Just wanted to give an update, I just finished setting up Nethserver in place of my PFSense machine. I found that if I manually add in LINUX_PLUGIN=/usr/lib64/pppd/2.4.5/rp-pppoe.so to the ifcfg-ppp0 file I can max out my connection in both directions 900+ megabits. I need to figure out where to hack the code to get it stuck in there any time I edit the interfaces now.
It shall be but if you didn’t find that line on ifcfg-ppp0 file maybe there’s a bug.
Thanks! Issuing db networks setprop ppp0 linux_plugin /usr/lib64/pppd/2.4.5/rp-pppoe.so signal-event interface-update seems to have fixed the issue with it not sticking when the interfaces reload.
EDIT: I think perhaps you are right about it being a bug, as the ifcfg-ppp0 file had an entry PLUGIN=’/usr/lib64/pppd/2.4.5/rp-pppoe.so’ however the correct one that enables the rp-pppoe plugin is LINUX_PLUGIN=
Hi ,
Just curious but have you tried OPNSENSE?
I am also currently using pfsense as my firewall and VPN gateway and I am looking for another solution.
I have been playing with Opnsense but cant seem to get all of it workin.
Have not thought to use Nethserve for this. I ntrest to see how you go and if possible if you could share your instructions.
Thanks.
My experience with PPPoE on NS is good : it is perfectly reliable. That said, the slightly high CPU power (steady 4-5% on a core2duo and 10-15% peaks if I remember correctly) needed to run it @100Mbps makes me wonder if gigabit speed is possible.
2 Likes
@francio87 was also testing NethServer with PPPoE as a PFSense replacement, don’t know if he has any advice:
@gpapaiko I have not tried Opnsense, my goal was to move away from FreeBSD to a Linux based firewall and Nethserver had the most features in a nice GUI. If for some reason my ISP drops PPPoE as a requirement to connect I may end up loading Opnsense but I doubt that will ever happen. I currently have Nethserver fully working as a replacement to my old PFSense firewall. I can help you if you would like, but basically I just created a Word document with step by step instructions for my specific use case with all the things I needed to do to make it work. I highly suggest setting up a lab in your favorite VM software(virtualbox) and running through the install a few times before you take down your internet connection for the install. Also if possible use a second hard drive that way if things don’t work out you can just swap the old drive back in and have functional internet again.
@pagaille Once I fixed the LINUX_PLUGIN line in the ifcfg-ppp0 my CPU usage while maxing out my connection dropped to nearly 0%, I suspect this will depend on what your CPU/NIC arrangement is in your server. This is a MASSIVE improvement from what I was seeing using PFSense and also resulted in over 200 megabit increase in download speed for my LAN clients.
@dnutan my only advice is to run that command that you showed me in that bug report.
db networks setprop ppp0 linux_plugin /usr/lib64/pppd/2.4.5/rp-pppoe.so
Followed by
signal-event interface-update
If you do not run this the rp-pppoe plugin will not load and pppoe will run in userspace rather than in kernel.
Interesting. Strangely that PR has been merged since 7.5… I’m not using that NS anymore so I can’t report.
I think there may be a bug in how it was implemented as mine had PLUGIN=/usr/lib64/pppd/2.4.5/rp-pppoe.so however the correct line is LINUX_PLUGIN=/usr/lib64/pppd/2.4.5/rp-pppoe.so
EDIT: I have commented on the github issue that @dnutan linked so maybe it will get fixed for future users.
2 Likes
Good catch 
Hopefully someone on the dev team will see my comment on the github page and re-open/fix the implementation. I suspect that the user base that uses NS as a firewall is small and of that group I may be the only one using it on a high speed pppoe connection so its pretty low priority. At least there is a work around for now.
Hi Greg,
Thanks for the update.
At this stage I don’t nee ppoe.
An my pfsnese and opnsens are both virtual machine, and I can easily setup a 3rd nethserver and switch between them.
If you don’t mind can you shre your instructions? might be bit too much to ask for.
Yeah I think I can edit my notes and throw something together. Most of it is pretty specific to my application but I will try and generalize it and clean it up as best as I can.
PFSense Migration guide
First thing you will need to do is get into your PFSense and document EVERYTHING you want to keep/replicate on NS.
-
LAN subnet(s)
-
Guest subnet(s)
-
Special interfaces like tunnels or VLANs
-
WAN IP(s) if static and/or PPPoE credentials
-
Firewall rules in any direction between network subnets
-
Port forwarding rules
-
VPN details/credentials
-
Local network services such as DHCP/DNS IP reservations and domain names
-
Note any aliases that have been defined for port ranges or hosts
Once you are confident you have all your needed info documented in Word or some other format that is available offline you can start.
