Virtual IP Adresses (by PPPoE)

[mohnewald]

With a PPPoE Dialup i get a sinle IP Address: xxx.xxx.130.131
My PPPoE Gateay IP is xx.xxx.149.21 (pushed by pppoe)

My ISP also routes xxx.xxx.154.64/29 to me.

If i try to set up a VIP in the GUI i get the error:
/sbin/ifconfig pppoe1 inet xxx.xxx.154.67/29 alias
ifconfig: ioctl (SIOCAIFADDR): Destination address required

I think it should be:
/sbin/ifconfig pppoe1 inet xxx.xxx.154.67/29 alias ppoe-isp-gw-ip
=> Because that works and makes my vip available to the world.

my goal is this:

pppoe1: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
        inet xx.xxx.131.182 --> xx.xxx.130.131  netmask 0xffffffff                  ==> assigned by pppoe
        inet xx.xxx.154.67 --> xx.xxx.149.21  netmask 0xffffffff                    ==> assigned by my crontab script
        inet xx.xxx.154.68 --> xx.xxx.149.21  netmask 0xffffffff                    ==> assigned by my crontab script
        inet6 fe80::20d:b9ff:fe47:72b4%pppoe1 prefixlen 64 scopeid 0x9
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Crontab script:

#!/bin/sh

# Public IP SVN Server
/sbin/ifconfig pppoe1 inet xx.xxx.154.67/32 alias xx.xxx.149.21

# Public IP OpenVPN Access Server
/sbin/ifconfig pppoe1 inet xx.xxx.154.68/32 alias xx.xxx.149.21

[AdSchellevis]

for reference #1415 contains the same issue.

[AdSchellevis]

@mohnewald can you try 736cf38 ?

[fichtner]

Code is in place, feedback welcome. Closing this for accounting reasons.

[fichtner]

Ended up in a debate and was reverted, but seemed fine so we'll finally push this in 18.1.5: #2112

[githubatf2f10]

@AdSchellevis

Hi guys,
I stumbled upon this post, while I recently tried to do a similar setup.
I am with TekSavvy at Canada, who offers me a PPPoE static IP (e.g. 7.7.7.7 w/ gw 9.9.9.9). I also just acquired a /30 subnet from them (e.g. 6.6.6.6/30).

I use current OpnSense (18.7.6 (installed) | 2018-10-25) release and wanted to setup Virtual IP (IP Alias) so that I can either do port-forwarding (preferred) or even (1:1 nat). I tried various Virtual IP, like Alias, Proxy arp, Carp, Other. It seems that I got luck sometime with internet ping coming to these IP ok, while outgoing traffic sometimes work, sometimes not, for either ICMP and http.

So, basic setup is like this,

1. Under Firewall-> Virtual IP-> set all four IP, 6.6.6.6/32, 6.6.6.7/32, 6.6.6.8/32, 6.6.6.9/32 with IP Alias type. The setting has a Gateway options, I tried ISP gw 9.9.9.9 and it seems no effect at all with some errors in the logs(such as,

Nov 5 09:37:04 | opnsense: /firewall_virtual_ip.php: The command '/sbin/ifconfig 'pppoe0' inet 'x.x.x.x'/'32' alias ' returned exit code '1', the output was 'ifconfig: ioctl (SIOCAIFADDR): Destination address required' )
. So, I left it empty.

These two are in the logs, while I tested traffic. I am not sure whether this is the root cause.
Nov 5 09:29:41 | kernel: pppoe0: promiscuous mode disabled
Nov 5 09:05:10 | kernel: pppoe0: promiscuous mode enabled

2. Under Firewall-->NAT-->Port Forward, I forwarded interesting traffic, even including ICMP over from one of these four IP to one of my private IP (ubuntu).

3. Firewall->Rules, there's automatic generated rule permitting those traffic.

4. Firewall ->NAT -> outbound NAT, I manually created an entry for traffic from this internal IP to any being source natted to this public IP.

I even tried with Port forward + 1:1 NAT (without manual Outbound rule).

The results of various of these test, are sometimes incoming traffic fine, outgoing is sporadic.

Any ideas of best steps of making this work?

Thanks in advance.

Peng

[githubatf2f10]

no worries,.....called TekSavvy and they found it out this subnet was assigned to another person as well, which caused packet being missed.. they gave me a new subnet and with only port-forward, no 1:1 nat, things work well now. thanks