23.01 install results in no internet

bert64

@stephenw10 The ISP does hand a /32 for the WAN address, but then the only way to make use of the /28 is to assign the same address with the /28 mask to one of the other interfaces. It's worked fine for many years (since 2.1.x) and all ISPs in the country seem to hand out routable legacy addressing this way.
Is there any other way to configure it?

Speaking of same addressing, the logic in the UI also prevents using the same IPv6 link-local address on multiple interfaces - but this is explicitly allowed with IPv6, for instance its quite common to assign fe80::1 on each VLAN as the primary gateway.

stephenw10

You can add the additional public IPs as VIPs on the WAN and 1:1 NAT them to internal hosts. But that is a significant change. I'm not sure what might have changed in 23.01 that prevents it pulling the more specific route for a /32.
Does this work without the HA part?
Are you able to test 23.05?

bert64

@stephenw10 23.05 behaves the same as 23.01..

Removing HA for the pppoe parent makes no difference...

Removing HA on the DMZ interface works, so it seems having the WAN address matching a CARP VIP has somehow broken between 22.05 and 23.01.

NAT breaks a lot of stuff so i'd want to avoid it.

stephenw10

What's actually logged when it tries to use an IP from a subnet that's already assigned to a different interface?
I expect to see an error in the system or routing logs.

bert64

@stephenw10 If the PPP session is already active and i try to assign the /28 afterwards, it rejects it in the UI saying the address conflicts.
However when the PPP interface is down, it doesn't know what address it's going to assign when it comes online so it accepts the configuration.

When it connects, the two functions used in rc.newwanip fail to find the address assigned to pppoe0 and return empty results, which causes the script to restart the interface thinking it doesn't have an address assigned.

This configuration worked in 22.05.

stephenw10

Hmm, so the PPP session connects and is passed an IP in the /28 but somehow just does nothing with it? And no routing error is logged? Hmm

bert64

@stephenw10 The PPP session connects and gets the address, it shows up if you run ifconfig at the right time and it even routes packets for a few seconds...

Then rc.newwanip tries to work out the address which has been assigned using find_interface_ip and/or get_interface_ip, but these functions don't return any address for pppoe0. (running these same functions against another interface such as igb1 is successful).

The correct address is present in /var/db/pppoe0_ip but it seems that $interface_ip_arr_cache doesn't get populated, the array exists but is empty which means this branch is never taken:

if (!isset($interface_ip_arr_cache[$interface]) or $flush) {

so it never reads the file from /var/db.. i have yet to track down where $interface_ip_arr_cache is coming from

stephenw10

Ah, OK. Interesting. I'm not aware of anything specific that would have affected that but it could well have been an unintended effect of some other change. That would be unlikely to have been tested since it's considered an invalid setup.

I would open bug report with the specific findings you have there.
https://redmine.pfsense.org/

IMO it should be valid since PPP is point-to-point and can work in a setup like that. It may just need to be excluded from a check somewhere.

Steve

sanstey

This post is deleted!