Sunday, August 28, 2011

pfSense and TM Unifi


This is to show you how to enable pfSense 2.x and use TMNet’s Unifi.
Important to note that inorder to “dial” into Unifi, you must fire the PPPoE through a VLAN and those are VLAN 500 for your regular internet browsing and VLAN 600 for your Video. This guide is to setup basic internet using pfSense.
Assuming you are using at least 2 interfaces, the LAN (in this guide, eth0), which all your local networks (or regular users) are connected, the other interface is WAN (in this guide, eth 1) which will be the one that will dial into Unifi.
image

Your LAN can be easily configured to any IP which you wish your users to connect to. This will typically be the gateway IP address for your users. The interface we will discuss here is the WAN interface.
So summary of the steps to get it working;
1) Define the WAN interface as null (or none)
2) Setup VLAN 500 and tie it to the WAN interface or eth1
3) Setup PPPoE inside VLAN interface

1) Defining WAN interface as null.
Simply go to WAN interface and set it up as none. Save it. Setup like below
image

2) Define a new interface:
On pfSense’s main menu, click on Interfaces and click on (assign). Click on VLANs. Select WAN (or eth1) as the parent interface. Inside VLAN tag, enter 500. Put a nice description, like VLAN-TMUnifi there if you so wish. Click on save.
image
3) Setup PPPoE on the VLANned interface:
Now, click on Interfaces again, click on (assign). Click on the + to add a new interface and select the newly created VLAN-TMUnifi. Notice the interface name that was created for you like OPT1 or OPT2. Click on interfaces again, select (and in this example), OPT1. Click to enable the interface. Under type, select PPPoE. Scroll down to the username and password part. Enter your username and password respectively.
You can also rename your interface as for example, from OPT1 to UNIFPPP (for example):
image

Before you click on save, make sure you select, Block private and bogon networks. They should not pass through this interface (unlike interface LAN).
Now, once you’ve save, click on the blue S icon on the top right of the page. If all config such as username and password is correct, you should see the interface come up like below;
image
If you have problems, click on, Status, click on System Log files then click on PPP. Any issues or errors will be shown there.

Once done, you need to setup gateways and routing correctly in order to route traffic over this new interface you just created and dialed.
image
You should set it up as default unless you have other gateways and such. Otherwise, setting it as default will quickly allow you to browse.
Well that’s it, also of course don’t forget to setup an allow rule from interface LAN to any (to begin with) and allow that connection.
If you need to allow incoming connections, select the UNIFPPP interface instead of WAN and setup your inbound rules there.
Enjoy pfSense and the speed of Unifi!
PS> If you are interested in our appliance, do write to sanjay@astiostech.com. Should cost you around US250/box with 4G flash, enclosure, 3 NICs, 2 USB ports (can use for 3G usb modems etc).

7 comments:

Unknown said...

hi...is it possible to create VLAN600 for iptv?..i tried a few time before but it's not working..but for the internet it works...thank you..

JayWS said...

I guess you can, just need to bridge them correctly. Haven't really tried tho...will try in the weekend and let u know, ok :)

bluecar said...

Hi, how about load balance function?

Anonymous said...

it doesn't work for me. The wan with vlan500 already setup as in guide. However, I am still unable to connect to unifi. Any idea what's the problem?

JayWS said...

Send some logs esp the pppoe ..

what version of pfsense u using?

Anonymous said...

Marco here. Just to say that the user needs to get his account's password from the tmnet unifi center.

The contractor whoc comes to install the modem, etc will not write that in the form.

The wifi pin is not the account password !

omarq said...

Need your help on this situation .

I have a 1 load balancer using pfsense 2.1 Release , my wan connection using Tm Unifi 4 unit 20 Mbps static ip , currently using with tm dlink modem .

- My question is , can i tag vlan 500 for all my wan connection to bypass the tm dlink modems ?