/27 subnet, routing hosts and pppoe server
-
Not sure if I'm going to get to it. Getting late. Soon though.
-
Did you ever get around to trying it?
-
I think you will be happier if you split the /27 into two /28s. One for the servers and one for the PPPoE. It should work giving them out but you'll run into problems if PPPoE ever needs to talk to the servers. Or get another routed subnet for PPPoE. Or you might be able to work around it somehow with NAT if it ever comes up.
I've never configured the pfSense PPPoE so this is just a guess based on routing fundamentals.
I know its been a while, but everything has worked as planned but the issue as you as said with PPPoE clients not be able to talk to servers. Anyone with ideas to help make this work?
-
What exactly did you do?
-
Split the subnet as you suggested, one for the servers, one for pppoe.
However, I am trying to overcome the issue you said I would run into where pppoe clients are not able to talk to the servers. If you read back a bit it should refresh your memory :) -
Please provide precise details about what you've done. Like IP address and subnet mask of the interfaces in play and the PPPoE config.
-
I think you will be happier if you split the /27 into two /28s. One for the servers and one for the PPPoE. It should work giving them out but you'll run into problems if PPPoE ever needs to talk to the servers. Or get another routed subnet for PPPoE. Or you might be able to work around it somehow with NAT if it ever comes up.
I've never configured the pfSense PPPoE so this is just a guess based on routing fundamentals.
I just ended up using the whole subnet.
76.10.188.2 is the pfsense box which the subnet is assigned t0
76.10.190.224 /27I assigned the interface "servers" 76.10.190.224 /26
and the servers use IPS76.10.190.253 -| gateway
76.10.190.252 -| 76.10.190.224
76.10.190.251 -| subnet /26The pppoe server is setup as follows
interface = lan
subnet mask = 32
number of users = 9
server address = 76.10.19.254
remote address range = 76.10.190.225now just so we are clear, everything works, I can reach the servers from the internet, from the lan, etc. I just can't talk to the "servers" interface as from the pppoe server (clients).
-
Right. Because the servers think the PPPoE IP addresses are on their connected subnet so they will never send traffic to the router to be routed to the PPPoE clients.
If you split the subnet into two, the PPPoE client addresses will be OUTSIDE the server subnet so traffic will be sent to the router to be routed to them.
I guess don't understand the resistance to subnetting this properly. If you want 9 addresses, a /29 is only one short.
And I show a /26 as starting at .192, not .224. Is it a /26 or a /27?
ETA: You might be able to get it to work by putting Proxy ARP VIPs for the PPPoE addresses on the server interface if for some reason you don't want to change it. pfSense will probably not like having the same IP address in two places but with Proxy ARP it might allow it. I'd have to try it. Not how I would do it.
EATA: Another problem is confusion. For instance your PPPoE addresses fall inside SERVERS net.
-
Its really a /27, That's so I could use the whole /27 subnet, I cheated and said it was a /26 on the "servers" interface. PPPoE I don't think it really matters as its a VPN connection.
But maybe I will make the "servers" subnet smaller and that way the ips being assigned to pppoe clients will be outside the "servers" subnet?
Thanks man, this has been driving me nuts, everything works perfect except communication between pppoe and the "servers" interface.
Here is some helpful info I can provide.
Once connection has been made via pppoe, internet works, but I can not ping, connect, anything with the servers on the "servers" interface. however, I am able to ping 76.10.190.224, if you remember, that's the ip address for the network card in the pfsense box that serves the servers on the "servers" interface (76.10.190.224)
-
But you can't use the whole /27 because 9 addresses are for the PPPoE.
Regarding who can contact what, it sounds like it's functioning pretty much as expected.
Now I'm not sure what "I cheated and said it was a /26 on the "servers" interface" means. It's either a /27 or it isn't. There really is no way to cheat.
-
But you can't use the whole /27 because 9 addresses are for the PPPoE.
Regarding who can contact what, it sounds like it's functioning pretty much as expected.
Now I'm not sure what "I cheated and said it was a /26 on the "servers" interface" means. It's either a /27 or it isn't. There really is no way to cheat.
76.10.190.224 /27
I was meaning by using my whole /27 subnet, everytime you split the subnet, you lose 4 hosts do you not? two ips for each subnet?
