Sunday, December 07, 2025

OPNsense Setup for Bell FTTH using WAS-110 Bypass

    

I had a lot of trouble piecing together all the details of how to get OPNSense setup for Bell Fiber to bypass their horrible modem. I've put together this document with references on how to do this so that others who are stuck in the same position as me can have this step by step guide. Thanks to the community at 8311 for making this all possible. 

This guide outlines all the steps to configure OPNsense 25.7.9 to connect to Bell Fiber Internet using PPPoE over VLAN 35, including MTU/MSS tuning and WAS-110 passthrough. Bell fiber supports Jumbo frames so those MTU settings are included here.

  1. Setup VLAN for Internet Access
    1. Go to Interfaces → Devices → VLAN.
    2. Click Add:
      1. Device: vlan02
      2. Parent Interface: Your physical WAN NIC (e.g., ix1 or igc1).
      3. VLAN Tag: 35.
      4. Description: Bell_VLAN35.
    3. Save & Apply.
  2. Setup VLAN for WAS-110 Passthrough
    1. Go to Interfaces → Devices → VLAN
    2. Click Add:
      1. Device: vlan0.12
      2. Paren Interface:  Your physical LAN NIC (e.g., ix0 or igc0).
      3. VLAN Tag: 12
      4. Description: IOT VLAN
    3. Save & Apply.
  3. Create PPPoE Device
    1. Navigate to Interfaces → Devices → Point-to-Point.
    2. Click Add
      1.  Link Type: PPPoE.
      2.  Link Interface: VLAN02.
      3.  Username: Your Bell PPPoE username (e.g., b1xxxxxx).
      4.  Password: Your Bell PPPoE password.
      5. Service Name: Bell
      6. MTU: 1500
    3. Save.
  4. Prepare Physical WAN Interface
    1. Navigate to Interfaces → [WAN].
    2. Set:
      1. IPv4 Configuration Type: None
      2. IPv6 Configuration Type: None
      3. MTU: 1508
    3. Save & Apply.
  5. Assign PPPoE Interface as WAN
    1. Go to Interfaces → Assignments.
    2. For [WAN] select pppoe0 from the dropdown
    3. Save.
  6. Prepare Modem Access Interface
    1. Go to Interfaces → Assignments.
    2. Under assign a new interface
      1. Select Device: Your physical WAN NIC (e.g., ix1 or igc1)
      2. Description: ModemAccess
      3. Click Add
    3. Click on ModemAccess to edit it
      1. Check Prevent Interface Removal
      2. IPv4 Configuration Type: Static IPv4
      3. IPv4 Address 192.168.11.5
      4. IPv4 Gateway rules: Disabled
      5. Save
  7. Set up firewal for modem passthrough
    1. Go to Firewall → NAT → Outbound.
      1. Add rule
        1. Interface: ModemAccess
        2. TCP/IP Version IPv4
        3. Protocal: any
        4. Source address: Single host or Network 192.168.2.0/24 (or whatever your network is)
        5. source port: any
        6. Destination address: Single host or Network: 192.168.11.0/24
        7. Trasnslation/target: ModemAccess address
        8. Save
  8. Configure MSS Clamping
    1. Navigate to Firewall → Settings → Normalization.
    2. Add a new rule:
      1. Interface: WAN.
      2. Direction: out.
      3. Protocol: TCP.
      4. Max MSS: 1460
    3. Save & Apply.
  9. If you see an error on the dashboard about not having a Gateway set, do not set one. This should be automatically created by the PPPoE device. 
    1. Navigate to Interfaces → Overview to see what the state of the [WAN] PPPoE device is. Note that this won't work unless you've completed the next step.
  10. Setup WAS-110
    1. Navigate in browser to 192.168.11.1
    2. Follow the 8311 instructions for setting up the WAS-110 for Bell FTTH
    3. Make sure to restart the WAS-110 otherwise none of your settings will take affect. Rebooting the OPNSense machine will not achive this. 
Some addition notes:
  1. I don't remember the exact order of the above as this has been derived over many years and most recently modified due to switching ISPs. You might have to go back to VLAN setups and ensure the right parent devices are selected.
  1. Becuase we are dealing with FreeBSD and PPPoE, we are limited to single core performance. We need all the power we can get. 




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)