Hi guys,
I've noticed one other post on the forum here, but the answer wasn't entirely clear.
Anyhow I'll post my config after explanation.
I've setup an ER8 in the lab and tested a pppoe-server on vlan2 (eth0.2), to a laptop plugged directly into the ER8.
The pppoe client on the laptop on vlan2 worked a treat - got address as expected.
I've then deployed this router to a long range airmax deployment, but am having no joy.
I have the CPE radio set with a vlan 2 created and a new bridge bridging WLAN0.2 to LAN0 (so basically making LAN0 untagged on vlan2).
If I put a DHCP server on the ER8 for the vlan2 network, then the device plugged into the LAN0 on the CPE radio gets an ip address as expected in the vlan2 range.
But if I try to use PPPoE on the same interface (tried both a laptop and a router) I get nothing.
My other problem is I can't find much documentation about troubleshooting the pppoe-server, so I don't even know which logs to tail to try to figure out what's happening.
This is my config - any help appreciated
firewall {
all-ping enable
broadcast-ping disable
group {
network-group CLIENT_LAN {
description "Client Traffic Network"
network 10.1.254.0/24
}
network-group LAN_NETS {
network 192.168.1.0/24
network 172.16.0.0/16
network 10.0.0.0/8
}
network-group MANAGEMENT_LAN {
description "Management Network"
network 172.16.254.0/23
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify WAN_BALANCE {
rule 20 {
action modify
destination {
group {
network-group LAN_NETS
}
}
modify {
table main
}
}
rule 50 {
action modify
modify {
lb-group MultiWAN
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 1 {
action accept
state {
established enable
related enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
state {
established enable
related enable
}
}
}
name cleint_ER_block {
default-action accept
description "Block client traffic from accessing Edgerouter"
rule 1 {
action drop
description "block port 80"
destination {
group {
address-group ADDRv4_eth0.2
}
port 80
}
log disable
protocol tcp_udp
source {
group {
network-group CLIENT_LAN
}
}
}
rule 2 {
action drop
description "block 443"
destination {
group {
address-group ADDRv4_eth0.2
}
port 443
}
log disable
protocol tcp_udp
source {
group {
network-group CLIENT_LAN
}
}
}
rule 3 {
action drop
description "block SSH"
destination {
group {
address-group ADDRv4_eth0.2
}
port 22
}
log disable
protocol tcp_udp
source {
group {
network-group CLIENT_LAN
}
}
}
}
options {
mss-clamp {
interface-type pppoe
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.16.255.254/23
duplex auto
firewall {
in {
modify WAN_BALANCE
}
}
speed auto
vif 2 {
address 10.1.254.254/24
description "client traffic"
firewall {
in {
modify WAN_BALANCE
}
local {
name cleint_ER_block
}
}
}
}
ethernet eth1 {
duplex auto
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
description WAN4
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
pppoe 3 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server none
password hidden
user-id hidden
}
speed auto
}
ethernet eth5 {
description WAN3
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
pppoe 2 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server none
password hidden
user-id hidden
}
speed auto
}
ethernet eth6 {
description WAN2
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
pppoe 1 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server none
password hidden
user-id hidden
}
speed auto
}
ethernet eth7 {
description WAN1
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server none
password hidden
user-id hidden
}
speed auto
}
loopback lo {
}
openvpn vtun0 {
description pritunl0
encryption aes256
hash sha256
mode client
openvpn-option "--setenv UV_PLATFORM edge"
openvpn-option "--setenv UV_ID 61db5776ff9148f69597828d8420dd4e"
openvpn-option "--setenv UV_NAME restless-dreams-5977"
openvpn-option --push-peer-info
openvpn-option "--ping 10"
openvpn-option "--ping-restart 60"
openvpn-option "--hand-window 70"
openvpn-option "--server-poll-timeout 4"
openvpn-option "--reneg-sec 2592000"
openvpn-option "--sndbuf 100000"
openvpn-option "--rcvbuf 100000"
openvpn-option "--remote-cert-tls server"
openvpn-option "--comp-lzo no"
openvpn-option "--tls-auth /config/pritunl/vtun0.tls 1"
protocol udp
remote-host hidden
remote-port 12002
tls {
ca-cert-file /config/pritunl/vtun0.ca
cert-file /config/pritunl/vtun0.cert
key-file /config/pritunl/vtun0.key
}
}
}
load-balance {
group MultiWAN {
interface pppoe0 {
route-test {
initial-delay 60
interval 10
type {
ping {
target 8.8.8.8
}
}
}
weight 25
}
interface pppoe1 {
route-test {
initial-delay 60
interval 10
type {
ping {
target 8.8.8.8
}
}
}
weight 25
}
interface pppoe2 {
route-test {
initial-delay 60
interval 10
type {
ping {
target 8.8.8.8
}
}
}
weight 25
}
interface pppoe3 {
route-test {
initial-delay 60
interval 10
type {
ping {
target 8.8.8.8
}
}
}
weight 25
}
sticky {
}
}
}
protocols {
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name Default {
authoritative disable
subnet 172.16.254.0/23 {
default-router 172.16.255.254
dns-server 172.16.255.254
dns-server 8.8.8.8
lease 86400
start 172.16.254.1 {
stop 172.16.255.100
}
}
}
}
dns {
forwarding {
cache-size 5000
listen-on eth0
listen-on eth0.2
}
}
gui {
https-port 443
}
nat {
rule 5000 {
description WAN1
log disable
outbound-interface pppoe0
protocol all
source {
group {
network-group LAN_NETS
}
}
type masquerade
}
rule 5001 {
description WAN2
log disable
outbound-interface pppoe1
protocol all
source {
group {
network-group LAN_NETS
}
}
type masquerade
}
rule 5002 {
description WAN3
log disable
outbound-interface pppoe2
protocol all
source {
group {
network-group LAN_NETS
}
}
type masquerade
}
rule 5003 {
description WAN4
log disable
outbound-interface pppoe3
protocol all
source {
group {
network-group LAN_NETS
}
}
type masquerade
}
}
pppoe-server {
authentication {
local-users {
username hidden {
password hidden
}
mode local
}
client-ip-pool {
start 10.1.254.1
stop 10.1.254.250
}
dns-servers {
server-1 10.1.254.254
server-2 8.8.8.8
}
interface eth0.2
}
ssh {
port 22
protocol-version v2
}
telnet {
port 23
}
}
system {
domain-name community.wireless
host-name edgerouter
login {
user hidden {
authentication {
encrypted-password hidden
plaintext-password ""
}
full-name "hidden"
level admin
}
user hidden {
authentication {
encrypted-password hidden
plaintext-password ""
}
full-name hidden
level operator
}
user hidden {
authentication {
encrypted-password hidden
plaintext-password ""
}
full-name "hidden"
level admin
}
}
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipv4 {
pppoe enable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://http.us.debian.org/debian
username ""
}
repository wheezy-security {
components main
distribution wheezy/updates
password ""
url http://security.debian.org
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Australia/Sydney
traffic-analysis {
dpi enable
export enable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.8.0.4853089.160219.1614 */