Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to bind services on virtual ip

    HA/CARP/VIPs
    2
    2
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wickeren
      last edited by

      I'm having a hard time making my virtual ip's available to be able to used by a service like openvpn or haproxy.
      I have just a single PPPoE WAN with a /29 subnet. On the interface itself i got a .97/32 assigned.
      In the past the virtual ip's (.98 - .102) were added as PROXY ARP, working perfectly for NAT.
      However, they are not listed as an interface option in e.g openvpn or haproxy. Switched to IP alias, same story. Then i found some hints suggesting for PPPoE the additional IP's should be assigned to the localhost interface instead of WAN, but that didn't help either.
      https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses has nice info, but I couldn't resolve the issue with it.
      It might have to do something with PPPoE WAN. How can I make a service running on a additional IP different from the default assigned WAN IP?

      1 Reply Last reply Reply Quote 0
      • G
        gerdesj
        last edited by

        @wickeren:

        I'm having a hard time making my virtual ip's available to be able to used by a service like openvpn or haproxy.
        I have just a single PPPoE WAN with a /29 subnet. On the interface itself i got a .97/32 assigned.
        In the past the virtual ip's (.98 - .102) were added as PROXY ARP, working perfectly for NAT.
        However, they are not listed as an interface option in e.g openvpn or haproxy. Switched to IP alias, same story. Then i found some hints suggesting for PPPoE the additional IP's should be assigned to the localhost interface instead of WAN, but that didn't help either.
        https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses has nice info, but I couldn't resolve the issue with it.
        It might have to do something with PPPoE WAN. How can I make a service running on a additional IP different from the default assigned WAN IP?

        I do it this way:

        WAN = pppoe on say igb0
        WANNIC = igb0

        • WAN will get itself an address via DHCP as now
        • Set the IP for WANNIC and your PPPoE modem's "internal" address, for example a Draytek 120/130 will default to something like 192.168.2.1/24 so put 192.168.2.11/24 on WANNIC
        • Put an outbound NAT on WANNIC to the modem, assuming the modem has no default gateway. You should be able to access it's web interface from LAN now.
        • Add the IP aliases or CARP addresses to WANNIC for .98-.102
        • The extra IPs will appear at the end of the lists for things like IPSEC, OpenVPN etc
        • Inbound rules go on WAN and not WANNIC
        • Outbound NAT rules happen on WAN and not WANNIC apart from teh one I mentioned if there is a web interface on the modem
        • WANIC should not have any firewall rules apart from a reject/block rule with logging

        You can put the IP aliases on localhost but creating the extra WANNIC interface allows access to the modem and makes life a lot easier when there is more than one WAN to deal with .

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.