Saturday 15 May 2010

Traverse Viking PCI ADSL card + MONOWALL

I now have one of these cards in a Soekris net5501, in a nice case supplied by Wim at kd85.com ...
(click on image to enlarge):-

The PCI ADSL card presents a virtual Ethernet port, and you can use it as a router or an RFC1483 Bridge.
 
The Soekris board runs the Monowall firewall appliance distribution from Compact Flash.  So the whole thing uses very little power, has no moving parts, and avoids the need for a separate ADSL modem and power supply.

The first thing to know about using the Viking ADSL card with Monowall is that you need to use the GENERIC build of Monowall, not the EMBEDDED build.   This is because the EMBEDDED build is missing the device driver re(4) for the virtual NIC (RealTek 8139C+) which the Viking card presents to you.  This is OK, as the GENERIC build works happily on a CompactFlash card in the Soekris, and it still supports the Soekris serial console.

Configuring the Viking card was a bit of a challenge.  It has a serial console port on some jumpers, but I don't yet have all the bits to make up the right cable.  It offers TELNET and HTTP config options, but in Monowall under PPPoE you don't get IP access to the card (only PPPoE).

You can access the TELNET and HTTP management services from Monowall's LAN interface if you take the ADSL link offline.  Change the WAN port from PPPoE to a static IP (192.168.1.2 say).  This won't work unless you have either enabled NAT in Monowall (temporarily untick the box marked 'Advanced Outbound NAT'), or you have previously configured a default gateway on the ADSL card (e.g. 192.168.1.2).  Otherwise, the ADSL card won't know how to route management traffic back to you.

For initial config of the ADSL card, the easiest thing is to make sure your Monowall has NAT enabled ( 'Advanced Outbound NAT' unticked), and then set up a the 'vr0' port as 192.168.1.2/24.  Then we can access the device via TELNET or HTTP, even though the device doesn't have a default gateway for us.

For use as a PPPoE device in Monowall, the following commands enable the device to work on a standard BT 20CN ADSL line in the UK, setting the device up as a bridge instead of a router.  (These commands assume that you're starting from the default factory configuration, which can be restored by using a jumper as described in the documentation.)

telnet 192.168.1.1

Escape character is '^]'.

                ,vvvdP9P???^   ,,,
              vvd###P^`^         vvvvv v
         vv#####?^                  ????####vv,
      vv####??     ,vvvdP???^  ,,,        ??##^
     v#####?    ,vvd##P?^        #?#v#vvv
   v#####?    v###P^    ,vvv,        '?#?,
  ######?   ####?^ ,vd#P?^     `???##
  #####?   v####  ,d##P^           ''
 ######   v####  ]###L                   _   _          _                  ___
 #####?   v####  ]##L                   /   / \  |\ |  |_  \/   /\   |\ |   |
 ######    ####  ]###L                  \_  \_/  | \|  |_  /\  /--\  | \|   |
 ?#####v   ####v  ]##h,            ,,
  ?#####    ?###h,  `9#hv,     ,vv###
    ######    #####L    ]###L        ,v#v'
    ?#####vv    ?9##hv,        ,,vvvv###'
       ?#####vv     `??9P\vv,   ^         vv##,
          ######                       #######L
            ??###hvv,          ,vvv#?##?????
                `????9hdhvv,

Login: admin
Password: *****

Login successful 


--> ip delete interface ipwan 
--> bridge add interface br0 
--> bridge attach br0 ethernet 
--> rfc1483 add transport tr1 a1 0 38 llc bridged 
--> bridge add interface br1 
--> bridge attach br1 tr1 
--> system config save

In Monowall, under "Interfaces", we just set the WAN interface to be 're0' (a RealTek RTL8139C), and set the Interface Type to be PPPoE.   Then just enter your ADSL login name and password into Monowall under "Interfaces: WAN", "PPPoE configuration".

Hope this helps someone ;-)

13 comments:

  1. UPDATE. With Monowall 1.32, and UK ISP Andrews and Arnold http://www.aaisp.net, native IPV6 over ADSL just works :-)

    ReplyDelete
  2. UPDATE 2. If you're using IPV6 with Monowall, steer clear of the traffic shaper! It seems to screw up IPV6 routing in Monowall 1.32.

    ReplyDelete
  3. Hey Martin thanks for posting this. It did help someone :)

    ReplyDelete
  4. Maybe I'm stupud, but HOW do you get a CLI on monowall?
    I only get the text menue

    ReplyDelete
  5. Monowall doesn't offer a TELNET or SSH service. It does offer a basic menu over the serial port, but that's just for initial setup of network ports, LAN IP address, and password. Otherwise, your best bet is to use the HTTP GUI and invoke /exec.php for shell access.

    pfSense does offer SSH on port 22 if I recall correctly.

    The notes in the original post refer to Telnetting into an ADSL modem bridge card, not into the Monowall software.

    Hope this helps ;-)

    ReplyDelete
  6. Yes, thats what I ment. How do I get a console to telnet to the internal modem on the card?
    At the moment I have to boot into rescueCD (via USB stick) to configure the card via telnet and then to reboot again into m0n0wall (via CFcard) to see, if the new setting works.
    Just a pita long way. And for now I didn't get a ADSL connect.
    Do you know, if the card is UR2 compatible?

    ReplyDelete
  7. Monowall can provide IP routing to the card's management IP, as detailed in my original post. Save your old Monowall config, then make the temporary changes described to provide temporary routing to 192.168.1.1, and use a normal TELNET client on your PC to connect to the ADSL card on 192.168.1.1. The only annoyance is that there's no way of accessing the ADSL card's TELNET service when the system is running normally.

    ReplyDelete
  8. Oh, sorry was blinded somehow, because I used the telnet only "inside" from the running live distro to the modem. Thanks for the patience.

    ReplyDelete
  9. Can we use this PCI modem with monowall for the same purpose?
    http://www.ebay.co.uk/itm/280858584582?ssPageName=STRK:MEWAX:IT&_trksid=p3984.m1423.l2649#ht_500wt_1202

    ReplyDelete
  10. Not unless it has a FreeBSD device driver, and that device driver is included in the Monowall builds.

    The special thing about the Traverse one-port ADSL modem is that it presents a common Ethernet chipset to the host computer, and can be configured to run PPP over Ethernet (PPPoE). So nothing special is required in Monowall to support the Traverse device.

    If you have documentation for the EBay device, maybe you can figure out whether it offers the same kind of interface as the Traverse card. Otherwise it's a gamble.

    ReplyDelete
  11. Hi Martin, do you know if I can use this card with pfsense?

    ReplyDelete
  12. Yes, I believe it does. Monowall and pfSense are very closely related, so I'd expect it to "just work". The card doesn't need a special driver, as it pretends to be a commonly-found Ethernet chip as far as your host operating system is concerned.

    ReplyDelete
  13. I can confirm that pfSense 2.0.2 works with this card, on a Soekris net5501 box (embedded CF card image). It comes up as device re0.

    ReplyDelete

Spammers: please stop wasting my time. All comments are moderated before publication.