Mac spoof on wan - pppoe doesnt work

xbipin

i have a pppoe connection and my isp requires to spoof a fixed mac but it doesnt seem to work on latest nanobsd alix snapshot

jimp

Did it ever work on 2.1? If it did, what was the date of the snapshot it worked on, and the one it was broken on?

xbipin

i installed a new alix for a client and his isp has that requirement and i tried 2.0.1 first and it didnt and then i tried 2.1 23rd September and still same, ppp log shows authorization failed from isp, i called them up and they said the mac id was same as the alix one, not the one i tried to spoof which was of the asus router, i tried the latest snap as of now but tis still the same, pfsense isnt spoofing it

jimp

It's probably not working like you expect because the MAC box is for the interface assigned, and the assigned interface in that case is pppoe0 and not the physical interface.

Try this trick:
Make the PPPoE interface as usual - no spoofed mac - this will result in pppoe0 being assigned for that interface.
Then go and assign the physical interface  (again, vr0), set it for an IP type of 'none' and spoof the MAC there.

xbipin

i got confused

first i create the usual pppoe connection
then i goto interface - assign then add a new interface for vr1 (in my case)
then goto that itnerface and assign spoofed mac

but this way wont it have like 2 interfaces for same port and wont it conflict?
wan -> pppoe(vr1) -> vr1(with spoofed mac)

jimp

No they don't conflict because technically they are different interfaces, one is vr1 and the other is pppoe0

Sort of like how you can use both the vlan parent and a vlan subinterface at the same time.

And since you have the physical interface set to an IP of none it wouldn't hurt anything anyhow.

xbipin

ill test it and report back.

if this is the way to spoof then u should probably remove the mac spoof box when u select pppoe type when u create a new interface coz it can be misleading

jimp

That may be a good idea. I'm not sure that box serves any purpose for PPPoE (or PPTP or L2TP or PPP…)

xbipin

once i create a new interface opt1, do i need to goto ppp tab edit pppoe and assign it to vr1 or to opt1?

xbipin

when i tried with vr1

actually there is multi wan set so vr0 is lan vr1 is wan1 and vr2 is wan2 and its wan2 i need to spoof and the new itnerface ic reated was opt3 with spoofed mac

when the ppp tab listed pppoe linked to vr2 i got the below log and didnt work, not to mention my second device with pppoe reconnect issue

Sep 25 18:40:22 	syslogd: kernel boot file is /boot/kernel/kernel
Sep 25 22:24:59 	check_reload_status: Syncing firewall
Sep 25 22:25:41 	php: /interfaces_assign.php: Calling interface down for interface opt3, destroy is
Sep 25 22:25:41 	php: /interfaces_assign.php: Deny router advertisements for interface opt3
Sep 25 22:25:46 	check_reload_status: updating dyndns opt3
Sep 25 22:25:53 	php: /interfaces_assign.php: Creating rrd update script
Sep 25 22:25:53 	check_reload_status: Syncing firewall
Sep 25 22:26:21 	check_reload_status: Syncing firewall
Sep 25 22:26:27 	php: /interfaces.php: Calling interface down for interface opt3, destroy is
Sep 25 22:26:27 	php: /interfaces.php: Deny router advertisements for interface opt3
Sep 25 22:26:27 	kernel: vr2: link state changed to DOWN
Sep 25 22:26:27 	check_reload_status: Linkup starting vr2
Sep 25 22:26:30 	check_reload_status: Linkup starting vr2
Sep 25 22:26:30 	kernel: vr2: link state changed to UP
Sep 25 22:26:32 	check_reload_status: updating dyndns opt3
Sep 25 22:26:34 	php: /interfaces.php: Removing static route for monitor 203.187.192.33 and adding a new route through 203.187.196.1
Sep 25 22:26:35 	php: : Hotplug event detected for opt3 but ignoring since interface is configured with static IP ()
Sep 25 22:26:35 	php: /interfaces.php: Creating rrd update script
Sep 25 22:26:35 	check_reload_status: Reloading filter
Sep 25 22:26:37 	php: : Hotplug event detected for opt3 but ignoring since interface is configured with static IP ()
Sep 25 22:26:37 	check_reload_status: rc.newwanip starting vr2
Sep 25 22:26:45 	php: : rc.newwanip: Informational is starting vr2.
Sep 25 22:26:45 	php: : rc.newwanip: on (IP address: ) (interface: opt3) (real interface: vr2).
Sep 25 22:26:45 	php: : rc.newwanip: Failed to update opt3 IP, restarting...
Sep 25 22:26:45 	check_reload_status: Configuring interface opt3
Sep 25 22:26:51 	php: /status_interfaces.php: Calling interface down for interface opt2, destroy is
Sep 25 22:26:51 	check_reload_status: Configuring interface opt2
Sep 25 22:26:55 	check_reload_status: Updating all dyndns
Sep 25 22:26:55 	check_reload_status: Restarting ipsec tunnels
Sep 25 22:26:55 	check_reload_status: Restarting OpenVPN tunnels/interfaces
Sep 25 22:26:55 	check_reload_status: Reloading filter
Sep 25 22:26:56 	php: : Could not find IPv4 gateway for interface (opt2).
Sep 25 22:26:59 	php: : Deny router advertisements for interface opt2
Sep 25 22:27:00 	check_reload_status: Rewriting resolv.conf
Sep 25 22:27:00 	php: : Starting 3gstats.php on device '' for interface 'opt2'
Sep 25 22:27:01 	php: : Deny router advertisements for interface opt3
Sep 25 22:27:15 	php: : Could not find IPv4 gateway for interface (opt2).
Sep 25 22:27:43 	syslogd: exiting on signal 15
Sep 25 22:27:43 	syslogd: kernel boot file is /boot/kernel/kernel
Sep 25 22:27:49 	php: /status_interfaces.php: Deny router advertisements for interface opt2
Sep 25 22:27:49 	php: /status_interfaces.php: Starting 3gstats.php on device '' for interface 'opt2'

