@johnpoz said in How to keep networks separated:

Seems odd to me that your saying pfsense is getting a public IP - but other devices are getting 192 - this isn't normally how a gateway in bridge mode works.

That's how the att garbage works. Their gateways have what's called passthrough mode. Via dhcp it assigned the public ip to a single device on the lan side.

However, the public ip still remains assigned to the gateway's wan as well. It's a pseudo passthrough mode of sorts, fake bridge.

The end result, customer's device (router, pfsense, etc) has what appears to be a public ip as well as the gateway. As such, the gateway can assign various private ip's to other devices (wired and wireless) connected its ethernet ports and/or wifi ssid. A traceroute behind the customer's router (pfsense or other), will show the gateway ip as the first hop (192.168.1.254) rather than the real wan gateway.

For those of us on fiber in areas not get upgraded to xg-pon, several bypass methods exist which eliminate the isp gateway box entirely. The best is extracting (or buying) the 802.1x certs then implementing them in software using wpa_supplicant. This gives customer full access and control of the network, no double nat, etc. Also a /60 PD for ipv6 vs /64 from the gateway box.

The other methods still rely on the gateway box in one manner or another.

@ddbnj

Then I can only assume you didn't reboot pfsense. That's pretty much necessary to get the full sequence. Otherwise, you only get renewals.

@stephenw10 it stops responding when manually disconnecting.

When I'm trying to send commands to the device it looks like the tty is frozen (impossible to type anything). I suppose the MPD script has the same issue thus throwing « CHAT: The modem is not responding to "AT" at ModemCmd: label. ».

If I'm power cycling the device it then appears as a new device (I suppose because the /dev/cuaU0.2 is still being used / locked).

Hence why I'm powering off the device before "cleaning" PPP and power it back on 3 seconds after ppp-linkdown is terminated. This makes sure the port is free and available for a new PPP session. But it really looks slapdash.

na so wie ich das verstehe, muss das, was auch immer dann da hängt, irgendwie mit der Telekom reden können ... also es ist ja nicht nur eine reine DECT Station sondern eben auch mit Einwahl und so verbunden ... und da hab ich halt gar keine Ahnung, was man da alternativ zu einer Fritzbox nehmen kann. ¯_(ツ)_/¯