Ask
Reply
Solution
07-08-2022 10:44 PM
Hi All
So I got FTTP with the ONT box. Thinking of building a PFsense.
Obviously the hot top is the VOIP phone…
So I was wondering has anyone managed to get the on a LAN port on the THG3000 and had the phone working? (thinking on sticking the THG3000 on a spare port on the PFsense box)
Cheers
Sat
08-08-2022 12:23 AM
Should this be possible using a Pfsense box? Sure!
Has anyone done it? Not to my knowledge!
It's probably one of those conversations best had in Pfsense user support groups.
There are probably a couple of ways to do it. Ideally, you'd want to be able to sniff out the ports and protocols used and just forward these to the VF router. It'd also probably be possible to use the sledgehammer technique and have the Pfsense mirror everything to the VF router, just to get the VOIP working!
If you do make any progress, please let us know!
08-08-2022 03:05 PM
I can't get vfe to even send me a router so can't tell you - but in short, I strongly suspect this is never going to work. I have set up a pfsense box on the ONT no problem (although it is currently in a DMZ behind a simple tplink router as I have just gone live and reconfiguring the pfsense router is going to take time, I have quite a lot of firewall rules and VPNs that need to be tweaked to a different WAN gateway and have not had enough free time). I have zero experience of the VFE router, but I am not sure if you don't connect up via either VDSL or a Vodafone PPPoE WAN interface it will work with all its functionality - I strongly suspect it will not! Sure, you can use it as a dumb access point but I don't think you will get the VoIP capabilities.
I would think you would be better just getting a VoIP basestation like a gigaset c530 IP or similar and using your own VoIP provider. That way you can port your number once and take it with you when you change ISP, and you will get better call rates than with an ISP VoIP service. I do indeed this and take my VoIP service with me as I change ISP.
Alternatively, not ideal, but you can put your pfsense router begins your vfe router in a DMZ (not sure if the vfe router supports DMZ or mass port forwarding)? Disadvantages would be you may need yet another router/ap behind your pfsense box...this is actually what I am currently doing until I have some spare time although it's too many boxed eating electricity so need to fix it when I get time.
08-08-2022 03:15 PM
By the way, I used my pfsense box in a double NAT config without issues for years as previous ISP would not allow customers to use own router unless expensive business service. The dynamic DNS capabilities of pfsense are quite good and can still work in double NAT.
Unless the VoIP capability of the vfe router will work with it in ap mode then the WiFi you get on the vfe router would also be in a different subnet as well. The chances of the vfe router supporting static routing between subnets is approximately zero...
08-08-2022 09:10 PM
Considering my earlier post and there is a third more likely way to manage this. With the pfsense box set to allow pass-thru connections, you should be able to get the Vodafone router working behind the Pfsense box. Whether you would still need to mirror or DMZ would be trial and error, but there is no magic sauce here, using Pfsense this should be possible!
*If I were going down this route, I'd probably have gone Mikrotik rather than Pfsense, and I'm reasonably confident that I may be able to pull this off just using the Merlin firmware on my Asus router maybe with a few additional routing commands!
08-08-2022 10:12 PM
I really doubt the Vodafone router will do anything (except work as an access point) unless it has authenticated 1st via PPPoE. I doubt it will be able to authenticate on the vfe PPPoE servers through pfsense (unless pfsense is just a dumb bridge) and the pfsense router will already have authenticated. I'm not 100% sure, but I am 95% sure....
Once pfsense has authenticated, all traffic on that gateway is encapsulated as a PPPoE payload within an ethernet frame including any traffic from the vfe router. Of course if you configure pfsense just as a bridge but what value are you getting from pfsense...
One possible option is to set up a PPPoE server on pfsense with duplicate vfe credentials. You may be able to fool the vfe router it is communicating with the vfe PPPoE server? Seams like an awful lot of hastle for minimum value. If you really want to try see: https://docs.netgate.com/pfsense/en/latest/services/pppoe-server.html
08-08-2022 10:15 PM
The real issue is that unlike most gdneric routers routers, I think the vfe router will only work with pppoe wan and even then do o we nload it's initial config from a vfe server - which is why you can't use the router with a different isp.
14-08-2022 01:24 AM
So I had a go at this, and while I'm pretty sure it used to work, you are correct that it doesn't now. From memory, and it's 3 or 4 years since I last tried this, using pass-thru would issue a second WAN IP which no longer seems to be the case!