in offlist mail, a separate IP addr to your routed subnet, wh= ether fixed or dynamic, is or was common for ppp, and what my /29 had for y= ears=2E Also, gateway there refers to the modem/router's gateway, not yours=2E I'm dropping the rest of this explore =2E=2E=2E [ =2E=2E=2E ] > Upshot of all that is it looks like a direct connection without PPPoE > doesn't work=2E Right=2E > Aside: I ISP asked about renting their preferred modem > (Zyxel VMG 4005 B50B) > and they said they don/t rent them separately, you have to rent them > with their preferred router=2E=2E=2E Also looked but couldn't find one > elsewhere=2E I'd be looking for another ISP, myself=2E=20 And having published your various IP ranges, a fresh set and a pretty para= noid firewall wouldn't hurt=2E Trimming =2E=2E=2E > > Not sure you need the '!' ? >=20 > Without the ! it won't overwrite an old existing one=2E Ok, ppp(8)=2E > >> tun0: CCP: deflink: LayerStart=2E=20 > >> tun0: CCP: MPPE: Not usable without CHAP81 > >=20 > > This looks maybe ominous=2E >=20 > I wondered about that but thought it would just send uncompressed? > I haven't seen ppp options to set no compression=2E No, but likely deflate or pred1 is ok=2E > So at this point hoping for the best, you get a nak and don't do it=2E The nak is only for MPPE (multilink?) > Docs from Allied Telesis > https://www=2Ealliedtelesis=2Ecom/sites/default/files/ppp_feature_confi= g_guide_rev_b=2Epdf > says the config request is a "wish list", and if it gets a nak or > reject reply it should come up with a new wish list=2E I think I see Indeed=2E > that sent out in the lines: > IPCP: deflink: SendConfigReq(2) state =3D Ack-Sent > IPCP: IPADDR[6] 66=2E109=2E141=2E58 > right before the reject of the other address=2E > I'm inferring that a reject reply allows for renegotiation but a nak > is a flat-out can't do it, given that the nak (unacceptable address) > on the other addr later results in closing the connection=2E Yeah, I'm pretty sure the only real problem here is asking for the wrong l= ocal ppp address=2E Ask for 0=2E0=2E0=2E0/0 and later ask for what you get= , if you like=2E > >> tun0: IPCP: deflink: RecvConfigRej(1) state =3D Ack-Sent > >> tun0: LCP: deflink: SendIdent(1) state =3D Opened > >> tun0: LCP: MAGICNUM 3bbf5181=20 > >> tun0: LCP: TEXT user-ppp 3=2E4=2E2 > >> tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression > >> tun0: IPCP: deflink: SendConfigReq(2) state =3D Ack-Sent > >> tun0: IPCP: IPADDR[6] my=2Eisp=2Eassigned=2Eip Yep=2E that's the (2nd) ask for the wrong address so =2E=2E=2E > >> tun0: IPCP: deflink: RecvConfigNak(2) state =3D Ack-Sent > >> tun0: IPCP: IPADDR[6] 66=2E109=2E136=2E47 No, they need you to accept this one! > not worry about it=2E Uh-huh=2E Repeated when I said "but that's the > addr > which is causing trouble=2E) >=20 > >> *** tun0: IPCP: 66=2E109=2E136=2E47: Unacceptable address! No, it's unacceptable because you've insisted on an addfress in your /29,= which is wrong=2E > > So you reject it=2E Maybe if you don't insist on > 'my=2Eisp=2Eassigned=2Eip' > > it might go - but then they've provided the wrong info=2E Not wrong, just confused=2E Most customers a) use their router and b) hav= e a single IP address=2E=20 > Thought maybe I reject it because it's not in my /29; or because I > already accepted the previous addr they asked for=2E No, you accepted the address they offered as _their_ end of the ppp link= =2E > I suppose if it's > not in my /29 and I accepted it, all I would need to do is add a > route > to the routing table, which might happen automatically with the > add! default HISADDR=2E From=20your box in the /29, you just need to have the default route via the = ppp IP, which ppp should determine as HISADDR which is reached via our ppp = link addr=2E Don't force anything, it should go=2E > I tried using 0=2E0=2E0=2E0 as my suggested IP, to see if they would co= me > up with the 66=2E109=2E136=2E47 the first time: >=20 > 1 tun0: IPCP: deflink: SendConfigReq(2) state =3D Ack-Sent > 2 tun0: IPCP: IPADDR[6] 0=2E0=2E0=2E0 > 3 tun0: IPCP: deflink: RecvConfigNak(2) state =3D Ack-Sent > 4 tun0: IPCP: IPADDR[6] 66=2E109=2E136=2E47 > 5 tun0: IPCP: IPADDR[6] changing address: 0=2E0=2E0=2E0 --> 66=2E109= =2E136=2E47 Correct! > 6 tun0: IPCP: deflink: SendConfigReq(3) state =3D Ack-Sent > 7 tun0: IPCP: IPADDR[6] 66=2E109=2E136=2E47 > 8 tun0: LCP: deflink: RecvTerminateReq(8) state =3D Opened Opened is ok, we're only terminating LCP section I expect=2E Anything aft= er that? > So when I send back a config request to use that addr on line 7 > why do I get a terminate back? > It would be really handy to be able to see the negotiation on the > back side of the modem, but I have no way to do that=2E In bridge mode, all negotiation happens in ppp=2E You are seeing it all, = but it can be confusing groking what it means =2E=2E=2E > > At this stage I'd send them the log and ask what's up? Yeah, nah =2E=2E=2E > I think I'm going to try mpd first, if I can figure that out without > documentation other than the example=2Econf=2E I think ppp is ready to go, once you stop expecting it to use an addr in t= he /29 > > We moved from user ppp to mpd C=2E '07, and found it better and > easier, > > but that won't help if their setup info is wrong=2E >=20 > Thanks, I'll see if I can figure out mpd and maybe it will work > better=2E > Have the mpd5 port installed, but I can't seem to find docs anywhere=2E % find /usr/local -name mpd5\* > The Handbook, ch 29=2E5=2E1, refers to a "Complete guide to configure > mpd" > in /usr/ports/shared/doc/mpd=2E There is no /usr/ports/shared, and I > see nothing other than mpd5 in /usr/ports that looks like it might be > relevant=2E Also nothing in /usr/local/share/doc/=2E See mpd5(8) /usr/local/share/doc/mpd5/ has a 70 odd page html manual=2E Maybe overkil= l, it's a powerful beastie, including PPPoE servers and other exotica=2E But seriously, if ppp still isn't working, post another log segment ( with= config ) cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?547039FF-357F-4B16-80C6-D2AC2B710C38>