Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Gen7 - PPPoE issues (multiple WAN Interfaces)?

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

is anyone experiencing problems with PPPoE connections on Gen7 when there are multiple WAN Connections?Firmware version does not seem to make a difference, because it happens from 5018 up to 5050.

A few different deployments reported irregular trouble with PPPoE (SNWL is the PPPoE Client) and one thing they have in common is, that these locations are having multiple WAN interfaces (multiple PPPoE or PPPoE+DHCP).

I did some further digging, because despite the PPPoE Interfaces are configred as "Always on" the interface isn't reconnecting automatically and does not even try. Even a manual "Connect" does not do anything.

When the interface isn't working anymore, the VDSL Modem has a proper DSL link and it's not limited to the same interface, it could be X1 or X2 for example if both are PPPoE driven.

I checked with the Packet Monitor to see if there is any communication on the Interface and this caught my eye, it seems the remote side is still sending PPPoE message which getting blocked by the SNWL. It appears to me that there is something broken in the PPPoE client on the SNWL.

in:X1*(interface),out:--,DROPPED, 
Drop Code: 361(Received PPPoE packet for non-existent PPP session in DP.), 
Module Id: 53(PPPOE), (Ref.Id: _1712_eqQqqpfJoqvu),2:2)

The one and only solution to solve this situation is to reboot the appliance. It does not help to restart the VDSL Modem or to put the Ethernet Interface down and up again.

This might not be easy to put in a support ticket, because it does happen suddenly and we cannot wait for weeks to have support really dig into this.

--Michael@BWC

Category: Entry Level Firewalls
Reply

Answers

  • jasni26jasni26 Newbie ✭

    Hi Michal@BWC,

    I've noticed the same problem with PPPoE.

    We're often using a cheap VDSL Line as backup for the main internet line, so we're using also multiple WAN interfaces.

    In earlier firmware we were not able to get a PPPoE connection running (mostly in HA deployments).

    The following article (https://community.sonicwall.com/technology-and-support/discussion/1990/new-tz270-not-able-to-pppoe) helped us.

    After we've changed the ncp retrans time to a higher value, the PPPoE connection succeded.

    Sometime after a HA failover the PPPoE Connection isn't reastablished. We then increase/decrease the ncp retrans time (+/-1 is enough) and the connection is up without a retart.

    Because of that, we try not to use PPPoE on Gen7 devices, instead we're using a cheap router (mostly Fritz!Box or SpeedPort from Deutsche Telekom) which will do the PPPoE part, for the sonicwall WAN interface we're using DHCP. The router should forward all traffic to the sonicwall WAN interface.

    Disadvantage is double NAT

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @jasni26 thanks for confirming my fears :) ... I'll poke around with the NCP retrans then, I wanna avoid a router in front if possible, Double NAT can be nasty and I had all kind of VPN problems in the past with that.

    It was working just fine with Gen6, if there is a general PPPoE problem in Gen7 it should be addressed ASAP.

    --Michael@BWC

Sign In or Register to comment.