TPG and AAPT-Wholesale'd FTTN NBN have non-obvious settings. Likely with NBN FTTB products too. Read on to get the settings that will work.
For TPG FTTP settings, here is our guide.
Configure your modem for Bridge mode
The TPG provided modem may or may not support bridge mode. We recommend you store it somewhere for use if troubleshooting in the future (when you call TPG support they will want you to plug it in).
With pfSense we recommend the Netgear DM200.
For configuration steps please see our FTTN NBN guide as this is not specific to TPG/AAPT.
What hardware should I run pfSense® on?
For home, check out the A10 Dual Core or A10 Quad Core appliances in Desktop profile.
For business, check out the A10 Quad Core or the Xeon Quad Core Gen4 as Rackmount appliances.
Settings for TPG
Will the phone work?
No. TPG do not disclose the SIP details that their modems use. If you want an ISP that let's you BYO SIP devices, please check out Exetel
Create PPPoE Interface
Just create a normal PPPoE interface like you would with ADSL. Enter your username and password. However, the MTU and MSS values must be set as follows:
- MTU must be 1500 or PPPoE wont connect.
- MSS must be 1492 (or less) otherwise larger frames will be sent and dropped inside NBN - resulting in extreme packet loss!
Configure VLAN 2
For an unknown reason, TPG and AAPT require VLAN 2 for their traffic. If you know why please let us know!
Create the VLAN
Click Interfaces then select Assignments. In the page that appears click the VLANs tab.
Click "+ Add" to create a new one
Select the Parent interface, probably em0 or igb0 (it will be if you use a Deciso device from our online store).
Enter the VLAN Tag (aka VLAN ID or VLAN Number) as per your ISP requirements. For TPG this is VLAN 2.
Having VLAN Priority of 0 is fine.
Set the description to something like "TPG VLAN2"
Click Save
Change PPPoE to use VLAN interface
From above you should still be in the Interfaces page. So click the PPPs tab, then click the Pencil icon "Edit PPP Interface" for the pppoe1 (or whichever) Interface.
Now you're on the PPP Configuration page. Select from the Link Interface(s) list, your new VLAN interface. It will be called something like "em0_vlan2 - TPG VLAN2"
Click Save
The WAN interface of your pfSense Firewall should now connect to your ISP almost instantly.
Recommended: Create an interface to administer the Modem
Click Interfaces then select Assignments. In the page that appears select from the Available network ports list the interface that your modem is attached to, then click "+ Add".
Enable the interface. Description of the interface might be something like "MODEM" or "EM0MODEM", IPv4 should be static, then set the IP address and range to match the modems (recall that you changed it before)
Now click Firewall and select NAT. Select the Outbound tab and add new rules for your LAN to NAT in to the modem network. As the modem wont know how to return traffic to your LAN.
Now from your LAN, you can admin your modem and see how your signal is doing etc.
AAPT Wholesale and TPG Corporate
This configuration has only been reported to us, so is provide as reference.
Configure VLAN 100 (or other)
Click Interfaces then select Assignments. In the page that appears click the VLANs tab.
Click "+ Add" to create a new one
Select the Parent interface, probably em0 or igb0 (it will be if you use a Deciso device from our online store).
Enter the VLAN Tag (aka VLAN ID or VLAN Number) as number 100 - or whatever the ISP specifies.
Having VLAN Priority of 0 is fine.
Set the description to something like "AAPT VLAN2"
Click Save
Assign VLAN as WAN interface
Click Interfaces then select Assignments.
For WAN select the new VLAN interface you just created and click Save.
Configure your IP address
The previous step will have left you on the Interface Assignments page. So now click on the WAN text and it's configuration page will appear.
Select IPv4 Configuration Type as Static IPv4 - new options will appear. Set IPv4 Configuration Type as None.
Set MTU as 1500 and MSS as 1492. Failure to set the MSS will result in terrible packet loss as NBN silently drops oversized frames!
Enter your IPv4 Address and its subnet mask.
Note: pfSense supports /31 subnets
Then click Add a new gateway. A popover window will appear.
Select this new gateway as Default. Give it a suitable name and the Gateway IPv4 address your ISP provided. Add a Description then click Add.
You will return to the prior screen, and should now click Save.
Stuck?
We offer commercial support, why not contact us
Disclosure
We are dealers for both Exetel (Dealer BA1372) and TPG (Dealer NAUAAH).
By using the above links or codes when signing up, we get a tiny commission and as your dealer can assist you with configuration problems etc.
If you need something faster, we can also provide recommendations for faster and higher SLA services available in your area.
Hi thanks alot for this guide, after 2 years ive been able to finally resolve the problem i was having getting a stable PPPOE with vlan fiber connection directly into the box without a router. Did not know PPPOE needs to have only vlan device added nothing else. With your permission i’d like to post this to the opnsense forums.
In case anyone comes across this post, I managed to get pfSense working but not using the above steps (I spent hours trying to get them to work!). The solution is to not over complicate things! If the modem is bridged using VLAN ID 2 then there doesn’t seem to be any need to also set up any VLAN on pfSense. I simply put in my TPG username/password into the PPPoE Configuration of the WAN interface and it worked. I haven’t tested whether DNS is an issue, but I did check the box in General Setup for “Allow DNS server list to be overridden by DHCP/PPP on WAN” but that is all.
I had to set the MTU and MRU to 1500 in the PPPoE page as well (bottom of the page).
If you set your DM200 to bridge mode, but previously had set in your internet settings to use the “Computer address” for the MAC address it does this really, really bizarre behavior where it will remember the MAC address of the first thing to attach, and NEXT TIME it boots it will use that MAC address as its own Internet facing MAC address.
Then once it connects to the internet it will be UNABLE to connect to whatever the previous first thing to attach was, because that MAC address is assigned to its own interface!!! This can mean that a DM200 can be functioning perfectly, all fine, but unknown to you it is waiting to be reset to apply some random MAC which can very, very easily conflict with your gateway machine.
This manifests itself as “oops I unplugged the modem, oh well I’ll just plug it back in .. wait I can’t ping it any more.. I can’t access anything now.. but I can access the modem from this other machine?? the other machine works but the machine it was just working with doesn’t work?!?!” If you don’t know exactly what is going on this is a maddening one to diagnose.