Starting pfsense for New Users

[bert64]

I have set up vlan as per the guide.

On the WAN side, igb0.20 (VLAN ID 20, priority 4) is for SingTel TV VLAN. Igb0.10 (VLAN ID 10, priority 0) is for Internet.

On the LAN side, VLAN for SingTel TV is with igb3.20 (VLAN ID 20, priority 4). Then I followed the guide to create a bridge0 which covers igb0.20 (TV WAN VLAN), igb3.20 (TV LAN VLAN) and igb3. igb3 is needed as per the guide and successful report.

Internet is through bridge2 (igb1 and igb2).

Firewall rules are set.
1) allow all for the internet LAN bridge2. (Nothing for Internet WAN).
2) allow all for the SingTel TV bridge0.

Assuming the tv box is connected to igb3, are you sure its expecting tagged traffic? The other screenshots suggest the router is expected to untag the traffic and forward it to the tv box...

I'd suggest you create the bridge with igb0.20 and igb3 instead of igb3.20 (so traffic will be sent untagged on igb3).

 

[xiaofan]

Assuming the tv box is connected to igb3, are you sure its expecting tagged traffic? The other screenshots suggest the router is expected to untag the traffic and forward it to the tv box...

I'd suggest you create the bridge with igb0.20 and igb3 instead of igb3.20 (so traffic will be sent untagged on igb3).

Thanks for the tip. I will try this out as well over the weekend.

 

[Trans-Am]

https://item.taobao.com/item.htm?sp...iNibxm&id=626309939388&ns=1&abbucket=3#detail

May not be the best deal. Quite spoilt for choices on TB.

Their power plug can be used in SG?

 

[xiaofan]

Their power plug can be used in SG?

It is 2pin power plug, you just need to use a cheap 3pin adapter to use in SG.

 

[xiaofan]

Assuming the tv box is connected to igb3, are you sure its expecting tagged traffic? The other screenshots suggest the router is expected to untag the traffic and forward it to the tv box...

I'd suggest you create the bridge with igb0.20 and igb3 instead of igb3.20 (so traffic will be sent untagged on igb3).

OpenWRT Singtel ONT Internet and Singtel TV setup info seem to be inline with what you said.
https://klseet.com/networking/singtel/singtel-tl-wr1043v18-openwrt

But I tried your tip but it did not work somehow. It was a short try and I will try again over the weekend.

Some more info: TL-SG108E setup with Singtel ONT with Singtel TV
https://medium.com/@jumzd/singtel-fibre-tp-sg108e-431439d31418

I read that pfSense VLAN is a bit different as it does not support PVID.
https://forum.netgate.com/topic/114329/vlan-how-do-you-assign-use-the-native-untagged-vlan/4

 

[uncle_josh]

Refer to Help with Singtel VLAN tagging, post #8

OpenWRT Singtel ONT Internet and Singtel TV setup info seem to be inline with what you said.
https://klseet.com/networking/singtel/singtel-tl-wr1043v18-openwrt

But I tried your tip but it did not work somehow. It was a short try and I will try again over the weekend.

Some more info: TL-SG108E setup with Singtel ONT with Singtel TV
https://medium.com/@jumzd/singtel-fibre-tp-sg108e-431439d31418

I read that pfSense VLAN is a bit different as it does not support PVID.
https://forum.netgate.com/topic/114329/vlan-how-do-you-assign-use-the-native-untagged-vlan/4

 

[xiaofan]

Refer to Help with Singtel VLAN tagging, post #8

Lol. It's a synology router right?

Make sure the settings are as follow,

Internet 10 prio 0 untagged

Iptv 20 prio 4 tagged.

Based on the other posts, the above is not correct for IPTV. But no problem I will try as well.

 

[xiaofan]

Assuming the tv box is connected to igb3, are you sure its expecting tagged traffic? The other screenshots suggest the router is expected to untag the traffic and forward it to the tv box...

I'd suggest you create the bridge with igb0.20 and igb3 instead of igb3.20 (so traffic will be sent untagged on igb3).

