Making Bell FibreOP Work With a pfSense Router

Atlantic Canada is very fortunate to have access to Bell Aliant FibreOP Internet. It is a legitimate Fibre-to-the-Home (FTTH) service, in the same price range as cable and DSL offerings. Speeds start at 50/30 (download/upload in Mbps) for $70/month without any promotions.

FibreOP Plans

As great as the Internet itself is, the wireless router they include is the bottleneck. It is an Actiontec R1000H. Our biggest headaches with it were low WiFi throughput and frequent WiFi drop, but the interface was a little lacking in advanced features.

Actiontec

The logical solution is to use another router. Unfortunately, Bell has configured the service in a way that simply swapping in a new router will not work at all!

Through some research and my own trial and error, I was able to install pfSense to a spare computer, and take control of my Internet.

Disclaimer: Do not follow these steps if you have Bell’s IPTV service, as it will no longer work. There are other sites that describe how to keep those services working, but mine does not. As well, though there should be no impact, I advise against doing this if you have FiberOP Home Phone and rely on it for emergency communications.

This is not an easy task. It requires a very good understanding of computer networking, basic understanding of Linux networking terminology, and availability of network equipment (switches, wireless access points, cables, NICs). Chances are you found this page because you meet some of that description. Just know that if it isn’t working out, you can plug in the Actiontec and pretend it never happened.

First – LMGTFY

Step 1 is to always look online. It is very likely someone else has posted their experiences. Sure enough, I found some forum threads that helped point me in the right direction. In the end, the one that was the most help was post #73 in this one. However, if you don’t have a spare computer, here is a cheap but very effective alternative.

They key to getting it to work was to know that Bell sends all WAN traffic out of the fibre modem on a different VLAN. Specifically, VLAN 35. Knowing this, it becomes clear that no off-the-shelf consumer router is going to do the job out of the box.

You need a router that supports VLAN tagging, and the ability to treat a VLAN as the WAN connection.

I am a big fan of DD-WRT, and tried to accomplish the above using my DIR-615 with DD-WRT. Unfortunately, I could not get it to work with the options available in the web UI.

Upstairs AP

Instead of spending too much effort to get it to work on embedded hardware, I went the easy route: setup a pfSense Linux Router.

Creating a pfSense Router

pfSense is a distribution based on FreeBSD that allows you to easily create and manage a very powerful router, firewall, and other services device. It has an excellent UI with many, many features, and will let you dig into advanced features if you want to.

Here are the hardware requirements:

To this end, this is what I had:

  • HP Pavillion Desktop (2.4 GHz 64-bit AMD CPU, 2GB RAM, 250GB HDD)
  • Integrated Ethernet + PCI Ethernet Card
  • pfSense 2.0.3-RELEASE (amd64) ISO burnt to CD

pfSense Step 1: Install

Boot your computer from the pfSense ISO, and run through the installation process.

The simple install, with minimal questions, should be fine for most users, and saves a lot of questions you might not have answers for.

It may ask you which interface to assign as WAN, LAN, and Optional (you should skip this last one). Feel free to assign the roles to your 2 NICs as you see fit, but write it down!

This assumes both of your network cards are a minimum 100 Mbps. There is no point using slower 10 Mbit cards, as the Internet connection is 5 times that.

pfSense Step 2: Configure

Once pfSense boots up on its own, connect another computer to the port you designated as the LAN port, and in your web browser go to http://192.168.1.1. You are now connected to the management interface.

Navigate to the Interfaces -> WAN menu. In here, you will need to enter the WAN MAC address of your Actiontec router. Bell uses this to ensure that it is their router you are using. The MAC address is written on a sticker on your router, and can also be found on the router’s management page.

WAN

Be sure the enter the entire MAC address, and click save.

Now move to the Interfaces -> (assign) menu. Select the VLANs tab, and click the  icon to create a new VLAN. It should look something like this:

VLAN

We are creating a VLAN, tagged 35, which will allow us to communicate with the fibre modem provided by Bell. Again, click save, and head back to Interfaces -> (assign). Now, in the WAN drop-down menu, select VLAN 35 on ABx, which you just created. Click save again. You have just instructed pfSense to treat VLAN 35 as the WAN connection, or the source of Internet traffic.

Assign

This concludes the pfSense configuration. There are only a few small steps before inserting the pfSense router into your network for good.

Ending the Actiontec

One recommendation I read, before just unplugging the Actiontec, is to release the DHCP lease it has from the modem. To do this, from a computer connected to the Actiontec, visit http://192.168.2.1. Log in with your admin credentials, and Release the DHCP WAN lease. I don’t have a screenshot for this, but it shouldn’t be too difficult to find.