IF USING HARDWARE I STRONGLY SUGGEST USING A NEW HARD DRIVE! SET THE PFSENSE DRIVE ASIDE SO YOU CAN USE IT IF THINGS DO NOT WORK OUT.
NethServer install
Configure time zone
Hard Drive config may require you to delete the content on it by selecting “I will configure” then removing all the partitions listed and then clicking the link telling the installer to “create them automatically”
Networking My server has only 2 physical interfaces. I statically set both interfaces to private /24 networks that I do not use and connected my laptop to the port I intend to be external(red). Be sure to set both network interfaces to AUTOSTART and on the general tab “automatically connect to this network when available".
Begin Install
I only set up the root user
Post Install
Statically assign an IP from one of the private networks you setup on the interfaces to a laptop connected via ethernet to the WAN port.
Try to connect to the IP for the firewall in a web browser, for example https://192.168.1.1:9090/. If this fails change the static IP on the laptop to the other /24 and try to reach the server on that IP, for example https://192.168.2.1:9090/.
It is important to connect to the port that I wanted to be the WAN port because the LAN port in my setup uses tagged VLANs and configuring the router through the port you intend to setup for VLANs didn’t seem straight forward.
Once you are able to connect to the web interface, log in with the root user and the password created at setup.
Go to System - Network and configure your VLANs/subnets for the LAN port.
Below Network you will find DHCP. Setup the DHCP server for your VLANS all your address reservations.
At this point I could disconnect the laptop and plug the WAN cable back into my ISP fiber network terminal and continue setup from my desktop PC connecting through the VLAN interface.
Back at the System - Networking area, setup PPPoE using your ISP provided credentials and telling it to use the WAN ethernet port. At this point PPPoE will not work because you have to tell it to connect via a tagged VLAN, in my case that is VLAN 201.
Open the terminal into the firewall and issue the following commands:
db networks setprop eth? role ‘’
db networks set eth?.201 vlan role pppoe
db networks settype ppp0 xdsl
db networks setprop ppp0 linux_plugin /usr/lib64/pppd/2.4.5/rp-pppoe.so
db networks setprop ppp0 role red user ISPUSERNAME Password ISPPASSWORD
signal-event interface-update
*where the eth? is replaced with the name of your wan adapter, mine is enp2s0
The PPPoE connection should be up now.
Go to Software Center Install packages Basic Firewall and OpenVPN then update system.
Head over to Applications - Firewall - Objects and get any port ranges or subnet aliases entered.
Go to Port Forward right below Objects and input all your port forwarding settings.
At this point the firewall should be passing traffic in both directions.
Go to System - DNS and add all your custom DNS entries.
While you are on the subject of DNS you may subscribe to a dynamic DNS provider and would like to use that.
Open terminal and enter the commands below:
yum install http://mirror.de-labrusse.fr/NethServer/7/x86_64/nethserver-stephdl-1.1.7-1.ns7.sdl.noarch.rpm
yum install nethserver-ddclient –enablerepo=stephdl
Go to Applications – Dynamic DNS to setup your account.
I setup NTP at this point.
Go to System – Dashboard and click on the date and time to gain access to NTP upstream server settings.
Now that I have accurate system time I setup OpenVPN.
Applications – VPN – OVPN tunnels – Tunnel clients – Add client tunnel
My tunnel uses certificate authentication and the one “gotcha” I found was NethServer expects 3 certs in the certificate box in a particular order. The order I found works is client certificate followed by client key followed by the CA certificate.
The final step was setting up SNMP for my network monitoring application. I found out the only good way to set this up is to install the old server manager.
Head back to Software Center and install the old server manager.
Once it is installed point your browser to your firewalls IP at port 980 using HTTPS.
On the left side bar scroll down to SNMP and fill out the requested info.
FIN
1 Like
Thank you for reporting the bug on PPPoE @G_B!
The fix is now under work: https://github.com/NethServer/dev/issues/6500
The issue is ready for testing, would you give it a try @G_B?
To test it:
yum --enablerepo=nethserver-testing update nethserver-firewall-base\*
signal-event interface-update
Thank you for the quick turn around on this, I will test when I get home from work today.
1 Like
Patch looks like it works, I don’t have 2 lines with ‘/usr/lib64/pppd/2.4.5/rp-pppoe.so’ in my ifcfg-ppp0 anymore.
1 Like
Hi Greg,
Thanks for this looks great.
Just out of curiosity, is there way to expand the number of zones, Red, Green, Blue, & Orange, add another one like Yellow.
The reason I am asking is that my firewall has 6 networks (ZONES) on it.
If there is a way or you know of a way to add more zone that would be great.
Thanks
Which is the role of this “yellow” zone?