Fixing my PPPOE configuration on PfSense
I am moving from a virtual machine on VMWare to a physical host for my firewall. There are many reasons I am moving (mainly that I want to get rid of VMWare). This machine was the last hold out of my move. I also was upgrading from Pfsense version 2.5.2 to version 2.7.2 as well, which did complicate matters.
After transfering over the configuration to the new firewall, I had one major issue - my PPPoE connection would not connect. This had been plaguing me for sometime, and is the reason I bought the physical hardware. My original plan was to use a vm on proxmox.
The issue I was having was that PPPoE service would establish just fine for version 2.5.2, but not for 2.7.2. I had a look all over the internet, but nothing presented a viable solution.
The configuration file for mpd5 is stored in /var/etc/mpd_<interfacename>.conf. This is the 'real' name, not the aliased one. For me, this is opt7. Your previous configuration may use a different interface. First off, I compaired the 2 configurations and found there were a few lines included in the new configuration, that weren't in the old one. I tried removing them, only to find no difference. When I looked at the new file, I noticed that the file had been changed. In order to prevent this, I made the file immutable on the file system. This is done in FreeBSD with the command "chflags". The full command was
chflags schg /var/etc/mpd_opt7.conf
When done, It all worked. The PPPoE connection came up. Happy Days! I can finally retire my VMWare node! Not quite.
It transpires that if you restart mpd5 or kill it off, then the removed lines actually stop it running. They seem to be related to the creation of the virtual interface. Changing the file back to being mutable (noschg flag) allowed the interface to start, but not run.
I copied my config that mpd needed to connect in to /root and wrote the following script.
#!/bin/sh
# Configuration
CONFFILE="mpd_opt7.conf"
SRCPATH="/root"
SRCFILE="$SRCPATH/$CONFFILE"
DESTPATH="/var/etc"
DESTFILE="$DESTPATH/$CONFFILE"
PROCESS="mpd5"
# Check if config file exists
if [ ! -e $SRCFILE ]; then
echo "$SRCFILE does not exist";
exit 1;
fi
# Check if MPD is running
RUN=$(ps axuwwww | grep $PROCESS | grep -v grep | awk '{print $2}')
if [ "x$RUN" != "x" ]; then
echo "$PROCESS is running";
/usr/bin/diff $DESTFILE $SRCFILE
if [ $? -eq 0 ]; then
# Files are the same, and the process is running.
exit 0;
else
# Files Differ
cp $SRCFILE $DESTFILE
chflags schg $DESTFILE
fi
else
echo "$PROCESS is not running";
chflags noschg $DESTFILE
exit 1;
fi
The script starts by checking that the srcfile exists. This is the config file that mpd needs to establish the connection. Next we check if mpd is running.
If it is, we see if there is a difference bewtween the config we want and the config that mpd is using. If there is a difference, we copy over the srcfile and then make the file immutable. If there is no difference, we exit normally.
If mpd isn't running, we make sure that the destination file (mpd's config file) is mutable.
Lastly, set up a corn job in the gui to run every 5 minutes (*/5, all other times are *) for the program /root/fix-ppoe.sh and the user is root.
The PPPoE connection should now restablish after 10 minutes or so if the firewall is rebooted.
So what were those config lines that stopped mpd from connecting?
set bundle period 6
set bundle lowat 0
set bundle hiwat 0
set bundle min-con 3
set bundle min-dis 6
set bundle enable bw-manage
One final note, when I reinstalled the virtualisation host with Proxmox, the SSD has reportedly 97% wear on it. This means I'm due a failure soon, so all in all, I fixed the issue just in the nick of time.