PPPoE servers not working with default setting

• All FortiGate units running FortiOS 3.0 MR3 and higher.

PPPoE servers in certain regions, for example Japan may not work with default setting in FortiOS 3.0 where the PPPoE interface borrows the IP address from another interface.

Below is an example of a configuration that may not work:

PPPoE Server (IP range: x.x.105.168/29)(unnumbered)
     |
     | wan1 (pppoe) [default setting]
     |          or
     | [set ipunnumbered x.x.105.168]
     |
   [FGT]-------- dmz1 [x.x.105.169/29]
     |
     | internal 192.168.1.99/24
     |
    [PC] 192.168.1.110

Note that WAN1 and DMZ1 have overlapping IP addresses. The configuration is similar to:

config system global
    set allow-interface-subnet-overlap enable
      ...
end

config system interface
    edit "internal"
        set vdom "root"
        set ip 192.168.1.99 255.255.255.0
        set allowaccess ping https
        set type physical
    next
    edit "dmz1"
        set vdom "root"
        set ip x.x.105.169 255.255.255.248
        set allowaccess ping https
        set type physical
    next
    edit "wan1"
        set vdom "root"
        set mode pppoe
        set type physical
        set username "xxx@xxx.something.com"
        set ipunnumbered x.x.105.168
        set password ENC
        set defaultgw enable
        set dns-server-override enable
    next
end

The workaround for this situation is to set the following options on the PPPoE interface:

set ipunnumbered <ip_address>
set pppoe-unnumbered-negotiate disable

Using the above example, the configuration will look like the following:

    edit "wan1"
        set vdom "root"
        set mode pppoe
        set type physical
        set username "xxx@xxx.something.com"
        set ipunnumbered x.x.105.168
        set pppoe-unnumbered-negotiate disable
        set password ENC
        set defaultgw enable
        set dns-server-override enable
    next

Note: FortiOS 2.80 MR11 and earlier used to work as the negotiating option is disabled by default.