In reply to a post by Magsy:

Sorry to hijack a little but do you have the reconnection bug, where if the HG612 power cycles, pfsense doesn't connect back up automatically?

I just pulled the power from my HG612 and pfSense recovered very quickly when power was restored (see my thinkbroadband quality monitor at around 1pm - yesterday's outage at around 3.30pm was when I was moving cables around and, again, pfSense recovered). If you're having problems with failure to recover, I suggest upgrading to pfSense 2.0.2 if you haven't done so already - this upgrades you to the latest mpd 5.6 and incorporates some security and bug fixes.

Make sure that the 'Dial on demand' option is not set on the PPPoE connection - you want pfSense to connect full time, not wait for outgoing traffic. If you're still having problems, check the options set on the WAN gateway (System -> Routing, Gateways tab) - though I'm almost certain that testing whether a PPPoE interface is live is done via periodic LCP Echo Requests.

Thanks, you didn't need to do that, appreciated

My FTTC install is Friday but I've been reading about the problem that's all; there is a 11 page thread on the pfsense forum. I've used pfsense for many years and want to carry on but I've had dhcp based reconnecting issues before and they really ruin the experience.

Good to know it should be fine, my back out plan was to hack the modem, terminate the PPPoE there and route out to pfsense as I have a /29 + 1 so can afford the addresses.

I should explain that my network topology is a little unusual - like many pfSense users, I use VLANs and VLAN capable switches rather than a lot of physical network interfaces in the pfSense box. Accordingly, pulling the plug on the HG612 will not make the pfSense box lose any Ethernet connections, which may help pfSense to recover from a downed PPPoE bridge (though I doubt it makes any difference).


I've got two 24 port level 2 managed gigabit switches - one in the house and one in an air conditioned server room in our converted garage. There's four OM3 multimode fibres between the two switches, operating as two 1000Base-SX gigabit links grouped into a single logical link using LACP for load sharing and resiliency. Multiple VLANs operate over the fibre link, all of which are tagged.

The OM3 fibre should be good for two 10 gigabit Ethernet links in the future - I know some sites eschew multimode fibre and have a 'single mode only' policy, but multimode allows me to use cheaper optics than single mode fibre. I'd have to use 1000Base-LX optics if the fibre was single mode, though these now cost very little extra. 10GBase-SR optics are significantly cheaper than 10 gigabit single mode optics, however.


The pfSense box is in the rack in the garage - it's a small 1U Dell dual core box. All the network interfaces are presented to it using tagged VLANs, including a dedicated VLAN for the HG612. There is a VLAN bug in the pfSense GUI, in that you can't assign a PPPoE connection to a VLAN, but you can set a VLAN as your WAN interface and convert that WAN connection to PPPoE.

The VLAN comes over the fibre link with its tags intact. The HG612 is connected to a port on the house switch connected to the PPPoE VLAN only, operating without tags. As such, power cycling the HG612 drops the link to the switch, but doesn't drop the parent interface of the PPPoE connection on the pfSense box.


Like you, my backup plan would be to terminate the PPPoE external to pfSense - I have a /28 (Zen use one of the addresses in the block for the gateway), so losing one address is OK. I wanted to terminate the PPPoE on the pfSense box, not least to make eventual IPv6 deployment easier. pfSense 2.1 will support IPv6, and I hope Zen will support IPv6 soon. If you're with AAISP, you already have IPv6 available.

Well adding the routes worked, but getting SNMP to listen on the LAN interface whilst in Bridge mode doesn't appear to work. The odd thing is that in routed mode previously I have to enable WAN access to be able to read SNMP from the LAN interface. In bridge mode I simply can't enable this option. Maybe I need a second cable into the router??

I need to reboot the firewall to enable an extra NIC so I'll have a try again tomorrow.

And I get mocked for having run multiple drops of CAT 5 all over my house...that's a lot of kit. I have fibre interfaces but in a 2 bed semi I'm struggling to find a need

I think the NIC/link dropping is the issue, when the physical interface goes down it doesn't recycle the PPPoE connection properly, however, like you I'm VLAN'ing my internet facing links and trunking back to the parent switch where the servers are. I should be fine then..

That sounds like the Billion decides what is LAN and what is WAN by IP address and only the /30 looks like LAN to it, so your routed /27 is WAN as far as the Billion is concerned.
If that's the case, not sure what you can do about that unless you add a NAT rule for just the SMNP requests so they appear to be from the Billion's idea of LAN. That would be a hack though, rather than a proper solution.
The proper solution would depend on hos the Billion makes this decision, and what control you have on how to change that, but I don't have enough information on this. Perhaps another user who has the same router may know.
Maybe once you've tested that terminating PPPoE on the firewall works, you can put everything back as it was and wait for the FTTC install. You know you'll have to do something different for MRTG anyway and that may depend on which of the two models you get from OpenReach.

And what exactly is the problem with having multiple drops of CAT5 all over the house?
I had the floor in the hall replaced about 12 years ago, and I made sure there were CAT5 cables under the new floor, going from the office to all the other rooms. You never know when you need them, and wireless is not a good option with thick stone walls - I get better signal from the garden than from the living room, possibly because it's just one wall and it has windows, while it's at least two walls from the office to the living room (and certainly wireless wasn't a good option when I installed the cables).

I have cat5e and cat6 cables going across my hallway, couldnt care less what visitors think its my place.

I did the same, when our lounge floor was replaced. I did a proper job by putting in RJ45 sockets in the walls, and Cat 5 cables behind the plasterboard. 16 port switch boxed off next to master phone socket, with patch leads.

Thought a quad socket behind the TV would suffice. No - need 5 now.

Thought 2 x quad socket next to my desk would be loads. It was, I have now turned my spare room into an office, and no longer have the desk there.

Twin socket in spare room (office) insufficient.

Twin socket behind bedroom TV. Now need 3.

Cant win.

Funnily enough... I have the same problem. Recently had to run some extra cat6 cables from the office (where the router is) to the living room, and I'm glad I had some space left in the cable ducts under the floors...