Mac spoof on wan - pppoe doesnt work



  • i have a pppoe connection and my isp requires to spoof a fixed mac but it doesnt seem to work on latest nanobsd alix snapshot


  • Rebel Alliance Developer Netgate

    Did it ever work on 2.1? If it did, what was the date of the snapshot it worked on, and the one it was broken on?



  • i installed a new alix for a client and his isp has that requirement and i tried 2.0.1 first and it didnt and then i tried 2.1 23rd September and still same, ppp log shows authorization failed from isp, i called them up and they said the mac id was same as the alix one, not the one i tried to spoof which was of the asus router, i tried the latest snap as of now but tis still the same, pfsense isnt spoofing it


  • Rebel Alliance Developer Netgate

    It's probably not working like you expect because the MAC box is for the interface assigned, and the assigned interface in that case is pppoe0 and not the physical interface.

    Try this trick:
    Make the PPPoE interface as usual - no spoofed mac - this will result in pppoe0 being assigned for that interface.
    Then go and assign the physical interface  (again, vr0), set it for an IP type of 'none' and spoof the MAC there.



  • i got confused

    first i create the usual pppoe connection
    then i goto interface - assign then add a new interface for vr1 (in my case)
    then goto that itnerface and assign spoofed mac

    but this way wont it have like 2 interfaces for same port and wont it conflict?
    wan -> pppoe(vr1) -> vr1(with spoofed mac)


  • Rebel Alliance Developer Netgate

    No they don't conflict because technically they are different interfaces, one is vr1 and the other is pppoe0

    Sort of like how you can use both the vlan parent and a vlan subinterface at the same time.

    And since you have the physical interface set to an IP of none it wouldn't hurt anything anyhow.



  • ill test it and report back.

    if this is the way to spoof then u should probably remove the mac spoof box when u select pppoe type when u create a new interface coz it can be misleading


  • Rebel Alliance Developer Netgate

    That may be a good idea. I'm not sure that box serves any purpose for PPPoE (or PPTP or L2TP or PPP…)



  • once i create a new interface opt1, do i need to goto ppp tab edit pppoe and assign it to vr1 or to opt1?



  • when i tried with vr1

    actually there is multi wan set so vr0 is lan vr1 is wan1 and vr2 is wan2 and its wan2 i need to spoof and the new itnerface ic reated was opt3 with spoofed mac

    when the ppp tab listed pppoe linked to vr2 i got the below log and didnt work, not to mention my second device with pppoe reconnect issue

    Sep 25 18:40:22 	syslogd: kernel boot file is /boot/kernel/kernel
    Sep 25 22:24:59 	check_reload_status: Syncing firewall
    Sep 25 22:25:41 	php: /interfaces_assign.php: Calling interface down for interface opt3, destroy is
    Sep 25 22:25:41 	php: /interfaces_assign.php: Deny router advertisements for interface opt3
    Sep 25 22:25:46 	check_reload_status: updating dyndns opt3
    Sep 25 22:25:53 	php: /interfaces_assign.php: Creating rrd update script
    Sep 25 22:25:53 	check_reload_status: Syncing firewall
    Sep 25 22:26:21 	check_reload_status: Syncing firewall
    Sep 25 22:26:27 	php: /interfaces.php: Calling interface down for interface opt3, destroy is
    Sep 25 22:26:27 	php: /interfaces.php: Deny router advertisements for interface opt3
    Sep 25 22:26:27 	kernel: vr2: link state changed to DOWN
    Sep 25 22:26:27 	check_reload_status: Linkup starting vr2
    Sep 25 22:26:30 	check_reload_status: Linkup starting vr2
    Sep 25 22:26:30 	kernel: vr2: link state changed to UP
    Sep 25 22:26:32 	check_reload_status: updating dyndns opt3
    Sep 25 22:26:34 	php: /interfaces.php: Removing static route for monitor 203.187.192.33 and adding a new route through 203.187.196.1
    Sep 25 22:26:35 	php: : Hotplug event detected for opt3 but ignoring since interface is configured with static IP ()
    Sep 25 22:26:35 	php: /interfaces.php: Creating rrd update script
    Sep 25 22:26:35 	check_reload_status: Reloading filter
    Sep 25 22:26:37 	php: : Hotplug event detected for opt3 but ignoring since interface is configured with static IP ()
    Sep 25 22:26:37 	check_reload_status: rc.newwanip starting vr2
    Sep 25 22:26:45 	php: : rc.newwanip: Informational is starting vr2.
    Sep 25 22:26:45 	php: : rc.newwanip: on (IP address: ) (interface: opt3) (real interface: vr2).
    Sep 25 22:26:45 	php: : rc.newwanip: Failed to update opt3 IP, restarting...
    Sep 25 22:26:45 	check_reload_status: Configuring interface opt3
    Sep 25 22:26:51 	php: /status_interfaces.php: Calling interface down for interface opt2, destroy is
    Sep 25 22:26:51 	check_reload_status: Configuring interface opt2
    Sep 25 22:26:55 	check_reload_status: Updating all dyndns
    Sep 25 22:26:55 	check_reload_status: Restarting ipsec tunnels
    Sep 25 22:26:55 	check_reload_status: Restarting OpenVPN tunnels/interfaces
    Sep 25 22:26:55 	check_reload_status: Reloading filter
    Sep 25 22:26:56 	php: : Could not find IPv4 gateway for interface (opt2).
    Sep 25 22:26:59 	php: : Deny router advertisements for interface opt2
    Sep 25 22:27:00 	check_reload_status: Rewriting resolv.conf
    Sep 25 22:27:00 	php: : Starting 3gstats.php on device '' for interface 'opt2'
    Sep 25 22:27:01 	php: : Deny router advertisements for interface opt3
    Sep 25 22:27:15 	php: : Could not find IPv4 gateway for interface (opt2).
    Sep 25 22:27:43 	syslogd: exiting on signal 15
    Sep 25 22:27:43 	syslogd: kernel boot file is /boot/kernel/kernel
    Sep 25 22:27:49 	php: /status_interfaces.php: Deny router advertisements for interface opt2
    Sep 25 22:27:49 	php: /status_interfaces.php: Starting 3gstats.php on device '' for interface 'opt2'
    


