pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's

renners456

Hi Fellow pfSensers,

I am looking for a little guidance on assigning Public IP Addresses to my PPPoE client devices, I have set up a physical test rig set up the PPPoE server successfully on pfsense and it works with private IP addresses at the moment.

As you can see I can get it to work perfectly with private IP addresses however when I try with my ISP block of IP addresses it won't work I can NAT 1:1 map them to each of them [192.168.1.2] (1:1)[89.120.xxx.x0x] but I would like to just supply the PPPoE client with the public IP rather than the Private IP.

Any help or ideas would be very much appreciated.

jimp

Are those addresses routed to your firewall or a part of the WAN subnet?

renners456

@jimp said in pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's:

our firewall or a part of the WAN subnet?

Wan subnet - I have used "VIP" and I can 1:1 map them to the internal IP and it works fine and can connect, so I know my pfsense is getting the Public IP's but I would like to show a public IP in the internet connection page on the PPPoE client.

Thank you for your reply and valued time @jimp

jimp

If they are in your WAN subnet, you can't use them on clients behind the firewall directly.

Maybe if you kept the VIPs and allocated them in the PPPoE server settings it might work, but it's not ideal. For that to work you need to allocate addresses from a block routed to your WAN, not a part of the WAN subnet.

fusionp

@jimp said in pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's:

If they are in your WAN subnet, you can't use them on clients behind the firewall directly.

Maybe if you kept the VIPs and allocated them in the PPPoE server settings it might work, but it's not ideal. For that to work you need to allocate addresses from a block routed to your WAN, not a part of the WAN subnet.

Hi jimp and renners456, I have the same question but I'm also in the same predicament that my public IP subnet is applied directly to my WAN interface and not routed. As it stands I have a /24 public range but I'm only using/NATing out of /26 of this range, so I have many free public IP's not in use, they are added onto my pfsense box as VIPs. I have a customer who doesn't want a 1:1 NAT but wants a pure public IP, so I think in my case I can only use PPPOE...so for the setup do I follow the OP's setup and just specify the public IP's in the range? Do I configure the PPOE server to listen on my LAN interface?

The filed that I'm confused about are the "Server Address" (Enter the IP address the PPPoE server should give to clients for use as their "gateway".Typically this is set to an unused IP just outside of the client range.
NOTE: This should NOT be set to any IP address currently in use on this firewall.)

Do I specify/assign a free IP on my local LAN?

So I have tried to use a free LAN IP for the PPOE Server address, then I've tried to set one public IP as the range with /32 subnet, I can get the PPPOE client to connect but I'm not getting the public IP assigned to the PPPOE client, instead it's getting apipa 169.254.0.28

stephenw10

Are you trying to use PPPoE just to get past the fact your IPs are all on your WAN subnet?

Steve

fusionp

@stephenw10 said in pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's:

Are you trying to use PPPoE just to get past the fact your IPs are all on your WAN subnet?

Steve

Yes, I have a customer who requires pure public IP, Ive offered 1:1 nat but they're insistent and it's a case I just need to deliver it...
What are my other options here? Bridge an interface with my wan and vlan it over to him?

netblues

Talk to your isp, since you already have a /24, obtaining a /30 for routing purposes is certainly not an issue. A /24 isn't an automatic allocation and certainly not a residential service offering.
Now, if you like to explore the possibilites of l2 bridging, have a look at this
https://people.pharmacy.purdue.edu/~tarrh/Transparent%20Firewall-Filtering%20Bridge%20-%20pfSense%202.0.2%20By%20William%20Tarrh.pdf
I have no idea how well it fits on your goals though.
Staying with l3 routing is certainly a much more common way to do it.

fusionp

@netblues said in pfSense - PPPoE Server - Assign Public IP's to PPPoE Clients rather than Private IP's:

Talk to your isp, since you already have a /24, obtaining a /30 for routing purposes is certainly not an issue. A /24 isn't an automatic allocation and certainly not a residential service offering.
Now, if you like to explore the possibilites of l2 bridging, have a look at this
https://people.pharmacy.purdue.edu/~tarrh/Transparent%20Firewall-Filtering%20Bridge%20-%20pfSense%202.0.2%20By%20William%20Tarrh.pdf
I have no idea how well it fits on your goals though.
Staying with l3 routing is certainly a much more common way to do it.

Thanks!

stephenw10

Yes, I would try to have them route it to you via some other IP. Far more useful and more common for something as larger as a /24.

But also, yes, if you don't need PPPoE for some other reason then don't, you;re just introducing further complication. You could just bridge that one customer to your WAN directly and have them use a static IP.

Steve

fusionp

Thanks for the info and suggestions, ended up just creating a vlan on the isp interface and removing an ip from my pfsense and connecting it through directly to the customers CPE router. It's done the job.