I didn’t do this, but I did encounter some issues at first getting my setup to work. Hopefully, this will make it go smoothly for you.

Once you Release the IP address, you can unplug the Actiontec.

Introducing the pfSense Router

Connect the cable entering the WAN port of the Actiontec to the network card you assigned as the WAN of the pfSense router. This is the cable coming from the Fibre modem installed by Bell.

Modem and UPS

With a computer still connected to the LAN port of the pfSense router, try to visit a webpage. Assuming everything is plugged in and powered on correctly, you should be presented the page you asked for.

At this point, you can add a switch for other computers, or a wireless access point. In my case, I have a switch connecting to three switches, where two are wireless.

Downstairs

 

Optionally, you may want a UPS for this, because even though the Bell modem will stay powered during a power outage, the pfSense computer will not.

Measured Improvement

After

 

My ping dropped significantly, and my throughput was exactly as advertised.

Using my DIR-615 routers with DD-WRT as access points, WiFi performance also jumped, with downloads up to 35 Mbps, vs. the 8 Mbps with the Actiontec.

Troubleshooting

Troubleshooting is a bit beyond the scope of this document, namely because there are so many things that could go wrong. The best troubleshooting is to make sure the steps are followed, that your set-up makes sense, and that if something seems wrong, investigate.

For me, I noticed that when the pfSense router in unplugged from the modem, or rebooted, I lose Internet. To fix it, I have to toggle the WAN assignment to another connection, then back to the VLAN. Not sure why, but with my UPS I hope it won’t be a task I do frequently.

Good Luck!

This project was 100% worthwhile. As I host a lot of services for myself over the network (HTTP, RDP, VoIP, FTP), it is important to be able to have full control over my NAT and Firewall settings. As well, being able to monitor throughput and advanced logs allows me to keep learning and improving my network.

If you are ready to ditch the Actiontec router, and are keen to see routers in a different way, this project will throw you in head first.

Tags: , , , , ,

Friday, August 23rd, 2013 computers, networking, software

18 Comments to Making Bell FibreOP Work With a pfSense Router

  • willtriv says:

    Hey, I really like this guide. I don’t think it includes the workings for the dual IP routing setup and the vlan for the TV portion though. I know some people have been able to get that working too. I’m going to throw pfsense on to my ONT and try and post it (I know it’s vlan 34 and I know that vlan 33 is used for some other control stuff but not “required” unless you need some remote management stuff.)

    • Dan says:

      I didn’t cover the TV portion of the set-up because, well, we don’t have that service! Some of the links I included have very good instructions for getting it to work, essentially just passing VLAN 34 straight to the ONT.

      pfSense is great, it has the right balance of usability and advanced features. I plan on improving my server by using a low-power Intel Atom machine, and Gigabit Ethernet.

  • Chris says:

    Hey thanks for the write up! I might be trying either pfsense or DDWRT via and old router thanks to your posts!

  • Chris says:

    I actually went with the PFSense box on an old P4 3ghz with 1gb ram and a spare nic running 100wan and 1000lan into a gigabit switch to feed the rest of my network.

    Works amazing! Thanks.

    • Dan says:

      Haha, awesome! pfSense is so powerful, it really gives you control over your network. Power consumption was my biggest concern, and is why I went with a small DD-WRT router. I was using an older AMD Athlon 64 machine, and performance was fine, but I had some issues with it. DHCP would seem to stop giving out IPs after a couple weeks, or WAN would drop out. I blame the NIC cards I used, just because of how old they are (old 3com 3c905 and integrated enforce Ethernet).

      Good luck with your setup, hopefully you are able to rack up some serious uptime with it!

  • Steve Moores says:

    Thanks. This helped me hook up a commercial grade cisco ASA5505 and it’s amazing.

  • Ippster says:

    Hello just though lt you would like to know that bell still requires the use of PPPOE to authenticate.

    • Dan says:

      Bell FibreOP (found primarily in Atlantic Canada) does not require PPPoE to authenticate. All authentication takes place at the ONT, outside of end-user control.

      According to your IP address/hostname, you have Bell DSL in Montréal, which would probably require you to authenticate via PPPoE.

  • Ben Hovinga says:

    I really want to do this. I followed all of your steps to the letter and I keep getting IP address 0.0.0.0 on the WAN.

    I did notice that the ONT was flashing red/yellow like it normaly does with the Actiontec router. I noticed that when I have any commercial router plugged in it always flashes green so I assume red/yellow is a good thing.

