- J-Net
- :
- Forums
- :
- SRX Services Gateway
- :
- Re: Issue with PPPoE VDSL - Won't come up after d...
- Application Acceleration 
- BLOG: Community Talk 
- BLOG: Information Experience (iX) 
- Community Feedback 
- Contrail Platform Developers 
- Ethernet Switching 
- Identity & Policy Control - SBR Carrier & SRC 
- Intrusion Prevention 
- Junos 
- Junos Automation (Scripting) 
- Junos Space Developer 
- Junosphere 
- Management 
- Routing 
- ScreenOS Firewalls (NOT SRX) 
- SRX Services Gateway 
- Training, Certification, and Career Topics 
- vMX 
- vSRX 
- Wireless LAN 
- Juniper Open Learning 
- Day One Books Archive 
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Issue with PPPoE VDSL - Won't come up after disconnect
[ Edited ]Hi!
I recently changed my ISP connection from dynamic to static IP.
PPPoE session comes up so far, but after 24h the ISP disconnects the session.
Then, it looks like the pppoe session is coming up (pppoe_log: Discovery Input: PADS packet), but I have no acces to the internet.
I have to reboot the srx in order to get access to the internet again.
I searched around a bit and found this kb:
[SRX] VDSL link does not come up with some ISPs
I instantly thought - That's it!
But the command mentioned in this article is not available on my srx100h2. Why's that?
Here's how the components are interconnected:
LAN -> srx100h2 -> vdsl-modem -> internet
Here's my config:
set version 12.1X44.3 set system host-name texxol set system time-zone Europe/Berlin set system root-authentication encrypted-password "$1$gpJobfvz$By1FacdBcNHgpTPAXfwfF." set system name-server 208.67.222.222 set system name-server 208.67.220.220 set system name-resolution no-resolve-on-input set system services ssh set system services telnet set system services web-management http set system services web-management https system-generated-certificate set system services web-management session idle-timeout 60 set system services dhcp pool 172.18.19.0/24 address-range low 172.18.19.200 set system services dhcp pool 172.18.19.0/24 address-range high 172.18.19.254 set system services dhcp pool 172.18.19.0/24 router 172.18.19.100 set system services dhcp propagate-settings fe-0/0/0 set system services dhcp propagate-ppp-settings pp0.0 set system syslog archive size 1000k set system syslog archive files 5 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system syslog file kmd-logs daemon info set system syslog file kmd-logs match KMD set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system ntp server de.pool.ntp.org set system ntp server 144.76.117.245 version 4 set system ntp server 144.76.117.245 prefer set interfaces interface-range interfaces-trust member fe-0/0/2 set interfaces interface-range interfaces-trust member fe-0/0/3 set interfaces interface-range interfaces-trust member fe-0/0/4 set interfaces interface-range interfaces-trust member fe-0/0/5 set interfaces interface-range interfaces-trust member fe-0/0/6 set interfaces interface-range interfaces-trust member fe-0/0/7 set interfaces interface-range interfaces-trust unit 0 family ethernet-switching vlan members vlan-trust set interfaces fe-0/0/0 vlan-tagging set interfaces fe-0/0/0 unit 0 encapsulation ppp-over-ether set interfaces fe-0/0/0 unit 0 vlan-id 7 set interfaces pp0 unit 0 apply-macro VDSL_01 set interfaces pp0 unit 0 ppp-options chap default-chap-secret "$9$HD/D-Bbd2HSjws5Qn6AtxN-woJ" set interfaces pp0 unit 0 ppp-options chap local-name "feste-ip11/9H3HHHH5HHH@t-online-com.de" set interfaces pp0 unit 0 ppp-options chap no-rfc2486 set interfaces pp0 unit 0 ppp-options chap passive set interfaces pp0 unit 0 ppp-options pap local-name "feste-ip11/9H3HHHH5HHH@t-online-com.de" set interfaces pp0 unit 0 ppp-options pap no-rfc2486 set interfaces pp0 unit 0 ppp-options pap local-password "$9$dhJH369uBIn6evJJ-hsTQnts" set interfaces pp0 unit 0 ppp-options pap passive set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/0.0 set interfaces pp0 unit 0 pppoe-options auto-reconnect 10 set interfaces pp0 unit 0 family inet negotiate-address set interfaces st0 unit 0 family inet set interfaces st0 unit 0 family inet6 set interfaces vlan unit 0 family inet address 172.18.19.100/24 set snmp community public authorization read-only set routing-options static route 192.168.8.0/24 next-hop st0.0 set routing-options static route 192.168.49.0/24 next-hop st0.0 set routing-options static route 192.168.254.0/24 next-hop st0.0 set routing-options static route 0.0.0.0/0 next-hop pp0.0 set routing-options static route 0.0.0.0/0 qualified-next-hop pp0.0 metric 1 set protocols pppoe traceoptions file pppoe_log set protocols pppoe traceoptions level all set protocols pppoe traceoptions flag all set protocols