FAQ
TL;DR: For Orange FTTH on pfSense, tag VLAN 35 and use a PPPoE client; one user saw ~500 Mb/s on a 1 Gb/s plan. "I had to enter 35 in Vfn and add port to PPPoE." [Elektroda, Mateusz57698, post #18904496]
Why it matters: This FAQ helps Orange FTTH users running pfSense fix PPPoE/VLAN issues and handle dynamic IP reachability without a FunBox.
Quick Facts
- Orange FTTH Internet works with PPPoE on VLAN ID 35 when using pfSense. [Elektroda, Mateusz57698, post #18904496]
- Orange separates Internet, VoIP, and IPTV on distinct VLANs; plan pfSense VLANs accordingly. [Elektroda, przeqpiciel, post #18904291]
- Configure a PPPoE client interface on pfSense WAN, not a PPPoE server. [Elektroda, przeqpiciel, post #18904071]
- Linux users can auto‑update DDNS with the No‑IP Dynamic Update Client. [Elektroda, przeqpiciel, post #18903993]
- DMZ forwards all ports to one host; fixed IP/DDNS won’t raise port‑forward limits. [Elektroda, xury, post #18904037]
How do I get a static IP with Orange if they don’t offer one?
You can’t turn dynamic IP into numeric static via DNS. Use DDNS for a hostname, or a workaround: rent a server, run a VPN there, connect your router to it, and forward traffic through that server’s IP. “The IP address is the IP address. DNS is DNS.” This keeps a stable endpoint without Orange selling static IP. [Elektroda, przeqpiciel, post #18903251]
Can DNS or DDNS give me a numeric IP that doesn’t change?
No. DNS maps names to IPs; it doesn’t create numeric-looking domains. “You won’t get a domain that looks like an IP.” DDNS services like No‑IP let you update a hostname to your changing IP and reach your network consistently by name instead of number. [Elektroda, przeqpiciel, post #18903251]
Does No‑IP have a Linux client to auto‑update my IP?
Yes. Install the No‑IP Dynamic Update Client for Linux to push your current WAN IP to their DNS automatically. The thread points to No‑IP’s official Linux DUC installation guide, which solves the “no Linux support” concern. [Elektroda, przeqpiciel, post #18903993]
How do I connect Orange fiber straight to pfSense without a FunBox?
Use the Orange ONT to pfSense and configure VLAN 35 plus PPPoE.
- Create VLAN 35 on the WAN NIC in pfSense.
- Add a PPPoE client on that VLAN interface.
- Assign it as WAN and connect via the ONT.
This combination brought the link up for the OP. [Elektroda, Mateusz57698, post #18904496]
What VLAN ID do I need for Orange Internet?
Use VLAN 35 on the WAN side. The OP reported success only after tagging 35 and adding PPPoE. “I had to enter 35 in Vfn and add port to PPPoE.” This matches common Orange FTTH setups when bypassing the FunBox. [Elektroda, Mateusz57698, post #18904496]
Why won’t my PPPoE connect on pfSense with Orange?
You likely missed VLAN tagging on the WAN. Orange carries Internet, VoIP, and IPTV on separate VLANs, so PPPoE won’t establish on an untagged interface. “the internet is on another vlan, that voip and iptv also have their vlans?” Add VLAN 35 for Internet, then retry. [Elektroda, przeqpiciel, post #18904291]
Should I run a PPPoE server on pfSense for Orange FTTH?
No. You must create a PPPoE client interface for the WAN. The server mode is not for ISP uplinks. “You don’t have to make a PPPoE server but create an interface which will be the PPPoE client.” Configure credentials on that client and assign it as WAN. [Elektroda, przeqpiciel, post #18904071]
Where do I enter my Neostrada login and password in pfSense?
Create a PPPoE connection in pfSense. Its configuration form includes fields for your Neostrada username and password. Save it, then assign that PPPoE interface as the WAN under Interfaces > Assignments to bring the link up. [Elektroda, przeqpiciel, post #18904058]
Can I keep the FunBox and still use pfSense behind it?
Yes. Put pfSense in the FunBox DMZ so all ports forward to pfSense. That avoids entering Neostrada credentials on pfSense. “DMZ is DMZ, so set DMZ on your pfSense and you don’t need to enter any logins and passwords from neostrada.” Note: This keeps the FunBox in path. [Elektroda, przeqpiciel, post #18904040]
Will a fixed IP or DDNS help me bypass FunBox port‑forward limits?
No. These do not change the router’s port‑forward rule limits. “DMZ is nothing more than redirecting all ports to one host in the subnet.” If you hit a redirect pool cap, replace the device or change the topology. [Elektroda, xury, post #18904037]
What speeds have users seen after setting pfSense with Orange 1 Gb/s?
One user reported about 500 Mb/s after enabling VLAN 35 and PPPoE. Treat this as a single data point. Throughput depends on configuration and hardware, but the setup confirmed functional connectivity. [Elektroda, Mateusz57698, post #18904496]
How are IPTV and VoIP carried on Orange FTTH, and does pfSense handle them?
Orange transports Internet, VoIP, and IPTV on different VLANs. pfSense can create multiple VLANs if you need TV or phone. Plan your switch ports and interfaces accordingly. “voip and iptv also have their vlans.” [Elektroda, przeqpiciel, post #18904291]
Where can I follow a pfSense VLAN configuration guide?
Use the official pfSense documentation referenced in the thread to configure VLANs in the web interface. It shows creating VLANs and assigning them to interfaces step‑by‑step, which matches the Orange setup needs. [Elektroda, przeqpiciel, post #18904339]
Can pfSense update DDNS records for me (e.g., No‑IP) without extra software?
Yes. pfSense includes a built‑in Dynamic DNS client that supports providers such as No‑IP. Configure it under Services > Dynamic DNS, add your provider, and save. pfSense will update your hostname automatically when your WAN IP changes. [Dynamic DNS — pfSense Docs]
