Running vyos as pppoe server getting issue of user disconnecting. With session command I can see all sesssions in finished state and mac addresses nothing there no ip interface name nothing.
set firewall global-options
set firewall ipv4 forward filter rule 50 action ‘drop’
set firewall ipv4 forward filter rule 50 description ‘Drop QUIC’
set firewall ipv4 forward filter rule 50 destination port ‘80,443’
set firewall ipv4 forward filter rule 50 protocol ‘udp’
set firewall ipv4 forward filter rule 100 action ‘accept’
set firewall ipv4 forward filter rule 100 destination port ‘80,443’
set firewall ipv4 forward filter rule 100 log
set firewall ipv4 forward filter rule 100 log-options level ‘debug’
set firewall ipv4 forward filter rule 100 protocol ‘tcp’
set firewall ipv4 forward filter rule 100 state ‘new’
set firewall ipv6 forward filter rule 50 action ‘drop’
set firewall ipv6 forward filter rule 50 description ‘Drop QUIC’
set firewall ipv6 forward filter rule 50 destination port ‘80,443’
set firewall ipv6 forward filter rule 50 protocol ‘udp’
set firewall ipv6 forward filter rule 100 action ‘accept’
set firewall ipv6 forward filter rule 100 destination port ‘80,443’
set firewall ipv6 forward filter rule 100 log
set firewall ipv6 forward filter rule 100 log-options level ‘debug’
set firewall ipv6 forward filter rule 100 protocol ‘tcp’
set firewall ipv6 forward filter rule 100 state ‘new’
set interfaces ethernet eth0 hw-id ‘xx:xx:xx:xx:xx:72’
set interfaces ethernet eth0 vif 321 description ‘Kamran-Distri’
set interfaces ethernet eth0 vif 362 description ‘Ijaz-Distri’
set interfaces ethernet eth0 vif 379 description ‘Rameez-Distri_379’
set interfaces ethernet eth0 vif 401 address ‘xxx.xxx.135.172/26’
set interfaces ethernet eth0 vif 401 address ‘xxxx:xxxx:0:1::2/64’
set interfaces ethernet eth0 vif 3901 description ‘DC-IPv6-1’
set interfaces ethernet eth1 hw-id ‘xx:xx:xx:xx:xx:74’
set interfaces ethernet eth2 hw-id ‘xx:xx:xx:xx:xx:76’
set interfaces ethernet eth3 hw-id ‘xx:xx:xx:xx:xx:78’
set interfaces loopback lo
set nat cgnat pool external ext1 external-port-range ‘1001-65535’
set nat cgnat pool external ext1 per-user-limit port ‘1000’
set nat cgnat pool external ext1 range xxx.xxx.209.48/29
set nat cgnat pool external ext1 range xxx.xxx.209.56/29
set nat cgnat pool internal ConPool range ‘xxx.xxx.0.0/22’
set nat cgnat rule 10 source pool ‘ConPool’
set nat cgnat rule 10 translation pool ‘ext1’
set nat64 source rule 100 source prefix ‘xxxx:xxxx::/96’
set nat64 source rule 100 translation pool 10 address ‘xxx.xxx.209.2’
set nat64 source rule 100 translation pool 10 port ‘1025-65535’
set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.135.177
set protocols static route6 ::/0 next-hop xxxx:xxxx:0:1::1
set service dns
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/8’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/16’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/8’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/12’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/16’
set service ntp allow-client xxxxxx ‘::1/128’
set service ntp allow-client xxxxxx ‘fe80::/10’
set service ntp allow-client xxxxxx ‘fc00::/7’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/0’
set service ntp allow-client xxxxxx ‘::/0’
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service pppoe-server authentication mode ‘radius’
set service pppoe-server authentication protocols ‘pap’
set service pppoe-server authentication protocols ‘chap’
set service pppoe-server authentication protocols ‘mschap’
set service pppoe-server authentication protocols ‘mschap-v2’
set service pppoe-server authentication radius accounting-interim-interval ‘180’
set service pppoe-server authentication radius dynamic-author key xxxxxx
set service pppoe-server authentication radius dynamic-author port ‘3799’
set service pppoe-server authentication radius dynamic-author server ‘xxx.xxx.135.172’