OpenWRT Singtel ONT Internet and Singtel TV setup info seem to be inline with what you said.
https://klseet.com/networking/singtel/singtel-tl-wr1043v18-openwrt

But I tried your tip but it did not work somehow. It was a short try and I will try again over the weekend.

Some more info: TL-SG108E setup with Singtel ONT with Singtel TV
https://medium.com/@jumzd/singtel-fibre-tp-sg108e-431439d31418

I read that pfSense VLAN is a bit different as it does not support PVID.
https://forum.netgate.com/topic/114329/vlan-how-do-you-assign-use-the-native-untagged-vlan/4

My issue is the same as the following report. Looks like I need to try different combination of the bridge. The reported success story seems to create a bridge which includes all three interfaces which do not sound correct and it did not work for me.

https://forums.hardwarezone.com.sg/...linic-4/singtel-internet-pfsense-5830003.html

This is what I've accomplished so far. I've connected miotv and wan to pfsense.
em0: WAN
em1: miotv

This is my pfsense config:
WAN: vlan10 on em0
LAN: re0
miotv_wan: vlan20 on em0
miotv_lan: em1
miotv_bridge: bridged(miotv_wan & miotv_lan)
...
But a new issue has risen. miotv does not seem to work. It works for 30 seconds then it says "singtel tv service is currently experiencing a system error."

Success reports:
1) https://forums.hardwarezone.com.sg/...help-needed-pfsense-router-miotv-5432928.html
2) https://jefferytay.medium.com/adven...1-setting-up-internet-and-mio-tv-8474af46edcc

 

[xiaofan]

Tried different combinations and the best is still the same as the two successful reports -- to bridge all three interfaces (tagged WAN, tagged and untagged LAN for TV box).

Symptom is still the same: 30seconds and then the video will stop. After I switch channel I got another 30 seconds of video again. If I do not switch channel for a while, the TV box will report system error. The main issue is that the TV box does not get a private IP address from SingTel side.

Now I can only guess latest pfsense version changed something default and that may be the difference between my setup and the last successful report.

 

[TanKianW]

Tried different combinations and the best is still the same as the two successful reports -- to bridge all three interfaces (tagged WAN, tagged and untagged LAN for TV box).

Symptom is still the same: 30seconds and then the video will stop. After I switch channel I got another 30 seconds of video again. If I do not switch channel for a while, the TV box will report system error. The main issue is that the TV box does not get a private IP address from SingTel side.

Now I can only guess latest pfsense version changed something default and that may be the difference between my setup and the last successful report.

Does this happened even with a smart/managed switch?

I still don't recommend the (bridge) switch remaining ports setup.

 

[xiaofan]

Does this happened even with a smart/managed switch?

I still don't recommend the (bridge) switch remaining ports setup.

I will try the smart switch over the weekend. Let it deal with SingTel VLAN and SingTel TV. Then pfsense does not need to deal with SingTel specific stuff. That was my backup plan anyway.

Edit to add:
Most likely I will cancel SingTel TV later this year as the kids have moved to YouTube.

 

[TanKianW]

I will try the smart switch over the weekend. Let it deal with SingTel VLAN and SingTel TV. Then pfsense does not need to deal with SingTel specific stuff

Been using the bridged ONR setup with miotv and pfsense since I moved to my new place, so no chance to test the ONT setup with pfsense.

Do test and post on the outcome. I am curious too. Thanks.

 

[xiaofan]

Now move on to next task -- to configure Singtel IPv6 (6rd). IPv6 seems to work from the LAN client side but from the router side the gateway WAN-6rd status shows as Offline and PacketLoss.

ONT --> pfsense (IPv6 set as 6rd on WAN, LAN IPv6 set as to track WAN) --> Asus RT-AX82U (IPv6 set as passthrough)

From Singtel IPv6 thread.