  • can some1 guide me on how to trace what mac id is being sent to isp for pppoe connections as recently there was a patch for the issue but i have no clue to how to trace if the applied mac id is being sent also or no


  • Rebel Alliance Developer Netgate

    You'd probably have to do a packet capture on the physical interface (e.g. vr2) to see that.

    From the shell, something like this may work:

    tcpdump -vvvnei vr2



  • i tried it and as soon as i go under interfaces->wan and feed in a new mac id and apply the pppoe link under ppp under assign looses its itnerface and i get the below in system log so then i reassign the vr1 interface which is for my wan and pppoe connects but still with the actual mac id, not the spoofed one so i guess it still doesnt work

    Jan 12 12:42:27 	php: : Could not find IPv4 gateway for interface (wan).
    Jan 12 12:42:27 	php: : Could not find IPv4 gateway for interface (wan).
    Jan 12 12:42:27 	php: : Could not find IPv4 gateway for interface (wan).
    Jan 12 12:42:27 	php: : Could not find IPv4 gateway for interface (wan).
    


  • Did you disable and enable the PPP link around changing the MAC address?

    Did you restart the box after changing the MAC address?



  • i restarted now and it seems its using the applied mac id now so i guess it works now so 2 things need to be done, when u apply the new mac id, the itnerface from the ppp link gets lost so it needs to be reaggined so probably that needs a patch so u dont have to go around doing it manually and also put up a note saying to restart the box when mac spoof is used


  • Administrator

    Following commit should fix the issue, please let me know if it works.

    https://github.com/bsdperimeter/pfsense/commit/254ebf8b0fb9a8042d154ab2206d7c4f3f16b487



  • ill test it in some while now and report back


  • Administrator

    There is a more recent commit with a better solution. Please consider testing this one.

    https://github.com/bsdperimeter/pfsense/commit/84086442a2fa40b0fba12cf00a935144de3c5e71



  • tried, it works well but some issues. after i enter a spoofed mac id, it gets implemented and pppoe reconnects and uses the new mac id and everything well but once i goto that spoofed mac id field and remove it and apply again, pppoe reconnects but under ppp tab etc it still keeps showing the spoofed mac id, not the original one, now i tried to do a trace from console to see what amc id its suing for the new connection but wasnt able to as my console hangs, this happens to me a couple of times when i see AT OK in console randomly, so i wasnt able to see is the original mac id being used or no but after a reboot the gui starts showing the original mac id so it might just be a gui bug but in general mac spoof works fine now, thanks



  • When I set a fake MAC address in the PPPoE interface page and attempt to connect, WireShark shows PADI packets still being broadcasted from em0's MAC address. I'm running 2.0.2-RELEASE.


  • Administrator

    @xbipin:

    tried, it works well but some issues. after i enter a spoofed mac id, it gets implemented and pppoe reconnects and uses the new mac id and everything well but once i goto that spoofed mac id field and remove it and apply again, pppoe reconnects but under ppp tab etc it still keeps showing the spoofed mac id, not the original one, now i tried to do a trace from console to see what amc id its suing for the new connection but wasnt able to as my console hangs, this happens to me a couple of times when i see AT OK in console randomly, so i wasnt able to see is the original mac id being used or no but after a reboot the gui starts showing the original mac id so it might just be a gui bug but in general mac spoof works fine now, thanks

    The only way to restore original MAC is rebooting (or filling it manually), since we do not keep this information anywhere.


Locked