Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: layereight on December 21, 2023, 09:10:17 AM

Title: Virtual IP / IP Alias question
Post by: layereight on December 21, 2023, 09:10:17 AM
Hi!
I have added an IP Alias to my WAN interface (PPPoE configured and up), because I am using a DSL modem that is connected to the WAN interface which has a management GUI. I want to access this management GUI (on 192.168.178.1) via the IP Alias I want to configure.
Now my problem is, after adding the IP Alias I don't see this IP anywhere. Neither in my ARP table or my routing table, nor with ipconfig. Further, I cant reach my router's LAN IP when loggen on to ssh on my opensense fw.

Layout is:
Internet --- Router --- <opensense wan interface PPPoE + IP alias> --- Opensense --- <lan interface with VLAN trunk> --- Core switch

Am I configuring it wrong? Can anyone give guidance?
Thank you :-)
Title: Re: Virtual IP / IP Alias question
Post by: doktornotor on December 21, 2023, 09:16:20 AM
You do not need any alias for this. Assign the underlying physical interface used for PPPoE and configure it with the subnet used for modem management. Create a GW and configure it to the modem IP. Done.

Title: Re: Virtual IP / IP Alias question
Post by: knebb on December 21, 2023, 09:19:40 AM
Hi,

I am unsure about your setup. The sketchedd "Router" means your DSL-modem, right? This has an own Mgmt-Interface at 192.168.178.1, right? It is a Fritz!Box, right? :)

May I ask if it is a better solution to let the Fritz! do the Internet connection and forward all requests to your opnsense as exposedd host? Then the WAN has a 192.168.178.x address and you can easily connect to your Fritz!
Yes, it is double-NAt but as long as you do not use very restrictive online games I have not encountered any real issues whith this. I even use VoIP Phones a lot in this setup.

However, if this is not an option you might check following:

Do you have a rule which block private IPs on WAN? The 192.168.178.1 is a private IP!
Is it possible to use VLANs (do not know if Fritz! can do)? In this case better set up a VLAN interface on top of WAN.
Otherwise it should simply work by configuring the underling interface with the IP stuff. For me, my PPPoE is running on top of WAN as a VLAN (Telekom DSL)

Try and let us know.

/KNEBB

Title: Re: Virtual IP / IP Alias question
Post by: hushcoden on December 22, 2023, 01:21:30 PM
@doktornotor

do you mind to share the gateway config? And you still need an firewall -> outbound rule, correct?

Thanks.
Title: Re: Virtual IP / IP Alias question
Post by: doktornotor on December 22, 2023, 02:03:02 PM
Not sure what else you need - use the modem IP as GW. Already in the screenshot. Can use /30 of course instead of /24. You do not need any outbound rules. Do not need any firewall rules either on that interface - unless you want to use it e.g. for NTP to set up the time on the modem.
Text only | Text with Images