xbipin

can some1 guide me on how to trace what mac id is being sent to isp for pppoe connections as recently there was a patch for the issue but i have no clue to how to trace if the applied mac id is being sent also or no

jimp

You'd probably have to do a packet capture on the physical interface (e.g. vr2) to see that.

From the shell, something like this may work:

tcpdump -vvvnei vr2

xbipin

i tried it and as soon as i go under interfaces->wan and feed in a new mac id and apply the pppoe link under ppp under assign looses its itnerface and i get the below in system log so then i reassign the vr1 interface which is for my wan and pppoe connects but still with the actual mac id, not the spoofed one so i guess it still doesnt work

Jan 12 12:42:27 	php: : Could not find IPv4 gateway for interface (wan).
Jan 12 12:42:27 	php: : Could not find IPv4 gateway for interface (wan).
Jan 12 12:42:27 	php: : Could not find IPv4 gateway for interface (wan).
Jan 12 12:42:27 	php: : Could not find IPv4 gateway for interface (wan).

wallabybob

Did you disable and enable the PPP link around changing the MAC address?

Did you restart the box after changing the MAC address?

xbipin

i restarted now and it seems its using the applied mac id now so i guess it works now so 2 things need to be done, when u apply the new mac id, the itnerface from the ppp link gets lost so it needs to be reaggined so probably that needs a patch so u dont have to go around doing it manually and also put up a note saying to restart the box when mac spoof is used

rbgarga

Following commit should fix the issue, please let me know if it works.

https://github.com/bsdperimeter/pfsense/commit/254ebf8b0fb9a8042d154ab2206d7c4f3f16b487

xbipin

ill test it in some while now and report back

rbgarga

There is a more recent commit with a better solution. Please consider testing this one.

https://github.com/bsdperimeter/pfsense/commit/84086442a2fa40b0fba12cf00a935144de3c5e71

xbipin

tried, it works well but some issues. after i enter a spoofed mac id, it gets implemented and pppoe reconnects and uses the new mac id and everything well but once i goto that spoofed mac id field and remove it and apply again, pppoe reconnects but under ppp tab etc it still keeps showing the spoofed mac id, not the original one, now i tried to do a trace from console to see what amc id its suing for the new connection but wasnt able to as my console hangs, this happens to me a couple of times when i see AT OK in console randomly, so i wasnt able to see is the original mac id being used or no but after a reboot the gui starts showing the original mac id so it might just be a gui bug but in general mac spoof works fine now, thanks

kathampy

When I set a fake MAC address in the PPPoE interface page and attempt to connect, WireShark shows PADI packets still being broadcasted from em0's MAC address. I'm running 2.0.2-RELEASE.

rbgarga

@xbipin:

tried, it works well but some issues. after i enter a spoofed mac id, it gets implemented and pppoe reconnects and uses the new mac id and everything well but once i goto that spoofed mac id field and remove it and apply again, pppoe reconnects but under ppp tab etc it still keeps showing the spoofed mac id, not the original one, now i tried to do a trace from console to see what amc id its suing for the new connection but wasnt able to as my console hangs, this happens to me a couple of times when i see AT OK in console randomly, so i wasnt able to see is the original mac id being used or no but after a reboot the gui starts showing the original mac id so it might just be a gui bug but in general mac spoof works fine now, thanks

The only way to restore original MAC is rebooting (or filling it manually), since we do not keep this information anywhere.