Configuring pfSense for Google Fiber
UPDATE (September 08, 2018): According to a post by an anonymous writer in the Google Fiber sub-reddit, VLAN and QoS will no longer needed to be configured for Internet-only customers beginning sometime in October 2018. This should mean any router can be plugged in and it should work (though I assume you’ll still need some sort of PoE for the Fiber Jack). Anyway, the instructions in my original post below should still work for now, but if this information is correct it could mean none of this is necessary starting in the near future.
As I mentioned in a previous post, I’m fortunate enough to have Google Fiber service at home. We’ve had the service for a little over a year now and I’ve found it to be fast and reliable. However, I have also found the Google Fiber Network Box to be… lacking. My first dislike for the Network Box came immediately upon realizing that it’s configured via the cloud. In practice this often means waiting for settings you’ve changed to be picked up by the Network Box. My second issue with the Network Box is a general lack of features for those of us who desire a little more control over our home networks. Having been spoiled by pfSense in the past, I found that I couldn’t expect much beyond basic DHCP reservations. After some use a third issue arose when I realized that large numbers of connections seemed to make the Network Box unstable.
None of those things mattered much, however, because Google says you’re stuck with the Network Box. There’s no bridge mode and other home routers won’t work if you attempt to use them.
Thankfully Fiber pioneers came along before me to figure out why that was. After searching through several posts from years past with various options for making other routers work, I eventually found a post in the pfSense forums that explained how to configure pfSense directly to work with Google Fiber. However, since deep searching was required, I thought it might be best if I posted something more straightforward here for others to find.
A couple of important notes before we begin: First: The Google Fiber Network Box is just one of the required pieces of hardware to connect to the Google Fiber service. If you’re a Google Fiber customer you also have the Fiber Jack somewhere in your home. The Fiber Jack can be powered directly by a USB power supply but it is typically powered via POE from the Network Box. If your Fiber Jack is powered by POE and you intend to use pfSense, you’ll want to get a POE injector to put between your WAN interface and the Fiber Jack. This is the one I’m using and it’s been great so far. Second: This is for Google Fiber customers who only have Internet service. If you also have the TV service please know that this information will not be enough to get the Fiber TV service up and running. I’m not a Fiber TV customer so I can’t be much help there.
Enough chatter. Let’s configure pfSense for Google Fiber.
1. With the WAN interface at it’s default settings (using a DHCP address), let’s start by logging into pfSense and opening the Interfaces -> Assignments menu.
2. Next, let’s add a VLAN assignment to the WAN interface. Click on the VLAN tab and then click the “Add” button.
3. Now select your WAN interface as your “Parent Interface”. Enter 2 in the VLAN Tag field and 3 in the VLAN Priority field. Now click the “Save” button.
4. Verify that VLAN settings are correct and then click the “Interface Assignments” tab on the left.
5. From the WAN interface drop-down menu, select your WAN interface with the VLAN assignment we just created. Now click “Save”.
6. Reboot pfSense for good measure and you should be all set.
This has worked reliably for me for the past year. With the appropriate hardware behind it, bandwidth tests indicate that I’m getting the full gigabit speed of my Google Fiber connect. For me pfSense + Google Fiber has been ideal.
Many thanks to the posts (1, 2) at the Flyover Country blog which (as best I can figure) originally posted the information required to get third-party routers working with Google Fiber. I’d also like thank King Viper at the pfSense forums for pointing out that this could all be configured directly in pfSense without the need for managed switches.