    I live in Halifax so I am not sure if there are different settings for different regions of the Atlantic Provinces. I also have the IPTV setup as well and don’t know if there are different settings for that.

    Can you give me a hand getting it to work. Hit me up with an email or comment so I can try to get it working.

    Thanks, Ben

    • Dan says:

      Hey Ben,

      My ONT did the same red/yellow flash with the Actiontec. With pfSense (and now DD-WRT), it only flashes green, just like you observed. My understanding is that FibreOP is configured the same across all Atlantic provinces.

      If you have IPTV, I’ve already offered a number of my own thoughts on making that work in comments throughout my site (see my FibreOP/DD-WRT article for some of those). I don’t have that service, and really can’t confirm how to do it. Designing a LAN in my head has limitations 😉 All IPTV does is add VLAN 34.

      For starters, make sure you’ve got your WAN and LAN interfaces straight, mixing those up will definitely cause a WAN IP of 0.0.0.0. Don’t forget to clone your MAC address properly on the WAN interface. Finally, I would do a power cycle of the equipment. Turn it all off, then power the ONT, and once it is booted, the pfSense box.

      Worst case, you could always try swapping WAN/LAN interface cards, to see if there is an issue with VLAN tagging. Some older cards don’t support it.

      Let me know how you make out!

      Dan

  • Richard says:

    pfSense seems to have a problem cloning the MAC for the WAN port when you assign a vlan to the WAN port. That’s why you are losing your internet on reboot. Solution is don’t clone the MAC, and everything will work after reboot. Tested on Bell Fibe.

  • Nice post. Thanks.

    “pfSense is a Linux distribution, based on FreeBSD”.

    No. pfSense is not a Linux distribution. pfSense is based on FreeBSD, which absolutely is not a Linux distribution.

  • Jeff says:

    So I followed this to a T and can’t get it to get a WAN address.

    About the only variable is that I’m running this on a VMware machine. It has 4 nics and I assigned one of them to a vSwitch dedicated to this.

    If anyone has a bit of time to help, let me know and we can chat in facebook or whatever. Thanks.

  • dan says:

    I fought with setting up pfsense for a while and couldn’t get an IP address from Bell. Finally stumbled on what was wrong. When you configure the WAN settings, pfsense console says to set the Speed/duplex settings to Automatic — don’t do this. Leave it at “default” and you will get an IP add. from Bell.

    I don’t know why, but my WAN NIC is 10/100/1000 and default chooses 100mbs duplex, while automatic chooses 1000 mbs duplex. The ONT must be forced to 100 duplex… this sucks because I was getting 129 mbs on speed test, now I’m down to 88.

    Also, you don’t need to spoof the MAC of the ActionTec anymore.

    • Dan says:

      When I originally set this up (3 years ago!) my NIC was only 100 mbps, so I did not encounter this issue. However, I am now using a Ubiquiti EdgeRouter which is gigabit, and I have full gigabit speeds from the ONT. No 100 meg slowdown. Perhaps it is specific to your NIC?

      As for MAC spoofing, you are correct. This no longer seems to be required.

  • Chris says:

    Hi everyone, I stumbled across this page a few years ago (Feb/2014).

    I’ve since upgraded hardware to an Intel ATOM 1.6 Dual Core Hyper Threaded Mini PC running PFsense on an old 80 gig hard drive with 2 gig ram.

    The setup is still exactly the same and aside from power outages this setup has NEVER failed me.

    I don’t run IPTV as I won’t pay for the service although it’s possible. I run my own media server out of my network, stress testing at full 100Mbps down and 50 Mbps at the same time on dual gigabit NIC’s, only using about 75% CPU.

    Thanks Dan for setting me on the right direction years ago, that old R1000H is still on a shelf collecting dust.
    You should have seen the Bell tech’s face when he had to come and change the backup battery and noticed the ONT wasn’t hooked up to the unplugged dusty Actiontec.
    I tried explaining it to him and she just giggled and said he wasn’t going to create waves if it worked fine. Haha

    • Dan says:

      Hey Chris, I certainly remember you. I’m very happy to hear that the R1000H is wasting away – shame they won’t waive the included rental fee if you give it back (we tried!)

      Over time my network has gone through a few evolutions – from pfSense, to DD-WRT, and finally I’m using the Ubiquiti EdgeMax router. It was high time I went gigabit! That thing has been a dream to use, and it’s only marginally more complex than pfSense to configure.

      Internet freedom has no price, and to everyone else who has been able to free themselves of a terrible router, well done!

  • Leave a Reply