Switching from KPN PPPoE to IPoE



  • My fiber provider in Holland (KPN) offered me a free upgrade from 100Mb to 200Mb, but told me I need to switch from PPPoE to IPoE.
    Current situation: WAN is PPPoE, getting first IP automatically from my /29 subnet from provider, and configured the remaining IPs as an alias, working perfectly fine. LAN is on 192.168.1.0/24.
    As I was unfamiliar with IPoE I started looking around and read everywhere I should just change the WAN type to DHCP and asked KPN for confirmation for that.

    To my surprise they told me it was quite different and gave me a example config for Cisco looking quite strange to me. This was the only example they could provide. The Cisco config they gave me seem to tell to configure the WAN on a static IP in a different /30 subnet (calling it a “interlink subnet”) with a gateway in that same subnet and configure my current /29 subnet on the LAN side…

    !## Guide, instelling IPOE met Cisco Router.
    !## Poortype kan afwijken
    !-------
    !------- WAN poort ----
    !------- interface GigabitEthernet0/0/0 description Connection to WAN ip address 145.54.111.62 255.255.255.252 speed 100 duplex FULL MTU 1500
    !
    !
    !
    !-------
    !------- LAN ------
    !-------
    ! interface GigabitEthernet0/0/1 description to Customer LAN ip address 31.149.115.137 255.255.255.248
    !
    !
    ! ip route 0.0.0.0 0.0.0.0 145.54.111.61
    !

    That looks ridiculous to me, as I don’t want my public IPs on the LAN! And I also don’t want to buy a another router to put in front of PFsense so I could use my public IPs on my PFsense WAN.
    Any idea how to configure this right on the PFsense WAN interface? Could I probably just use the /30 subnet as suggested as primary and configure the /29 as aliases on the WAN also?
    Anyone familiar with IPoE in general and/or KPN setup in particular?

    Regards,

    Julian


  • LAYER 8 Moderator

    @wickeren said in Switching from KPN PPPoE to IPoE:

    That looks ridiculous to me, as I don’t want my public IPs on the LAN! And I also don’t want to buy a another router to put in front of PFsense so I could use my public IPs on my PFsense WAN.

    I think you are seeing that wrong. What that seems to describe to me is that they use the interlink subnet (a transit network) for connection to your router AND route you your /29 subnet to THAT IP (your IP in the /30 transit network) - so a real routing of the /29 subnet instead of needing one IP from your /29 themselves and force you to configure the IPs on your WAN. That actually is the perfect way to route IPs instead of some dumb DHCP or MAC assigned way many providers handle that. AND without them stealing an IP from your subnet you can actually use those IPs any way you want and are NOT forced to configure them as aliases on your WAN but - as in the example - can actually use them on the LAN (bad example) or in a dedicated DMZ if you want that.
    If you just want to use it like before, you don't have to change a bit but just use the IPs from the /29 subnet as Aliases on WAN and configure them any way you want. As I remember you don't even have to create them as Alias IPs if you just port forward them to internal things, you only need that if you want to use them with outbound NAT or services on pfSense itself but you can create them as VIPs like before without problem.

    I'd be jealous to get that service from any german provider!

    Greets, Jens



  • Tnx Jens.

    So basicly you say that my last idea to “use the /30 subnet as suggested as primary and configure the /29 as aliases on the WAN” should work fine?
    I’m gonna try that, the just provided me with a test /29 subnet different from my current one, so I can test it without breaking current PPPoE connectivity. Good service!


  • LAYER 8 Moderator

    @wickeren said in Switching from KPN PPPoE to IPoE:

    and configure the /29 as aliases on the WAN” should work fine?

    Indeed it should. In theory as they are routed to you, if you do 1:1 NAT or port forwarding with them it should even work without (as the packages will arrive on the WAN of pfsense per routing and can be picked up).
    But if you configure them they should simply work as before.

    @wickeren said in Switching from KPN PPPoE to IPoE:

    Good service!

    Good lord, why can't we get nice things in germany like that... -.- That's real service for sure!



  • @wickeren I have the same issue (also KPN zakelijk) did you find a solid solution? I have an all Unifi setup (USG Pro as router) and want implement this IPoE too.



  • @BarryVereijssen said in Switching from KPN PPPoE to IPoE:

    @wickeren I have the same issue (also KPN zakelijk) did you find a solid solution? I have an all Unifi setup (USG Pro as router) and want implement this IPoE too.

    This forum is about Pfsense, not about Ubiquiti. Doesn’t have one too so can’t help...


Log in to reply