Static route with interface
-
Hi,
I just got a second WAN, and modem is in bridge mode. It gives IP, DNS & Gateway to Pfsense, with the correct MAC spoofing
ISP force DHCP, no way to use static config for security reasons.Only problem is the gateway, with an IP outside the WAN network.
I can make it working with :
route add -inet xxx.xxx.xxx.254 -link -iface em2But after some time (10 minutes it seems) connexion fails, no traffic anymore to the gateway.
I should add that I monitor one of the DNS for online check, and continuous ping gives me allways a 10ms ping, stable and always there.Route is still there in netmap -nr, but no more traffic even 1 hour later.
if I disable WAN2 interface, re-enable, then add again the route, this start again to work.
I guess that some SSH hacking in routes is not a good idea with a GUI/database router as Pfsense, so I tried to add this route in the interface.
In System/routing/route, I can add a static route, but only to WAN2 IP range, not to WAN2 interface (em2)
Any Idea ?
-
-
Hi, Thnaks for pointing me on this post, I did not find it.
I have a static IP, so it should be easier.
But, my ISP force DHCP, and the DHCP serveur gives the gateway.
Routing to IP from the GUI should create internaly a rules like :
route add -inet 185.4.79.254 -link -inet 185.4.79.254 as 185.4.79.254 is the gateway from DHCP and identify my WAN in static rules, but is also my real GW..And my CLI route add -inet 185.4.79.254/32 -link -iface em2 is working. Except it cut every 10 min for 10 min if I do not reset WAN interface before..
Klona
-
Hi.
I really don't understand/ And the more testing, the less I understand.
Modem is in bridge, and give through DHCP ip, Mask, DNS, and gatewxay outside the IP subnet. OK
Adding route through Console make the trick and internet access is OK… For 10 minutes approx.
Then It's down for approx 10 min. Then Up again, etc..I tried with Ipcop on a VM, no problem. I also tried with a Cisco Meraki, no problem.
I also have another ISP, modem in bridge mode, stable for months with my Pfsense.
Does anyone has a clue or even just an idea how to log and identify this problem ?
-
It would be interesting to see what DHCP options the server gives to you. Could you please post a packet capture of DHCPACK?
-
Hi Thanks,
i did'nt know about packet capture inside Pfsense. Great tool.16:11:59.654405 00:0c:29:4f:xx:xx > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
185.45.xx.xx.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:0c:29:4f:bf:8a, length 300, xid 0x713f4345, Flags [none] (0x0000)
Client-Ethernet-Address 00:0c:29:4f:xx:xx
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Requested-IP Option 50, length 4: 185.45.xx.xx
Client-ID Option 61, length 7: ether 00:0c:29:4f:xx:xx
Hostname Option 12, length 7: "pfsense"
Parameter-Request Option 55, length 9:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
Option 11916:11:59.770129 e0:97:96:a2:xx:xx > 00:0c:29:4f:xx:xx, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 63, id 50246, offset 0, flags [DF], proto UDP (17), length 328)
172.16.100.xx.67 > 185.45.xx.xx.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, hops 1, xid 0x713f4345, Flags [none] (0x0000)
Your-IP 185.45.xx.xx
Gateway-IP 172.16.102.xx
Client-Ethernet-Address 00:0c:29:4f:xx:xx
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: 172.16.100.xx
Lease-Time Option 51, length 4: 150000
Subnet-Mask Option 1, length 4: 255.255.255.255
Default-Gateway Option 3, length 4: 185.4.79.254
Domain-Name-Server Option 6, length 8: 178.250.xx.xx,178.250.xx.xxI am going to get some full wireshark log at up and down time and try to find some clue..