Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
service2
New Contributor

PPPOE as second WAN-interface (SD-WAN) down (after upgrade 6.4.9 to 6.4.10)

Hi,

We've upgraded last evening our HA (active/passive) FortiGates from 6.4.9. to Fortios 6.4.10.
However after the upgrade we received the following system-eventlogs of (which goes on for every minute (is still going))

2 minutes ago
PPP daemon exited
pppd is exiting
3 minutes ago
PPP daemon started
pppd is started
3 minutes ago
PPP daemon exited
pppd is exiting
4 minutes ago
PPP daemon started
pppd is started

So ofcourse we've checked our WAN2 which is our PPPOE connection. However we found out the physical connection towards the ISP is ok, but we couldn't authenticate (in the previous version of fortios 6.4.9. we could authenticate on the PPPOE connection). in order to be sure i've deleted the WAN2 connection, Disabled the WAN2 connection, re-enterd the credientials and tried to set up the PPPOE connection again. unfortunately it didn't work...

 

Our current settup is HA Fortigate (active/passive). i've also tested the firewall directly in the modem. but it failed aswell.. 

 

I've tested the PPPOE connection with my laptop directly and it works, there for i know the PPPOE and credentials are correct. 

i've done the following debug (the output goes on and on and on):

 

diag debug application pppoed -1
dia debug application pppoe -1
Diag debug enable

 

------------output---------------

pppoed_main()-781: Start PPPoE interface wan2
pppoed_main()-784: PID of wan2 is 17384
parameters passed to pppd:
pppd 0 pppoed wan2 nopersist noipdefault noauth defaultroute default-asyncmap hide-password nodetach mtu 1492 mru 1492 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp user xxxxxxxxx lcp-echo-interval 5 lcp-echo-failure 3 sync plugin /bin/pppoe.so pppoe_retry_time 1 pppoe_padt_time 1 pppoe_srv_name pppoe_ac_name pppoe_hostuniq xxxxxx pppoe_sock2parent 12 wan2 ipunnumbered 0.0.0.0 idle 0 unnumbered-negotiate enable
child_exit()-640: A child process exits
pppoed_main()-850: PID 17384 exit
pppoed_main()-856: Interface wan2 exit
pppoed_main()-781: Start PPPoE interface wan2
pppoed_main()-784: PID of wan2 is 17408
parameters passed to pppd:
pppd 0 pppoed wan2 nopersist noipdefault noauth defaultroute default-asyncmap hide-password nodetach mtu 1492 mru 1492 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp user xxxxxxxxx lcp-echo-interval 5 lcp-echo-failure 3 sync plugin /bin/pppoe.so pppoe_retry_time 1 pppoe_padt_time 1 pppoe_srv_name pppoe_ac_name pppoe_hostuniq xxxxxx pppoe_sock2parent 12 wan2 ipunnumbered 0.0.0.0 idle 0 unnumbered-negotiate enable

 

ive changed user and hostuniq to xxxxxxxxx 

 

afterwards i tried again with the adjustment of lowering the MTU of WAN2 to 1492. however it gave me the same output in the debug....

 

can someone please help us? 

 

5 REPLIES 5
jintrah_FTNT
Staff
Staff

Hi,

It appears there is no response to the requests from wan2 and process terminates and reinitiates. Did you try setting the pppoe on another (free)interface, if any?

 

Best regards,

Jin

service2

Ok i've tried this and it works, but i can't make any changes on the interface anymore. if i do make a change on the interface, it kills the PPPOE connection and i the button "retry" gives me the same debug output. 

 

So for now it works (i do have to change my policies etc.). but hopefully you guys encounter the same bug in order to resolve it.  

jintrah_FTNT

Hi,

 

Thanks to confirm it works on other interface. So this may mean that upstream device maybe devicing some mac address filtering now(you can check with your isp), and therefore pppoe requests from wan2 are not responded. To check this, you can change the mac address of wan2 interface by modifying the ha group-id as device is in cluster.

 

config system ha

set group-id 68

end

 

Best regards,

Jin

service2

this could be, but i don't feel like troubleshooting anymore since it's already afternoon and it works. thank you for your latest advice i will keep this in mind (and notes) if i encounter the same issues again. 

 

Thank you for your help. 

jintrah_FTNT

most welcome!

 

best regards,

Jin