So I am trying to get 6rd working under pfsense but it does not work, kind of expected for the first try.
6RD Prefix: 2400:d803::/32 (tried /64 as well)
6RD Border relay: 202.166.127.6
6RD IPv4 Prefix length: 32

Second interface beside WAN.
wan_stf: flags=4041<UP,RUNNING,LINK2> metric 0 mtu 1480
inet6 2400:d803:: prefixlen 32
groups: stf
v4net 220.255.x.x/32 -> tv4br 202.166.127.6
nd6 options=101<PERFORMNUD,NO_DAD>

Gateway WAN_6rd shows as 2400:d803:caa6:7f06:: and Offline/Packetloss

Edit to add:
Hmm, strange, from the client side, IPv6 works well. IPv6 test sites show the IPv6 works fine.

ping -6 ipv6.google.com

Pinging ipv6.l.google.com [2404:6800:4003:c04::65] with 32 bytes of data:
Reply from 2404:6800:4003:c04::65: time=4ms
Reply from 2404:6800:4003:c04::65: time=7ms
Reply from 2404:6800:4003:c04::65: time=4ms
Reply from 2404:6800:4003:c04::65: time=4ms

Ping statistics for 2404:6800:4003:c04::65:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 7ms, Average = 4ms

 

[bert64]

Now move on to next task -- to configure Singtel IPv6 (6rd). IPv6 seems to work from the LAN client side but from the router side the gateway WAN-6rd status shows as Offline and PacketLoss.

ONT --> pfsense (IPv6 set as 6rd on WAN, LAN IPv6 set as to track WAN) --> Asus RT-AX82U (IPv6 set as passthrough)

From Singtel IPv6 thread.

6RD IPv4 Prefix length - should be 0
Gateway - singtel's tunnel server doesn't respond to pings (annoying, why would they do that?) so the gateway will always show as down, you can specify a different "monitor ip" for the ping check in the gateway settings - 2400:d800:a::1 is the next router upstream so it's as good as any for this purpose.

 

[TanKianW]

*UPDATED* Basic Setup of WireGuard VPN on pfsense

Creating the WireGuard VPN and setting up the interface on pfsense:

*TAKEN DOWN*

 

[TanKianW]

*FOR TESTING ONLY* WireGuard on pfsense: Almost Line Speed VPN

On MR 1G Static IP plan

With WireGuard:

Without WireGuard:

 

[Trans-Am]

https://item.taobao.com/item.htm?sp...iNibxm&id=626309939388&ns=1&abbucket=3#detail

May not be the best deal. Quite spoilt for choices on TB.

if i wanna discontinue this project, can it be use as normal light weight desktop or ...?

 

[TanKianW]

if i wanna discontinue this project, can it be use as normal light weight desktop or ...?

Yes. Just install Windows. That is also the reason i recommend at least 256GB storage.

 

[xiaofan]

I will try the smart switch over the weekend. Let it deal with SingTel VLAN and SingTel TV. Then pfsense does not need to deal with SingTel specific stuff. That was my backup plan anyway.

Edit to add:
Most likely I will cancel SingTel TV later this year as the kids have moved to YouTube.

Kind of sorted this out with the help of TL-SG105E and Singtel Mesh Router.
https://forums.hardwarezone.com.sg/...el-vlan-settings-tplink-sg108e-5746952-2.html

So I have a working setup, but it is not the same as what I planned.

Port 1 -- connect to Singtel ZTE ONT (Default VLAN)
Port 2 -- Asus RT-AX82U with public IP 1 (VLAN 10)
Port 3 -- pfSense with public IP 2 (VLAN 10)
Port 4 -- meant for Singtel TV box but not working (VLAN 20)
Port 5 -- Singtel Mesh router with public IP 3 -- Singtel TV Box (Default VLAN)

 

[TanKianW]

Kind of sorted this out with the help of TL-SG105E and Singtel Mesh Router.
https://forums.hardwarezone.com.sg/...el-vlan-settings-tplink-sg108e-5746952-2.html

So I have a working setup, but it is not the same as what I planned.

Port 1 -- connect to Singtel ZTE ONT (Default VLAN)
Port 2 -- Asus RT-AX82U with public IP 1 (VLAN 10)
Port 3 -- pfSense with public IP 2 (VLAN 10)
Port 4 -- meant for Singtel TV box but not working (VLAN 20)
Port 5 -- Singtel Mesh router with public IP 3 -- Singtel TV Box (Default VLAN)

You tried ont -> pfsense -> tplink switch -> miotv setup?

Or tried and it don’t works?