Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 5 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • renners456R
      renners456
      last edited by renners456

      Hi Fellow pfSensers,

      I am looking for a little guidance on assigning Public IP Addresses to my PPPoE client devices, I have set up a physical test rig set up the PPPoE server successfully on pfsense and it works with private IP addresses at the moment.

      0_1537313359565_ip.PNG

      As you can see I can get it to work perfectly with private IP addresses however when I try with my ISP block of IP addresses it won't work I can NAT 1:1 map them to each of them [192.168.1.2] (1:1)[89.120.xxx.x0x] but I would like to just supply the PPPoE client with the public IP rather than the Private IP.

      Any help or ideas would be very much appreciated.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Are those addresses routed to your firewall or a part of the WAN subnet?

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • renners456R
          renners456
          last edited by

          @jimp said in pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's:

          our firewall or a part of the WAN subnet?

          Wan subnet - I have used "VIP" and I can 1:1 map them to the internal IP and it works fine and can connect, so I know my pfsense is getting the Public IP's but I would like to show a public IP in the internet connection page on the PPPoE client.

          Thank you for your reply and valued time @jimp

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If they are in your WAN subnet, you can't use them on clients behind the firewall directly.

            Maybe if you kept the VIPs and allocated them in the PPPoE server settings it might work, but it's not ideal. For that to work you need to allocate addresses from a block routed to your WAN, not a part of the WAN subnet.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            F 1 Reply Last reply Reply Quote 0
            • F
              fusionp @jimp
              last edited by fusionp

              @jimp said in pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's:

              If they are in your WAN subnet, you can't use them on clients behind the firewall directly.

              Maybe if you kept the VIPs and allocated them in the PPPoE server settings it might work, but it's not ideal. For that to work you need to allocate addresses from a block routed to your WAN, not a part of the WAN subnet.

              Hi jimp and renners456, I have the same question but I'm also in the same predicament that my public IP subnet is applied directly to my WAN interface and not routed. As it stands I have a /24 public range but I'm only using/NATing out of /26 of this range, so I have many free public IP's not in use, they are added onto my pfsense box as VIPs. I have a customer who doesn't want a 1:1 NAT but wants a pure public IP, so I think in my case I can only use PPPOE...so for the setup do I follow the OP's setup and just specify the public IP's in the range? Do I configure the PPOE server to listen on my LAN interface?

              The filed that I'm confused about are the "Server Address" (Enter the IP address the PPPoE server should give to clients for use as their "gateway".Typically this is set to an unused IP just outside of the client range.
              NOTE: This should NOT be set to any IP address currently in use on this firewall.)

              Do I specify/assign a free IP on my local LAN?

              So I have tried to use a free LAN IP for the PPOE Server address, then I've tried to set one public IP as the range with /32 subnet, I can get the PPPOE client to connect but I'm not getting the public IP assigned to the PPPOE client, instead it's getting apipa 169.254.0.28

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Are you trying to use PPPoE just to get past the fact your IPs are all on your WAN subnet?

                Steve

                F 1 Reply Last reply Reply Quote 0
                • F
                  fusionp @stephenw10
                  last edited by

                  @stephenw10 said in pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's:

                  Are you trying to use PPPoE just to get past the fact your IPs are all on your WAN subnet?

                  Steve

                  Yes, I have a customer who requires pure public IP, Ive offered 1:1 nat but they're insistent and it's a case I just need to deliver it...
                  What are my other options here? Bridge an interface with my wan and vlan it over to him?

                  1 Reply Last reply Reply Quote 0
                  • N
                    netblues
                    last edited by

                    Talk to your isp, since you already have a /24, obtaining a /30 for routing purposes is certainly not an issue. A /24 isn't an automatic allocation and certainly not a residential service offering.
                    Now, if you like to explore the possibilites of l2 bridging, have a look at this
                    https://people.pharmacy.purdue.edu/~tarrh/Transparent%20Firewall-Filtering%20Bridge%20-%20pfSense%202.0.2%20By%20William%20Tarrh.pdf
                    I have no idea how well it fits on your goals though.
                    Staying with l3 routing is certainly a much more common way to do it.

                    F 1 Reply Last reply Reply Quote 1
                    • F
                      fusionp @netblues
                      last edited by

                      @netblues said in pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's:

                      Talk to your isp, since you already have a /24, obtaining a /30 for routing purposes is certainly not an issue. A /24 isn't an automatic allocation and certainly not a residential service offering.
                      Now, if you like to explore the possibilites of l2 bridging, have a look at this
                      https://people.pharmacy.purdue.edu/~tarrh/Transparent%20Firewall-Filtering%20Bridge%20-%20pfSense%202.0.2%20By%20William%20Tarrh.pdf
                      I have no idea how well it fits on your goals though.
                      Staying with l3 routing is certainly a much more common way to do it.

                      Thanks!

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Yes, I would try to have them route it to you via some other IP. Far more useful and more common for something as larger as a /24.

                        But also, yes, if you don't need PPPoE for some other reason then don't, you;re just introducing further complication. You could just bridge that one customer to your WAN directly and have them use a static IP.

                        Steve

                        F 1 Reply Last reply Reply Quote 1
                        • F
                          fusionp @stephenw10
                          last edited by

                          Thanks for the info and suggestions, ended up just creating a vlan on the isp interface and removing an ip from my pfsense and connecting it through directly to the customers CPE router. It's done the job.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.