OPNsense router on a XS4ALL VDSL connection

With a Dutch XS4ALL VDSL connection you only get a basic VDSL modem with router which cannot be bridged. So using your own router and firewall is not possible. To make this possible we got a Draytek Vigor 130 and a OPNsense router which gives us a lot more capabilities and control for the small office environment it is installed at.

Thanks to two separate posts I found on this topic it was possible to do this. First the post by Harold Schoemaker who explains the configuration of the modem.

The modem just needs to talk to the DSLAM and allow the router to setup a PPPoE session. Login to the modem and configure the following under “Internet Access” and “General Setup”.

Next go to the MPoA settings and configure the following:

  • MPoA (RFC1483/2684): Enable
  • Bridge Mode: Enable Bridge Mode

Once saved the status of the modem should say ‘SHOWTIME” and show the correct speeds.

Now we can configure the OPNsense appliance.  With the help of a post by FirewallOnline.nl I got this to work.

First a vlan needs to be configured, for XS4ALL internet this is VLAN 6. In the menu go to “Interfaces”, “Other Types” and “VLAN”.

Create a new VLAN and make the parent interface your wan interface, re1 in my case. Add the VLAN tag 6, add a Description and save.

Next under “Interfaces” go to WAN and configure the following.

  • Description: WAN_INTERNET
  • IPv4 configuration type: PPPoE
  • IPv6 configuration type: none
  • Username (under PPPoE configuration): whatever@xs4all.nl (it does not matter what you fill out here, it cannot be emtpy though.)
  • Password: 1234
  • Block private networks en Block bogon networks need to be on.

Save the configuration and under “Lobby” go to the “Dashboard”, you should see your external ip address here at the WAN interface.