stp disable set security log mode event set security ike proposal pre-g5-aes256-sha authentication-method pre-shared-keys set security ike proposal pre-g5-aes256-sha dh-group group5 set security ike proposal pre-g5-aes256-sha authentication-algorithm sha1 set security ike proposal pre-g5-aes256-sha encryption-algorithm aes-256-cbc set security ike proposal pre-g5-aes256-sha lifetime-seconds 28800 set security ike policy pre-g5-aes256-sha-St1 mode aggressive set security ike policy pre-g5-aes256-sha-St1 proposals pre-g5-aes256-sha set security ike policy pre-g5-aes256-sha-St1 pre-shared-key ascii-text "secret" set security ike gateway vpn_transfair_p1 ike-policy pre-g5-aes256-sha-St1 set security ike gateway vpn_transfair_p1 address xx.xxx.xxx.xx set security ike gateway vpn_transfair_p1 local-identity user-at-hostname "test@hds.de" set security ike gateway vpn_transfair_p1 external-interface pp0.0 set security ike gateway vpn_transfair_p1 version v1-only set security ipsec proposal esp-aes256-sha protocol esp set security ipsec proposal esp-aes256-sha authentication-algorithm hmac-sha1-96 set security ipsec proposal esp-aes256-sha encryption-algorithm aes-256-cbc set security ipsec proposal esp-aes256-sha lifetime-seconds 3600 set security ipsec policy g5-esp-aes256-sha perfect-forward-secrecy keys group5 set security ipsec policy g5-esp-aes256-sha proposals esp-aes256-sha set security ipsec vpn vpn_transfair_p2 bind-interface st0.0 set security ipsec vpn vpn_transfair_p2 vpn-monitor optimized set security ipsec vpn vpn_transfair_p2 vpn-monitor source-interface fe-0/0/1.0 set security ipsec vpn vpn_transfair_p2 vpn-monitor destination-ip 192.168.49.1 set security ipsec vpn vpn_transfair_p2 ike gateway vpn_transfair_p1 set security ipsec vpn vpn_transfair_p2 ike proxy-identity local 172.18.19.0/24 set security ipsec vpn vpn_transfair_p2 ike proxy-identity remote 192.168.49.0/24 set security ipsec vpn vpn_transfair_p2 ike proxy-identity service any set security ipsec vpn vpn_transfair_p2 ike ipsec-policy g5-esp-aes256-sha set security ipsec vpn vpn_transfair_p2 establish-tunnels immediately set security flow tcp-mss ipsec-vpn mss 1350 set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security nat source rule-set nsw_srcnat from zone trust set security nat source rule-set nsw_srcnat to zone Internet set security nat source rule-set nsw_srcnat rule no_nat match source-address 172.18.19.0/24 set security nat source rule-set nsw_srcnat rule no_nat match destination-address 192.168.49.0/24 set security nat source rule-set nsw_srcnat rule no_nat match destination-address 192.168.8.0/24 set security nat source rule-set nsw_srcnat rule no_nat match destination-address 192.168.254.0/24 set security nat source rule-set nsw_srcnat rule no_nat then source-nat off set security nat source rule-set nsw_srcnat rule nsw-src-interface match source-address 172.18.19.0/24 set security nat source rule-set nsw_srcnat rule nsw-src-interface match destination-address 0.0.0.0/0 set security nat source rule-set nsw_srcnat rule nsw-src-interface then source-nat interface set security policies from-zone trust to-zone Internet policy All_trust_Internet match source-address netz_texxol set security policies from-zone trust to-zone Internet policy All_trust_Internet match destination-address any set security policies from-zone trust to-zone Internet policy All_trust_Internet match application any set security policies from-zone trust to-zone Internet policy All_trust_Internet then permit set security policies from-zone trust to-zone Internet policy All_trust_Internet then log session-init set security policies from-zone trust to-zone Internet policy All_trust_Internet then log session-close set security policies from-zone trust to-zone vpn policy to_transfair match source-address netz_texxol set security policies from-zone trust to-zone vpn policy to_transfair match destination-address netz_transfair set security policies from-zone trust to-zone vpn policy to_transfair match destination-address netz_texxol_dz set security policies from-zone trust to-zone vpn policy to_transfair match destination-address netz_citrix set security policies from-zone trust to-zone vpn policy to_transfair match application any set security policies from-zone trust to-zone vpn policy to_transfair then permit set security policies from-zone trust to-zone vpn policy to_transfair then log session-init set security policies from-zone trust to-zone vpn policy to_transfair then log session-close set security policies from-zone vpn to-zone trust policy from_transfair match source-address netz_transfair set security policies from-zone vpn to-zone trust policy from_transfair match source-address netz_texxol_dz