Static IPs, Virtual IPs, PPPOE, BT Infinity
-
Hi,
I wonder if anyone can help;
I am trying to bind a static WAN IP address to our pfSense machine, so that I can set-up a site-to-site VPN tunnel.
We have a range of 5 static IP addresses. These are configured as virtual IP's with some 1:1 NAT mappings to bind these to a couple of devices on the LAN. (This works fine).
The problem is the WAN interface is being assigned a dynamic IP by the modem / ISP, making it difficult for me to bind the static IP's to services running on the pfSense box itself (e.g. VPN).
So for instance, the IPSEC connection is being bound to the dynamic IP, and not one of the static IPs. This is obviously causing a problem as the VPN tunnel breaks when the IP is renewed.
I have tried configuring the IPSEC Phase 1 entry to use one of the Virtual IP's as the interface (local endpoint), however doing this produces the following error in the ipsec log:
"charon: 02[NET] error writing to socket: Can't assign requested address"
Thanks for your help.
Notes:
- Running pfSense 2.2.1 on a machine with 2x NICS.
- ISP : BT Infinity with Open Reach Modem. (The modem config is locked)
- pfSense WAN interface: IPV4 (PPPOE)
- Physical Connection : [DSL WALL SOCKET] –> [BT MODEM] –> [PFSENSE WAN]
-
Are you using IP Alias as the virtual IP type?
Steve
-
Steve,
Thanks for your reply. Yes, the IPs were configured as aliases.
I have now solved this problem, detail can be found in the following post:
https://forum.pfsense.org/index.php?topic=93065.0
-
Ah, interesting.
Slightly odd that you couldn't use any of the virtual ips to history the vpn service though. That's how it's usually done. You may have been able to do so by adding the 'router ip' as a virtual IP leaving the wan free to talk to the modem (if you get an unlocked one).Steve
