Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Routing / it's a bug or my mistake?

    Routing and Multi WAN
    2
    5
    369
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reza.mnp last edited by

      pppoe client (connect to pfsense) 192.168.200.90.0/24
      pppoe server (pfsense latest version) 192.168.210.0/24
      server vlan (dmz on pfsense) 192.168.200.0/24

      1. route from client to pfsense : route 192.168.200.0/24 via pppoe connection
      2. route from pfsense to pppoe client : route 192.168.90.0/24 via 192.168.210.45 (pppoe client ip address)

      all route all ok until PPPoE client restarted.
      after rebooted PPPoE, the PPPoE client range cannot route to dmz but when remove and rebuild static route on pfsense  (2) all thing ok.

      I don't know is a pfsense bug or is my mistake?

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        I do not think this can be classified as a bug.

        I do not believe setting static routes is the way to success here.

        The normal way to route to a PPP device is to use a RADIUS server for authentication and pass the Framed-Route reply attribute to the PPP server on authentication.

        PPPoE server in pfSense is provided by the FreeBSD mpd5 daemon.

        The manual for that daemon says it supports the Framed-Route reply attribute.

        I have never tried it and the pfSense book is silent on the subject of using that attribute but that is what I would try in that case.

        Something like:

        Framed-Route = "192.168.90.0/24 0.0.0.0 1",

        The 0.0.0.0 should be automatically replaced with the pool address that is assigned. If you are assigning a static address in the reply it might need to be that instead.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          reza.mnp last edited by

          I attached a video that explains the problem.and attached a picture that I draw the network diagram. 
          –-------------------------------------------------------------PPPoE---------------------------------------------------------------------------------------

          PPPoE client (user Omni 192.168.210.45) connected.
          ping and traceroute ok 192.168.210.45
          ping and traceroute ok 192.168.90.10

          PPPoE client restarted (PPPoE client disconnect then connected)
          ping 192.168.210.45: ok
          ping 192.168.90.10: not ok

          after disable and enable statics routing all ok.

          https://drive.google.com/file/d/1zu6VrGxTTOtf9XKFbMKIYhF0qHwN9oIo/view?usp=sharing


          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Right. That is the exact scenario that adds a route to the PPPoE client that is addressed by the RADIUS Framed-Route reply attribute. Doing so should add the route every time the user connects.

            I say again: I do not believe setting static routes is the way to success here.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • R
              reza.mnp last edited by

              Thanks a lot for replying.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post