I realise questions related to this have been posted before, but none of them seem to contain a solution to my problem.
I have a Vigor 130 VDSL2 modem connected to eth0, and two local networks on 10.1.x.x and 10.2.x.x on eth1 and eth2, respectively.
I have eth0 configured to use a static IP of 192.168.2.10 so that I can access the modem's configuration page on 192.168.2.1, in addition to PPPoE over eth0 for the internet. This requires two NAT rules for both the internet and the modem, but it all works fine.
The problem comes when the modem loses VDSL connection and the PPPoE session ends. The edgerouter just fails to redial. You can see in the web UI and the CLI that the router clearly knows the PPPoE session has ended - it has a status of disconnected.
If I type disconnect interface pppoe; connect interface pppoe, then I get a working connection again. Alternatively if I reboot the whole modem, then the router notices and reconnects.
It's almost as if the mechanism for reconnecting the PPPoE link is listening to the status of eth0, and not the pppoe interface.
firewall { all-ping enable broadcast-ping disable ipv6-name GUESTv6_IN { default-action accept } ipv6-name GUESTv6_LOCAL { default-action accept } ipv6-name TRUSTEDv6_IN { default-action accept } ipv6-name TRUSTEDv6_LOCAL { default-action accept } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" log disable protocol ipv6-icmp } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name GUEST_IN { default-action accept rule 1 { action drop description "Block local hosts" destination { address 10.0.0.0/8 } log disable } rule 2 { action drop description "Block modem" destination { address 192.168.0.0/16 } log disable } } name GUEST_LOCAL { default-action accept rule 2 { action drop description "Block router management" destination { address 10.1.0.1 } log disable } rule 3 { action drop description "Block router guest" destination { address 10.2.0.1 port ssh,https,80 } log disable protocol tcp_udp } rule 4 { action drop description "Block router modem" destination { address 192.168.0.0/16 } log disable } } name TRUSTED_IN { default-action accept rule 1 { action drop description "Block guest subnet" destination { address 10.2.0.0/16 } log disable } } name TRUSTED_LOCAL { default-action accept rule 1 { action drop description "Block router guest" destination { address 10.2.0.1 } log disable } } name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } options { mss-clamp { interface-type pppoe mss 1460 } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address 192.168.2.10/24 description WAN duplex auto mtu 1508 pppoe 0 { default-route auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } mtu 1500 name-server none password ********************* user-id ******************** } speed auto } ethernet eth1 { address 10.1.0.1/16 description Trusted duplex auto firewall { in { name TRUSTED_IN } local { name TRUSTED_LOCAL } } speed auto } ethernet eth2 { address 10.2.0.1/16 description Guest duplex auto firewall { in { name GUEST_IN } local { name GUEST_LOCAL } } speed auto } loopback lo { } } port-forward { auto-firewall enable hairpin-nat enable lan-interface eth1 rule 1 { description Plex forward-to { address 10.1.2.4 port 32400 } original-port 32400 protocol tcp_udp } rule 2 { description Synology forward-to { address 10.1.2.3 port 5001 } original-port 5001 protocol tcp } wan-interface pppoe0 } service { dhcp-server { disabled false hostfile-update enable shared-network-name Guest { authoritative disable subnet 10.2.0.0/16 { default-router 10.2.0.1 dns-server 10.2.0.1 lease 86400 start 10.2.0.2 { stop 10.2.255.254 } } } shared-network-name Trusted { authoritative disable subnet 10.1.0.0/16 { default-router 10.1.0.1 dns-server 10.1.0.1 lease 86400 start 10.1.0.2 { stop 10.1.255.254 } // redacted static mappings from here ... unifi-controller 10.1.1.0 } } use-dnsmasq disable } dns { forwarding { cache-size 150 listen-on eth1 listen-on eth2 name-server 8.8.8.8 name-server 8.8.4.4 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5010 { description "Masquerade for WAN" log disable outbound-interface pppoe0 protocol all type masquerade } rule 5011 { description "Masquerade for Modem" log disable outbound-interface eth0 protocol all type masquerade } } ssh { port 22 protocol-version v2 } upnp2 { listen-on eth1 nat-pmp enable secure-mode enable wan pppoe0 } } system { host-name ubnt ipv6 { disable-forwarding } login { user admin { authentication { encrypted-password ************* } level admin } } name-server 127.0.0.1 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat disable ipv4 { forwarding enable pppoe enable } ipv6 { forwarding enable pppoe enable } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC }