Multiple PPPoE, PPTP, and Dynamic DNS now supported in 1.3!

July 25th, 2008 by Chris Buechler

Thanks to the hard work of Ermal Luçi, pfSense 1.3 now contains a number of great interface and dynamic DNS related improvements. The following has all been completed.

  1. PPPoE and PPTP are now possible on any interface rather than just WAN. For multi-WAN with multiple PPPoE or PPTP connections you previously needed to do the PPPoE or PPTP on the modem or other device, now pfSense handles this directly.
  2. Dynamic DNS is now multi-account capable. This means you can use it with multiple WANs, and/or use multiple services on the same WAN.
  3. carpdev support – This was attempted, and unfortunately backed out because of problems with carpdev in FreeBSD. If those problems are resolved, it will return. This allows the use of CARP without the static public IP requirement.
  4. Interface list consistency – this isn’t really relevant to end users, but it’s a great improvement for developers. The means of obtaining the list of active interfaces obtained from m0n0wall initially had really turned into a hack as we have added functionality such as multi-WAN and single interface support. This resolves a number of development difficulties.
  5. Completely reorganized back end interface support. The interfaces are all treated equally now, fully removing the “special” status that LAN and WAN formerly received.
  6. Improved back end VLAN interface handling
  7. Introduction for dummynet support in pf – this provides even more flexible and powerful traffic shaping abilities, including these two oft-requested features amongst numerous other possibilities:
    - Per user bandwidth limiting
    - Per local subnet bandwidth limiting
  8. Improved ruleset creation speed – testing shows at least a 15% improvement here.
  9. Captive Portal is now multi-WAN capable
  10. Sticky connections for outbound load balancing should be fixed.

Mostly finished work

  1. Replace the event system with a daemon offering better handling of events.

Work in progress

  1. Better PPTP and FTP handling in NAT. The PPTP fixes will allow multiple outbound connections to the same external PPTP server using a single public IP. Details of that issue on the Features page on the website under PPTP/GRE NAT limitation.
  2. More disciplines on the shaper such as shortest living connections getting higher priority, and addition of the JoBS/WFQ discipline for ALTQ.

Thanks Ermal!

22 Responses to “Multiple PPPoE, PPTP, and Dynamic DNS now supported in 1.3!”

  1. Fabien Says:

    Where can I download this 1.3 ?

  2. leon.unix Says:

    why can use load balanceing if use pppoe .in gateway group .it is must input a gateway ip but if i use pppoe .i do not know gateway.how can i input.if it is not be use why now support multiple pppoe?

  3. Chris Buechler Says:

    Fabien: That blog post sure got buried quickly, here it is: http://blog.pfsense.org/?p=208 I also added a link to the downloads page on http://www.pfsense.org

    leon: I’m not sure how that works, I’ll ask Ermal to see if he can post here to answer that.

  4. Chris Buechler Says:

    leon: that’s a bit up in the air as it’s related to the new gateway code and Seth who is working on that piece is on vacation at the moment. We’ll have more info on that when Seth is available.

  5. Rodrigo Says:

    Woohooooo !!!

    Thanks !!!

  6. Bill McGonigle Says:

    Wow, it’s sounding like 1.3 will have a great architectural underpinning. Keep up the good work, fellas.

  7. Chris Buechler Says:

    Bill: yeah, there are a number of architectural improvements that’ll make it easier to extend functionality in the future, and keep the code base cleaner. We won’t put up new feature blog posts for that kind of stuff, other than when it’s a part of bigger new features, because it isn’t of interest to the typical end user. But a number of other things have been done in that area as well.

  8. Alfredo Says:

    That’s great, ermal is my new hero, I was looking for many of this options for a long time, I hope we can have a production usable beta or stable version soon.

    Thanks Ermal

  9. Ctek Says:

    Well… It has been a while since i have last used pfsense, but was keeping an eye out on the blog. This last posts have shure make me think that this is yet again to prove itself as the ultimate solution in networking.

    I’ve been with you for a long time, and your spirit is the kind that we need. I have to salute you guys and I take my hat in front of you! Keep up the good work. pfSense Team you have our respect.

    Best regards Ctek

  10. Adrian Says:

    Hi, if I can get more than one public IP (up to 5) via DHCP (not static) from my ISP via a cable modem; is there any way to get these assigned to one WAN interface? Or will I have to put a hub in front of pfSense? Is this something I remember reading was going to be available in 1.3 or am I mixing up stuff I thought I read with reality again.

  11. Chris Buechler Says:

    Adrian: you can use 5 NICs set to DHCP, but they’re probably going to pull the same subnet so you won’t be able to policy route between them nor direct traffic out on a specific IP other than the primary. Port forwards will work on them all.

    We don’t plan on adding multi-DHCP on a single WAN support, that would require multiple MAC addresses per interface and I’m not sure if it’s even feasible at that.

  12. Jonathan Puddle Says:

    Awesome news! Ermal is a legend, and you guys all rock.

  13. FreeBSD roundup - week 30 | FreeBSD - the unknown Giant Says:

    [...] pfSense Ermal Luçi has added to a number of great interface and dynamic DNS related improvements to pfSense 1.3. [...]

  14. Yom Says:

    Hi,

    Thank you for your amazing work in this wonderfull product.

    Do you have any news about this :

    [...]Work in progress

    1. Better PPTP and FTP handling in NAT. The PPTP fixes will allow multiple outbound connections to the same external PPTP server using a single public IP. Details of that issue on the Features page on the website under PPTP/GRE NAT limitation.[...]

    Greetings

  15. Chris Buechler Says:

    Yom: no. We’ll have an update posted here when there is one.

  16. aparecido goes Says:

    I am happy with the news of pf sense, have used monowall, alias he serves me very well, but I am looking into the possibility spend using pf sense, I thank the good work of developers.

  17. Mike Says:

    Ermal has done some great things for us… per user bandwidth limiting, awesome work, and thanks!

  18. Darkk Says:

    I am looking forward to 1.3 with the ability of NATTING PPTP connections. I wanted to deploy 1.2 out in the field but found out about the current PPTP limitation for outbound connections to our single PPTP server won’t work in our environment. I could use site-to-site OpenVPN but most of our users are used to using PPTP connections so I want to keep things simple.

    Keep up the great work guys and it shows!!

    Darkk

  19. Jason Says:

    Man, every new report on 1.3 makes me feel like I need a cold shower. :)

    Seriously though, you guys rock and I can’t wait to take it for a spin.

    I keep meaning to see if I can get a test lab version set up locally and see if I can’t figure out some way to contribute. I just love this project.

  20. Martin Says:

    Is there any possibility that the dual PPPoE feature will be back-ported to 1.2.x? Would be super nice to have sometimes … :)

  21. Chris Buechler Says:

    Martin: the only way features get back ported is when someone pays to have it done in their own custom release, as there are no new features added to 1.2.x. If you would like to fund that development, email me. I’m not sure if anyone would be willing to do this one, because this change ties into very significant back end interface handling changes, so it may be a huge amount of work to back port.

  22. Triston Says:

    Just wanted to add some more praise to the PFSense team. We have PFSense/Soekris boxes in Africa and here in the UK with persistant oVPN tuns – and apart from a little hw flail they are rock solid. Gonna download the latest Alpha of 2.0 for our own office (multi PPPoE is the money-shot for us) and see how it goes. I wish I was a coder and could contrib – but I hope a donation now and brings enough karma. Cheers. Tris

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply