# PPPoE under 7.3:  can connect and ping closest-peer & namesvrs, but that's all



## Anonymous (Jul 5, 2010)

I just did a fresh install of fBSD 7.3 on an old (but new to me) Dell PE1500SC server, and am trying to get PPPoE to work so I can get out on the net and complete the build-up.

But I can't get further than Verizon.  I can login, and successfully ping the upstream peer and the two nameservers, but nothing else.  Anything else I try to ping (e.g. http://www.google.com, ftp5.freebsd.org) the first nameserver acts as though I tried to ping it instead.

Any ideas?  I'm baffled.  Could I possibly have screwed up some bit of configuration to cause this?  It seems like it ought to be a Verizon problem, since I can connect, but maybe not.

Probably needless to say, but Verizon's alleged "tech support" was not helpful.

I continue to be able to connect via windows on my dev machine without any problems.


----------



## DutchDaemon (Jul 5, 2010)

What do you have in /etc/resolv.conf? And does [cmd=]dig http://www.google.com[/cmd] and [cmd=]dig ftp5.freebsd.org[/cmd] give you the correct IP adresses (and can you ping those by IP)?


----------



## Anonymous (Jul 5, 2010)

Oh, I should have mentioned that even trying to ping by IP address doesn't work; it's not that the nameserver isn't working.  

(Is there no editing feature here, or did I just time out?)


----------



## Anonymous (Jul 5, 2010)

DutchDaemon said:
			
		

> What do you have in /etc/resolv.conf? And does [cmd=]dig http://www.google.com[/cmd] and [cmd=]dig ftp5.freebsd.org[/cmd] give you the correct IP adresses (and can you ping those by IP)?



Thanks for responding!

I've the 2 nameservers' IPs in /etc/resolv.conf.  

In both cases, in the "answer" section, dig gives me the nameserver address rather than resolving the symbolic name (I've never used dig before, so I don't know what it's meant to do).  

And as I (belatedly!) mentioned, even by IP I can't ping anything but the nameservers and the upstream peer.


----------



## DutchDaemon (Jul 5, 2010)

You mean you don't get this?


```
$ [B]dig ftp5.freebsd.org[/B]

; <<>> DiG 9.6.2-P2 <<>> ftp5.freebsd.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51592
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 4

;; QUESTION SECTION:
;ftp5.freebsd.org.		IN	A

;; ANSWER SECTION:
ftp5.freebsd.org.	3600	IN	CNAME	xyz.csail.mit.edu.
xyz.csail.mit.edu.	1800	IN	A	[B]128.31.0.28[/B]
[..snip..]
```


----------



## Anonymous (Jul 5, 2010)

DutchDaemon said:
			
		

> You mean you don't get this?
> 
> 
> ```
> ...



I get the same question section as in your example, but

```
ANSWER SECTION
ftp5.freebsd.org       86400   IN   A   206.46.230.148
```
only that one line in ANSWER


----------



## DutchDaemon (Jul 5, 2010)

Can you try [cmd=]dig @8.8.8.8 A ftp5.freebsd.org[/cmd]?


----------



## Anonymous (Jul 5, 2010)

DutchDaemon said:
			
		

> Can you try [cmd=]dig @8.8.8.8 A ftp5.freebsd.org[/cmd]?



It timed out, claiming to find 1 server but not specifying what it was.

On the off chance, I called traceroute ftp5.freebsd.org, and it reported 4 hops (all Verizon, I suppose (130.8.*)) before timing out.


----------



## Anonymous (Jul 5, 2010)

Interestingly, traceroute to the first nameserver also stalls out, but after about 9 hops.


----------



## Anonymous (Jul 5, 2010)

I think I'm going to have to re-install and see whether that helps.  Ugh.  I can't begin to imagine what's going on.


----------



## Anonymous (Jul 5, 2010)

I've reinstalled, kept it as vanilla as I could, and still have the same problem.  

I'm totally baffled.  Could 7.3 itself be broken?


----------



## wblock@ (Jul 5, 2010)

Auld_Besom said:
			
		

> I've reinstalled, kept it as vanilla as I could, and still have the same problem.
> 
> I'm totally baffled.  Could 7.3 itself be broken?



Very unlikely, but possible.  Are you following the PPPoE section of the Handbook?

Have you compared the Windows settings?

9 hops to a DNS server sounds way too far.  Are the IP addresses from PPP (with "enable dns") or manual?

(I've met with a DHCP server that handed out the wrong nameservers to FreeBSD PPP, yet the right ones to Windows.)


----------



## Anonymous (Jul 6, 2010)

wblock said:
			
		

> Very unlikely, but possible.  Are you following the PPPoE section of the Handbook?



Yes, supplemented (when it didn't work) by Waldura's article



> Have you compared the Windows settings?
> 
> 9 hops to a DNS server sounds way too far.  Are the IP addresses from PPP (with "enable dns") or manual?
> 
> (I've met with a DHCP server that handed out the wrong nameservers to FreeBSD PPP, yet the right ones to Windows.)



Good catch, thanks!  It turns out that neither address from "enable dns" whois'd as a nameserver.  When I whois'd (via http://www.who.is) Verizon, the subnet of the first alleged server has the help and mailservers on it down in Carrollton Texas, but is not itself listed.  So I've no idea what its role in life might be, but probably it's not a nameserver.  After that, I tracerouted the listed nameservers and shoved the two closest (3 hops) into /etc/resolv.conf.

Saddeningly, it didn't solve the problem, but I'm that much further along at least.


----------



## Anonymous (Jul 6, 2010)

One more step, but I don't know what it means.

I thought that I might be using an old pw, and that Verizon might be so buggered that it was letting me partway in.  

So I changed the current pw to the old one.  This broke my windows connection, so I had indeed changed the pw some time in the past and didn't remember it.  Once I updated the windows dialer with the new (old) pw, my windows connection instantly worked again (as you see).

But --and here's the interesting part-- my semi-non-connection to Verizon doesn't work any better or worse now than it did yesterday, when the pw I was using was incorrect!  

So yesterday, with the wrong pw, I could get ppp to claim that I was connected and authenticated, but I couldn't get further than the upstream peer (the router) or ping anything but it and the nameservers.  Evidently my suspicion was correct: Verizon _was_ letting me partway in based on Not Much.

So why did ppp tell me I was authenticated?  And why isn't it doing any better for me now, when I really _am_ passing all the correct get-ins?

Thoughts?


----------



## Anonymous (Jul 18, 2010)

*Problem solved - from my end*

It turns out that Verizon will cheerfully lie to ppp and claim that all is well when it's anything but.  I had a typo in my accountname that I wasn't seeing.  But the Verizon router didn't care, except insofar as it gave me garbage for nameserver addresses and wouldn't let me do anything, while pretending that everything was jus' fine, no problems, nope none at all, yes of course you're authenticated and logged in you really are, honest.  Only I wasn't.


----------

