Routing / it's a bug or my mistake?
-
pppoe client (connect to pfsense) 192.168.200.90.0/24
pppoe server (pfsense latest version) 192.168.210.0/24
server vlan (dmz on pfsense) 192.168.200.0/24- route from client to pfsense : route 192.168.200.0/24 via pppoe connection
- route from pfsense to pppoe client : route 192.168.90.0/24 via 192.168.210.45 (pppoe client ip address)
all route all ok until PPPoE client restarted.
after rebooted PPPoE, the PPPoE client range cannot route to dmz but when remove and rebuild static route on pfsense (2) all thing ok.I don't know is a pfsense bug or is my mistake?
-
I do not think this can be classified as a bug.
I do not believe setting static routes is the way to success here.
The normal way to route to a PPP device is to use a RADIUS server for authentication and pass the Framed-Route reply attribute to the PPP server on authentication.
PPPoE server in pfSense is provided by the FreeBSD mpd5 daemon.
The manual for that daemon says it supports the Framed-Route reply attribute.
I have never tried it and the pfSense book is silent on the subject of using that attribute but that is what I would try in that case.
Something like:
Framed-Route = "192.168.90.0/24 0.0.0.0 1",
The 0.0.0.0 should be automatically replaced with the pool address that is assigned. If you are assigning a static address in the reply it might need to be that instead.
-
I attached a video that explains the problem.and attached a picture that I draw the network diagram.
–-------------------------------------------------------------PPPoE---------------------------------------------------------------------------------------PPPoE client (user Omni 192.168.210.45) connected.
ping and traceroute ok 192.168.210.45
ping and traceroute ok 192.168.90.10PPPoE client restarted (PPPoE client disconnect then connected)
ping 192.168.210.45: ok
ping 192.168.90.10: not okafter disable and enable statics routing all ok.
https://drive.google.com/file/d/1zu6VrGxTTOtf9XKFbMKIYhF0qHwN9oIo/view?usp=sharing
-
Right. That is the exact scenario that adds a route to the PPPoE client that is addressed by the RADIUS Framed-Route reply attribute. Doing so should add the route every time the user connects.
I say again: I do not believe setting static routes is the way to success here.
-
Thanks a lot for replying.
