NBN's Fibre to the Node (FTTN), and Fibre to the Building (FTTB) both use VDSL technology. This guide applies to all of them.
The high-level steps are: firstly configure the one port VDSL modem, then configure pfSense. These steps may also be a useful reference for configuring other Firewall's based on Linux or other.
But first things first.
VDSL Modem
Configure the Netgear DM200
The Netgear DM200 is a very basic 1 port VDSL modem. You can buy one from our online store.
Open the box etc. But before you plug in the "phone" line, you must upgrade the firmware first. Versions prior to V1.0.0.36 will cause NBN to block your port.
You will need V1.0.0.44 or better to connect to any provider who uses VLAN's in their configuration (TPG and others).
You might as well install whatever is the latest version. Download it from the Netgear website.
First, upgrade firmware as follows
Plug a computer into the LAN port of the modem, and the modem will provide an IP address via DHCP.
Use a browser to connect to http://192.168.1.1
Note: the menus can be a bit slow as the DM200 is very low end. It's perfect as a bridging modem but is otherwise pretty hopeless.
The modems default username and password are admin and password respectively.
Click the Advanced tab, click to expand the Administration drop down on the left hand side, then click Firmware Upgrade. Follow the steps.
Now, configure the modem for bridge mode
Once the firmware upgrade is completed, again go in to the Advanced tab, click to expand the Setup drop down on the left hand side, then click Internet Setup. Ensure the mode DHCP is set (as the modem will get confused when set to bridge if previously set to PPPoE).
Then click LAN Setup from the same menu, set the modems IP range to something that doesn't clash with your LAN, disable DHCP.
Tip: Place a sticky label on the modem with the IP address you just gave it for later reference.
In the Advanced tab once again, click the Device Mode option. Set the Device Mode option to Modem (Modem only).
Tick the Passthrough VLAN option. Even if your ISP doesn't use VLANs it won't hurt.
You can now plug the modem into the "phone" line. Do so.
Configure the ZTE H268A
Exetel ship the ZTE H268A which can be configured for bridge mode. They have provided bridge modem configuration steps here on their wiki.
(If you sign up with Exetel, please use our Dealer Code BA1372)
Configure pfSense
You can probably find your ISP specific settings on this reference: http://whirlpool.net.au/wiki/fttn_registered_modem_router#vdsl2_modem_routers_isp_settings
For home, check out the A10 Dual Core or A10 Quad Core appliances in Desktop profile.
For business, check out the A10 Quad Core or the Xeon Quad Core Gen4 as Rackmount appliances.
Are you using TPG or an AAPT Wholesale ISP?
Please see our TPG FTN NBN guide which deals with their quirks
Your ISP uses IPoE with DHCP (like Optus, Iinet, and Telstra)
Some ISP's just use IPoE with DHCP, which is excellent. IPoE stands for IP over Ethernet, which for our purposes is DHCP or Static IP addressing without PPPoE or similar.
In this case your pfSense firewall, for which WAN is set to DHCP by default, should just work when the VDSL modem is in bridge mode (as above).
In theory an ISP might use DHCP with a VLAN, but none are known at this time. Please contact us if yours does this and we will gladly expand this guide for you.
ISP uses PPPoE without VLAN's (i.e. Exetel)
Just create a normal PPPoE interface like you would with ADSL. Set the MTU to 1492 if you want to be specific but it should automatically detect.
If your ISP also has a "VLAN" setting, read on.
ISP uses PPPoE with VLAN's - i.e. TPG
The steps are as follows: first create the PPPoE interface as normal (see above), for TPG ensure MTU is 1500 and MSS is 1492. Second, we create a VLAN in pfSense, then finally have PPPoE use it.
For TPG please see our TPG FTTN guide!
Create VLAN
Click Interfaces then select (assign). In the page that appears click the VLANs tab.
Click "+ Add" to create a new one
Select the Parent interface, probably em0or igb0 (it will be if you use a Deciso device from our online store).
Enter the VLAN Tag (aka VLAN ID or VLAN Number) as per your ISP requirements. For TPG this is VLAN 2. For Dodo, and iPrimus the VLAN is reported as 100 on Whirlpool (which are most likely using AAPT wholesale).
Having VLAN Priority of 0 is fine.
Set the description to something like "TPG VLAN2"
Click Save
Change PPPoE to use VLAN interface
From above you should still be in the Interfaces page. So click the PPPs tab, then click the Pencil icon "Edit PPP Interface" for the pppoe1 (or whichever) Interface.
Now you're on the PPP Configuration page. Select from the Link Interface(s) list, your new VLAN interface. It will be called something like "em0_vlan2 - TPG VLAN2"
Click Save
The WAN interface of your pfSense Firewall should now connect to your ISP almost instantly.
Recommended: Create an interface to administer the Modem
Click Interfaces then select (assign). In the page that appears select from the Available network ports list the interface that your modem is attached to, then click "+ Add".
Enable the interface. Description of the interface might be something like "MODEM" or "EM0MODEM", IPv4 should be static, then set the IP address and range to match the modems (recall that you changed it before)
Now click Firewall and select NAT. Select the Outbound tab and add new rules for your LAN to NAT in to the modem network. As the modem wont know how to return traffic to your LAN.
Now from your LAN, you can admin your modem and see how your signal is doing etc.
Stuck?
We offer commercial support, why not contact us
Disclosure
We are dealers for both Exetel (Dealer BA1372) and TPG (Dealer NAUAAH).
By using the above links or codes when signing up, we get a tiny commission and as your dealer can assist you with configuration problems etc.
If you need something faster, we can also provide recommendations for faster and higher SLA services available in your area.