PPPOE authentication with Plusnet FTTP not working
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- PPPOE authentication with Plusnet FTTP not working
PPPOE authentication with Plusnet FTTP not working
20-02-2023 5:41 PM - edited 20-02-2023 5:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi I wonder if someone from plusnet can help as the telephone support have been useless, the "back office" staff have said I need to take the issue to my firewall vendor however the issue isn't with the firewall 😐
Below is the issue:
it's a weird one I have a Palo alto firewall connected directly to the ONT provided by BT and I am trying to get FTTP broadband working using PPPOE, the interface on the PA-220 that is connected to the ONT (ethernet 1/1) is configured to use PPPOE however the interface does not obtain a public IP address. The username and password are correct, I can test that they are correct by logging into my plusnet account online or using the plusnet provided router and ensuring it is configured to use the username and password which is identical to the one entered on the Palo alto firewall, when using the plusnet router which I am now it works just fine.
However the logs show an authentication failure, I have also changed the password, and still no luck.
Initiate connection:
PPPoE session was initiated for user:xxxxxxxx@plusdsl.net on interface:ethernet1/1
Error:
PPPoE session failed to connect for user:xxxxxxx@plusdsl.net on interface:ethernet1/1. Reason: Failed to authenticate ourselves to peer, LCP down
I have attached a couple of packet capture screenshots, the CHAP authentication is failing for some reason, the hashed response my end is sending back to the access concentrator on the Plusnet or BT network is not matching what the access concentrator is expecting.
The access concentrator in question is: acc-aln2.nao
Re: PPPOE authentication with Plusnet FTTP not working
20-02-2023 5:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Other file attached
Re: PPPOE authentication with Plusnet FTTP not working
20-02-2023 5:46 PM - edited 20-02-2023 5:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have you by chance enabled VLAN 101 on your router as the is not required for the ONT.
HTH
Re: PPPOE authentication with Plusnet FTTP not working
20-02-2023 5:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
No, the Palo alto's do not allow you to define a VLAN for PPPOE interfaces the traffic is sent untagged.
Re: PPPOE authentication with Plusnet FTTP not working
20-02-2023 6:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi witherford
Are any of the characters which can't be used shown in:
https://www.plus.net/help/archive/other/username-and-password-security/
used in the password?
Regards
Richard
Re: PPPOE authentication with Plusnet FTTP not working
20-02-2023 6:28 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My thinking was also around the password makeup, although the current one works with a plusnet router.
I was going to suggest using a simple password as a test, Alpha and Numeric characters only
Dan
Re: PPPOE authentication with Plusnet FTTP not working
20-02-2023 6:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It looks like the pppoe client on the pa220 may not support mschapv2 https://www.reddit.com/r/paloaltonetworks/comments/b9ar1m/help_pa220_and_pppoe_mschapv2/
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: PPPOE authentication with Plusnet FTTP not working
20-02-2023 8:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for the info however one thing I forgot to add, the same PA-220 worked fine on plusnet fibre VDSL (copper to the premises) using the same username and password, it's only as I have switched over to FTTP that it is not working.
Re: PPPOE authentication with Plusnet FTTP not working
21-02-2023 7:48 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Ah! Im assuming you had a modem in front of the pa220 then. Was the 220 configured for pppoe in that setup ?
In which case it should have worked with no change to the configuration.
I can assure you there is no problem with pppoe on fttp,
i use a tplink er605 on my fttp connection.
Are you absolutely sure there no vlan id being set on the 220 ?
Thats the main differerence between fttc and fttp , fttc used vlan id 101 whereas fttp does not use vlan id.
Having said that , the vlan id is usually handled by the modem so even on fttc the router doesnt need it
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: PPPOE authentication with Plusnet FTTP not working
21-02-2023 9:28 AM - edited 21-02-2023 9:30 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I did have a modem yes to handle the RJ11 connectivity to the master socket as the PA-220 does not have that built in.
I agree it should work with no change to the configuration.
Yes, PPPOE worked just fine with the setup on VDSL through the modem.
Yes, the traffic is being sent without a VLAN tag, I have referred to the ethernet section of the packet payload within the packet captures and there are no 802.1Q headers anywhere.
The physical setup I am trying at the moment is:
Palo alto ethernet port 1/1 which is configured for PPPOE --> ONT RJ45 port, this to me should work just fine, both devices attempt PPPOE when connected this way as the ONT is just acting as a Layer 2 bridge to the access concentrator.
The workaround I have is:
L3 P2P link between Palo alto and Plusnet router so ethernet 1/1 configured with an IP on the 192.168.1.x range connected into LAN port 1 on the Plusnet router, the Palo Alto then performs NAT of all outbound traffic behind the one IP address which is then routed to the plusnet router which then NAT's behind it's public IP (so twice NAT)
This works fine so their is something different about the Plusnet router authenticating with the remote end vs the Palo alto and it's not the username and password, so what is it? I have a suspicion that it might be an extra security measure such as MAC address authentication.
Can I ask on your device did you have to configure a MAC address anywhere or perform any kind of MAC address spoofing?
Re: PPPOE authentication with Plusnet FTTP not working
21-02-2023 9:46 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have a suspicion that it might be an extra security measure such as MAC address authentication.
I can assure you there isn't. I have used a few different (third party) routers on my PN connection over the years.
Can I ask on your device did you have to configure a MAC address anywhere or perform any kind of MAC address spoofing?
No.
Attached my WAN configuration if it helps
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: PPPOE authentication with Plusnet FTTP not working
21-02-2023 9:49 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Cheers, if that is the case then I am going to dig out and try configuring one of my cisco routers and see if that works. If the Cisco router works then it looks like it might be the firewall that is causing the problem.
Re: PPPOE authentication with Plusnet FTTP not working
21-02-2023 9:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Are you connected to FTTP?
Re: PPPOE authentication with Plusnet FTTP not working
21-02-2023 10:05 AM - edited 21-02-2023 10:06 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Yes, a 900/115Mb connection.
Looking back at your log screenshots for the PPP setup. It looks like its definitely failing CHAP authentication ( you can ignore my previous comment re MS_CHAP V2 )
The username it appears to be sending is 'name@plusdsl...' ?? it should be 'name@plusdsl.net' . Does it really not have the .net or is that just being dropped by the log ?
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: PPPOE authentication with Plusnet FTTP not working
21-02-2023 10:21 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Dropped by the log, it does indeed have the full username
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- PPPOE authentication with Plusnet FTTP not working