Routing / it's a bug or my mistake?

  • pppoe client (connect to pfsense)
    pppoe server (pfsense latest version)
    server vlan (dmz on pfsense)

    1. route from client to pfsense : route via pppoe connection
    2. route from pfsense to pppoe client : route via (pppoe client ip address)

    all route all ok until PPPoE client restarted.
    after rebooted PPPoE, the PPPoE client range cannot route to dmz but when remove and rebuild static route on pfsense  (2) all thing ok.

    I don't know is a pfsense bug or is my mistake?

  • LAYER 8 Netgate

    I do not think this can be classified as a bug.

    I do not believe setting static routes is the way to success here.

    The normal way to route to a PPP device is to use a RADIUS server for authentication and pass the Framed-Route reply attribute to the PPP server on authentication.

    PPPoE server in pfSense is provided by the FreeBSD mpd5 daemon.

    The manual for that daemon says it supports the Framed-Route reply attribute.

    I have never tried it and the pfSense book is silent on the subject of using that attribute but that is what I would try in that case.

    Something like:

    Framed-Route = " 1",

    The should be automatically replaced with the pool address that is assigned. If you are assigning a static address in the reply it might need to be that instead.

  • I attached a video that explains the problem.and attached a picture that I draw the network diagram. 

    PPPoE client (user Omni connected.
    ping and traceroute ok
    ping and traceroute ok

    PPPoE client restarted (PPPoE client disconnect then connected)
    ping ok
    ping not ok

    after disable and enable statics routing all ok.

  • LAYER 8 Netgate

    Right. That is the exact scenario that adds a route to the PPPoE client that is addressed by the RADIUS Framed-Route reply attribute. Doing so should add the route every time the user connects.

    I say again: I do not believe setting static routes is the way to success here.

  • Thanks a lot for replying.

Log in to reply