Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Workaround] PPPOE with static IP

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    4 Posts 3 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      valentin_nils
      last edited by

      Hello,

      Regarding usage of "PPPOE and static IP" I searched the forums and found similar posts but never a solution.
      Nowadays that broadband became available, in many countries also static IP's are offered.

      Some hours after I posted my original question I came up with a quirky idea, that actually turned out to work.
      I post my "workaround" here in hope that somebody else finds it useful.

      Requirements:

      • Usage of PPPOE
      • Usage of Static IP
      • Usage of above two at same time same interface

      The menu doesnt allow for that kind of choice, so we came up with this workaround.

      The "workaround":

      1. Take a Backup of any existing configuration you might have.

      2. Important: Setup your first wan interface as "PPPOE" connection.
        (This will give you connectivity to the internet)

      3. Setup "opt" and "lan" interfaces as required.

      4. Setup your "opt2" interface for same wan interface as in step one but set it this time as "Static IP".
        Note the subnet mask you use. You will need that for the "PPPOE" connection later.
        (If you want to use CARP later dont put Gateway IP, Gateway IP will be VIP later)

      5. download a configuration backup

      6. Important: Edit the ppp section and change <alias-subnet>mask of "PPPOE" connection.
        Use the subnet mask from step three "Setup of your opt2 interface"

      <wan><if>pppoe0</if>
      <blockpriv><blockbogons><media><mediaopt><descr>PPPOE</descr>
      <spoofmac></spoofmac>
      <enable><alias-address><alias-subnet>29</alias-subnet>
      <ipaddr>pppoe</ipaddr></alias-address></enable></mediaopt></media></blockbogons></blockpriv></wan>

      1. Upload the changed config file.
      2. PFSense should reboot automatically

      After PFSense came up you should have a combined PPPOE / Static IP connection.
      This way you also don't need another device f.e like a modem/router etc. just for authentification.

      8 ) It goes without saying that any network traffic leaving must be configured to use the static IP network (your gateway).

      Please try it and revert back if it worked for you.</alias-subnet>

      1 Reply Last reply Reply Quote 0
      • F
        fundutzi
        last edited by

        I "solved" this in my case using two pfSense firewalls.

        It will be great could only one be used.

        I did:
        {internet} –cable -- Modem -- pfSense1 PPPoE (bridge) -- pfSense2 -- LAN.

        Regards,

        2.0-Beta5 (i386)- build xxx
        as vmHw 7 always E1000 nics
        on
        VMware ESX 4.x,

        1 Reply Last reply Reply Quote 0
        • G
          gnhb
          last edited by

          @ valentin_nils: I'm amazed that this works. :) Nice job.

          I haven't figured out why it works, but it might just be luck of the order that interfaces are brought up on boot.

          I think it might break if you go to Status->Interfaces and press the "Disconnect" button and then the "Connect" button.
          Try it and tell me what happens.

          Also, you can customize the mpd configuration (that creates the PPPoE link) if you want functions that aren't available in the GUI see this post: http://forum.pfsense.org/index.php/topic,29660.msg163436.html#msg163436

          and this from the mpd5 docs

          4.9. Interface layer

          This chapter describes commands that configure the interface layer. All of these commands apply to the currently active bundle.

          Note that while most of the time mpd is used for transmitting IP traffic, it is designed to support other (currently unimplemented) protocols such as AppleTalk, IPX, etc. This is why the Interface layer (which is protocol independent) is distinct from the IP Control Protocol (IPCP) layer which is specific to IP.

          set iface addrs [!]local-ip [!]remote-ip

          This command is usually required when dial-on-demand is enabled. Normally, mpd configures the interface with the IP addresses that were negotiated when connecting the link. Since dial-on-demand configures the interface before actually connecting, mpd has to be told initial local and remote IP addresses to give the interface. These addresses don't have to correspond to the ``real'' ones; in fact, both addresses can be completely fictional. If and when different addresses are negotiated later, mpd will automatically renumber the interface and adjust the routes.

          Also this command may be used to force specified addresses usage instead of negotiated ones. It may be useful in some specific cases, for example, to avoid routing loop with misconfigured PPTP server. In such case '!' mark specifies IPs to be forced.

          set iface route address[/width]

          This command associates a route with the bundle. Whenever the interface is configured up, all associated routes are added. A route of default indicates the default route. Otherwise, the route is a network address with optional netmask width (e.g., 192.168.1.0/24). If the netmask width is omitted, a single host route is assumed (i.e., a width of 32).

          Routes are automatically removed when the interface is brought down.

          GB

          1 Reply Last reply Reply Quote 0
          • V
            valentin_nils
            last edited by

            Hello gnbh,

            Thanks for the update.
            The order of the interfaces plays definitely a role in it. It doesnt work the other way around.
            Also pressing "disconnect / connect" doesnt reconnect it again.

            Its not to be seen as a solution, but more a workaround for the desperate.

            As soon as we know a better way of doing it we will post it here.

            Our guess is that PPPOE is brought up first with the subnet mask as written in the config file.
            Because opt2 has the same subnet mask it seems valid for that split second.

            Soon after PPPOE is up probably netmask is corrected to /32 but connection stays alive.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.