Hi, I just setup two of the mentioned xDSL-modem and now everything works almost fine now. It took a while to find proper modem settings (VPI,VCI, VLAN, VLAN-Prio) for my ISP, donĀ“t know if it is import for the OP. If someone is interested I can provide further details. Now i do the pppoe in OpenBSD and everything else like VLAN-tagging etc. with the modem in bridge-mode.
Thanks again for your help.... Thomas On Tue, 5 Mar 2019 at 22:22, Thomas Huber <miracu...@gmail.com> wrote: > I hooked two ADSLlinks now with a modem-router (aka. Fritzbox) which do > the pppoe part for now. > I also orderd a newer version of my xDSL-Modem (ALLNET BM200VDSL2V), that > should be able to do the vlan tagging. > I let you know how things work out when everything is in place. > > I start a new thread about pf load-blancer configuration... > > Thanks again for your support. > Thomas > > > On Tue, 26 Feb 2019 at 22:13, Thomas Huber <miracu...@gmail.com> wrote: > >> hmmm just played around and for ADSL-link 1 and 2 which are provided by >> the Deutsche Telekom it is not important if it is chap or pap, works both. >> >> >> >> >> On Tue, 26 Feb 2019 at 16:59, Stuart Henderson <s...@spacehopper.org> >> wrote: >> >>> On 2019/02/26 16:38, Sebastian Benoit wrote: >>> > Thomas Huber(miracu...@gmail.com) on 2019.02.26 14:22:33 +0100: >>> > > with chap the tcpdump looks like this: >>> > > >>> > > #tcpdump -nevvs1500 -i vlan0 >>> > > tcpdump: listening on vlan0, link-type EN10MB >>> > > 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: >>> PPPoE-Session >>> > > code Session, version 1, type 1, id 0x00a9, length 16 >>> > > LCP Configure-Request Id=0x24: Magic-Number=988888519 >>> > > Max-Rx-Unit=1492 >>> > > 13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: >>> PPPoE-Session >>> > > code Session, version 1, type 1, id 0x00a9, length 16 >>> > > LCP Configure-Request Id=0x25: Magic-Number=988888519 >>> > > Max-Rx-Unit=1492 >>> > > 13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: >>> PPPoE-Session >>> > > code Session, version 1, type 1, id 0x00a9, length 16 >>> > > LCP Configure-Request Id=0x26: Magic-Number=988888519 >>> > > Max-Rx-Unit=1492 >>> > > 13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: >>> PPPoE-Session >>> > > code Session, version 1, type 1, id 0x00a9, length 16 >>> > > LCP Configure-Request Id=0x27: Magic-Number=988888519 >>> > > Max-Rx-Unit=1492 >>> > > .... >>> > > >>> > > but no connection esblished. >>> > > >>> > > On Tue, 26 Feb 2019 at 13:02, Stuart Henderson <s...@spacehopper.org> >>> wrote: >>> > > >>> > > > On 2019/02/26 12:36, Thomas Huber wrote: >>> > > > > Hi Stuart, >>> > > > > >>> > > > > and thanks for your help. >>> > > > > I tried yout suggestion but didn??t solve the problem. >>> > > > > here is the tcpdump output (i just stripped the account >>> credentials) but >>> > > > I can not read it. >>> > > > > Maybe you can spot something here: >>> > > > > >>> > > > > # tcpdump -nevvs1500 -i em0 >>> > > > > tcpdump: listening on em0, link-type EN10MB >>> > > > >>> > > > Reformatted a bit: >>> > > > >>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492 >>> > > > Auth-Prot=PAP Magic-Number=526788746 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492 >>> > > > Auth-Prot=PAP Magic-Number=526788746 >>> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx >>> > > > Passwd=xxxx >>> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx >>> > > > Passwd=xxxx >>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492 >>> > > > Auth-Prot=CHAP/MD5 Magic-Number=3828540274 >>> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP >>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03: Max-Rx-Unit=1492 >>> > > > Auth-Prot=CHAP/MD5 Magic-Number=3430741983 >>> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP >>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff: >>> Magic-Number=1818005467 >>> > > > Max-Rx-Unit=1492 >>> > > > >>> > > > It looks like this could be as simple as the other side needing >>> CHAP >>> > > > instead of PAP. Please try that next. >>> > > > >>> > >>> > Two possibilities not mentioned yet: some providers want specific >>> values in >>> > the priority field of the vlan packets, maybe try playing with the >>> txprio >>> > option could help. >>> >>> I don't think this is happening here, you don't usually get any LCP in >>> that case, just no response to PADI. Plus frames with the Juniper MAC >>> address have varying priority (I snipped it from my shortened version >>> but it was in Thomas's original) and in the cases fixed by forcing >>> priority, the provider's frames have zero bytes (prio 1). >>> >>> > The other thing is: if your provider (Vodafone) uses CHAP >>> cauthentication, >>> > you run into a problem, because you connect through Deutsche Telekom. >>> The >>> > way this works is, that you authenticate with DTAG, who wants PAP. They >>> > notice your @vodafone handle and they hand your authentication off to >>> that >>> > providers radius service. Unfortunatly if they have different >>> authentication >>> > protocols, this does not work, because the openbsd pppoe wont switch >>> from >>> > PAP to CHAP. >>> >>> This would totally explain what we're seeing. It should be possible to >>> change that but maybe a bit fiddly to do without a test environment .. >>> >>>