set security policies from-zone vpn to-zone trust policy from_transfair match source-address netz_citrix set security policies from-zone vpn to-zone trust policy from_transfair match destination-address netz_texxol set security policies from-zone vpn to-zone trust policy from_transfair match application any set security policies from-zone vpn to-zone trust policy from_transfair then permit set security policies from-zone vpn to-zone trust policy from_transfair then log session-init set security policies from-zone vpn to-zone trust policy from_transfair then log session-close set security policies from-zone junos-host to-zone vpn policy from_cli_to_transfair match source-address any set security policies from-zone junos-host to-zone vpn policy from_cli_to_transfair match destination-address netz_transfair set security policies from-zone junos-host to-zone vpn policy from_cli_to_transfair match application junos-icmp-all set security policies from-zone junos-host to-zone vpn policy from_cli_to_transfair then permit set security policies from-zone junos-host to-zone vpn policy from_cli_to_transfair then log session-init set security policies from-zone junos-host to-zone vpn policy from_cli_to_transfair then log session-close set security zones security-zone trust address-book address netz_texxol 172.18.19.0/24 set security zones security-zone trust host-inbound-traffic system-services ping set security zones security-zone trust host-inbound-traffic protocols all set security zones security-zone trust interfaces vlan.0 host-inbound-traffic system-services all set security zones security-zone trust interfaces vlan.0 host-inbound-traffic system-services http set security zones security-zone trust interfaces vlan.0 host-inbound-traffic system-services https set security zones security-zone trust interfaces vlan.0 host-inbound-traffic system-services ssh set security zones security-zone trust interfaces vlan.0 host-inbound-traffic system-services telnet set security zones security-zone Internet address-book address netz_transfair 192.168.8.0/24 set security zones security-zone Internet host-inbound-traffic system-services ike set security zones security-zone Internet interfaces pp0.0 set security zones security-zone vpn address-book address netz_transfair 192.168.8.0/24 set security zones security-zone vpn address-book address netz_texxol_dz 192.168.49.0/24 set security zones security-zone vpn address-book address netz_citrix 192.168.254.0/24 set security zones security-zone vpn host-inbound-traffic system-services ike set security zones security-zone vpn host-inbound-traffic system-services ping set security zones security-zone vpn host-inbound-traffic system-services http set security zones security-zone vpn host-inbound-traffic system-services https set security zones security-zone vpn host-inbound-traffic system-services snmp set security zones security-zone vpn host-inbound-traffic system-services snmp-trap set security zones security-zone vpn interfaces st0.0 set vlans vlan-trust vlan-id 3 set vlans vlan-trust l3-interface vlan.0
Thanks in advance.
Andy
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Issue with PPPoE VDSL - Won't come up after disconnect
Hi!
since I don't know how to deal with this, is there a way to reboot this device every evening?
Now I'm doing it manually via console (request system reboot at ...)
Thanks in advance
Andy
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Issue with PPPoE VDSL - Won't come up after disconnect
-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Issue with PPPoE VDSL - Won't come up after disconnect
Hi Marc.
I just tried this - same error.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Issue with PPPoE VDSL - Won't come up after disconnect
-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Issue with PPPoE VDSL - Won't come up after disconnect
Hi Marc.
My ISP is doing CHAP authentication. I set up a cron job to restart the srx every night.
The problem is that this costumer is about 134km away from my office... And since there is no way to help via teamviewer I stick with this workaround.
Thanks anyways for your help!
Cheers
Andy
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Issue with PPPoE VDSL - Won't come up after disconnect
Hi,
what you need to do is to change the auto-reconnect setting to at least 30 seconds 120 would be even better. T-online disconnects the sessions every night.
pp0 unit 0 { ppp-options chap { default-chap-secret password; local-name "user/user@t-online-com.de"; passive; } pppoe-options { underlying-interface <interface>; auto-reconnect 120; client; } family inet { mtu 1492; negotiate-address; } } }
-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------