[Workaround] PPPOE with static IP



  • Hello,

    Regarding usage of "PPPOE and static IP" I searched the forums and found similar posts but never a solution.
    Nowadays that broadband became available, in many countries also static IP's are offered.

    Some hours after I posted my original question I came up with a quirky idea, that actually turned out to work.
    I post my "workaround" here in hope that somebody else finds it useful.

    Requirements:

    • Usage of PPPOE
    • Usage of Static IP
    • Usage of above two at same time same interface

    The menu doesnt allow for that kind of choice, so we came up with this workaround.

    The "workaround":

    1. Take a Backup of any existing configuration you might have.

    2. Important: Setup your first wan interface as "PPPOE" connection.
      (This will give you connectivity to the internet)

    3. Setup "opt" and "lan" interfaces as required.

    4. Setup your "opt2" interface for same wan interface as in step one but set it this time as "Static IP".
      Note the subnet mask you use. You will need that for the "PPPOE" connection later.
      (If you want to use CARP later dont put Gateway IP, Gateway IP will be VIP later)

    5. download a configuration backup

    6. Important: Edit the ppp section and change <alias-subnet>mask of "PPPOE" connection.
      Use the subnet mask from step three "Setup of your opt2 interface"

    <wan><if>pppoe0</if>
    <blockpriv><blockbogons><media><mediaopt><descr>PPPOE</descr>
    <spoofmac></spoofmac>
    <enable><alias-address><alias-subnet>29</alias-subnet>
    <ipaddr>pppoe</ipaddr></alias-address></enable></mediaopt></media></blockbogons></blockpriv></wan>

    1. Upload the changed config file.
    2. PFSense should reboot automatically

    After PFSense came up you should have a combined PPPOE / Static IP connection.
    This way you also don't need another device f.e like a modem/router etc. just for authentification.

    8 ) It goes without saying that any network traffic leaving must be configured to use the static IP network (your gateway).

    Please try it and revert back if it worked for you.</alias-subnet>



  • I "solved" this in my case using two pfSense firewalls.

    It will be great could only one be used.

    I did:
    {internet} –cable -- Modem -- pfSense1 PPPoE (bridge) -- pfSense2 -- LAN.



  • @ valentin_nils: I'm amazed that this works. :) Nice job.

    I haven't figured out why it works, but it might just be luck of the order that interfaces are brought up on boot.

    I think it might break if you go to Status->Interfaces and press the "Disconnect" button and then the "Connect" button.
    Try it and tell me what happens.

    Also, you can customize the mpd configuration (that creates the PPPoE link) if you want functions that aren't available in the GUI see this post: http://forum.pfsense.org/index.php/topic,29660.msg163436.html#msg163436

    and this from the mpd5 docs

    4.9. Interface layer

    This chapter describes commands that configure the interface layer. All of these commands apply to the currently active bundle.

    Note that while most of the time mpd is used for transmitting IP traffic, it is designed to support other (currently unimplemented) protocols such as AppleTalk, IPX, etc. This is why the Interface layer (which is protocol independent) is distinct from the IP Control Protocol (IPCP) layer which is specific to IP.

    set iface addrs [!]local-ip [!]remote-ip

    This command is usually required when dial-on-demand is enabled. Normally, mpd configures the interface with the IP addresses that were negotiated when connecting the link. Since dial-on-demand configures the interface before actually connecting, mpd has to be told initial local and remote IP addresses to give the interface. These addresses don't have to correspond to the ``real'' ones; in fact, both addresses can be completely fictional. If and when different addresses are negotiated later, mpd will automatically renumber the interface and adjust the routes.

    Also this command may be used to force specified addresses usage instead of negotiated ones. It may be useful in some specific cases, for example, to avoid routing loop with misconfigured PPTP server. In such case '!' mark specifies IPs to be forced.

    set iface route address[/width]

    This command associates a route with the bundle. Whenever the interface is configured up, all associated routes are added. A route of default indicates the default route. Otherwise, the route is a network address with optional netmask width (e.g., 192.168.1.0/24). If the netmask width is omitted, a single host route is assumed (i.e., a width of 32).

    Routes are automatically removed when the interface is brought down.

    GB



  • Hello gnbh,

    Thanks for the update.
    The order of the interfaces plays definitely a role in it. It doesnt work the other way around.
    Also pressing "disconnect / connect" doesnt reconnect it again.

    Its not to be seen as a solution, but more a workaround for the desperate.

    As soon as we know a better way of doing it we will post it here.

    Our guess is that PPPOE is brought up first with the subnet mask as written in the config file.
    Because opt2 has the same subnet mask it seems valid for that split second.

    Soon after PPPOE is up probably netmask is corrected to /32 but connection stays alive.


Locked