set service pppoe-server authentication radius nas-identifier ‘VyOS’
set service pppoe-server authentication radius nas-ip-address ‘xxx.xxx.135.172’
set service pppoe-server authentication radius rate-limit attribute ‘Mikrotik-Rate-Limit’
set service pppoe-server authentication radius rate-limit enable
set service pppoe-server authentication radius rate-limit vendor ‘Mikrotik’
set service pppoe-server authentication radius server xxxxx.tld disable
set service pppoe-server authentication radius server xxxxx.tld key xxxxxx
set service pppoe-server authentication radius server xxxxx.tld key xxxxxx
set service pppoe-server authentication radius source-address ‘xxx.xxx.135.172’
set service pppoe-server client-ip-pool Con-Pool range ‘xxx.xxx.0.0/22’
set service pppoe-server client-ip-pool expired-pool range ‘xxx.xxx.0.0/22’
set service pppoe-server client-ipv6-pool delegate-prefix delegate xxxx:xxxx:3::/56 delegation-prefix ‘64’
set service pppoe-server client-ipv6-pool delegate-prefix prefix xxxx:xxxx:2::/56 mask ‘64’
set service pppoe-server client-ipv6-pool expired-pool delegate 2400::/56 delegation-prefix ‘64’
set service pppoe-server client-ipv6-pool expired-pool prefix 2500::/56 mask ‘64’
set service pppoe-server default-ipv6-pool ‘Con-Pool’
set service pppoe-server default-pool ‘Con-Pool’
set service pppoe-server gateway-address ‘xxx.xxx.1.1’
set service pppoe-server interface eth0.362
set service pppoe-server interface eth0.379
set service pppoe-server interface eth0.3901
set service pppoe-server name-server ‘xxx.xxx.8.8’
set service pppoe-server ppp-options disable-ccp
set service pppoe-server ppp-options ipv4 ‘allow’
set service pppoe-server ppp-options ipv6 ‘allow’
set service router-advert interface eth0 default-lifetime ‘3600’
set service router-advert interface eth0 default-preference ‘high’
set service router-advert interface eth0 hop-limit ‘64’
set service router-advert interface eth0 interval max ‘30’
set service router-advert interface eth0 link-mtu ‘1450’
set service router-advert interface eth0 name-server ‘xxxx:xxxx:4860::6464’
set service router-advert interface eth0 prefix ::/64 preferred-lifetime ‘3600’
set service router-advert interface eth0 prefix ::/64 valid-lifetime ‘7200’
set service router-advert interface eth0 reachable-time ‘300’
set service router-advert interface eth0 retrans-timer ‘100’
set service snmp community corbis
set service ssh
set system config-management commit-revisions ‘100’
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed ‘115200’
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system logs logrotate messages max-size ‘1024’
set system logs logrotate messages rotate ‘5’
set system name-server ‘xxx.xxx.8.8’
set system option performance ‘latency’
set system syslog global facility all level ‘info’
set system syslog global facility local7 level ‘debug’
set system syslog host xxx.xxx.135.171 facility kern level ‘all’
set system syslog host xxx.xxx.135.171 port ‘514’
set system update-check url xxxxxx
I would suggest debugging this with tcpdump/wireshark to see what’s going on
I ran pppoe server on vlan which had l2 loop. this was causing problem. But there should be mechanism in vyos to prevent this issue like there is in mikrotik. Instead all services are affected because of one vlan
How does a Mikrotik prevent a L2 Ethernet loop?
Don’t know. But this vlan is working on mikrotik. But on vyos it disturbs users on other vlans. Disconnects all the users.
Could this be related to vlan_mon - if it can create new VLANs dynamically, it needs to listen for all traffic on the whole interface (and see lots of broadcasts if there is a loop, even so many it can’t keep up with them, Rx queues are filled and normal traffic dropped). Mikrotik doesn’t have vlan_mon, perhaps try to “rmmod vlan_mon” if you don’t need it (use just a few specified VLANs), and see if it helps.
