Hi all,
I've created a WAN interface associated with a PPoE device that's connecting to an FTTC service that's provided by a modem and connected to my N100-based mini-pc installed with OPNSense in a Proxmox VM to replace my Asus router, but it doesn't work despite the status showing as green in the interfaces overview page, as I'm unable to browse the web via the LAN. I know the WAN is connecting okay because successful authentication is confirmed in the logs, but the IP address shown isn't the correct static IP address that should be assigned by my ISP. What setting for getting the IP address should I get specifying in the WAN interface itself?
My Asus router uses the following WAN settings to successfully connect:
Connection type: PPoE
Enable NAT: Yes
NAT type: Symmetric
Get the WAN IP automatically: Yes
There is no VLAN requirement from my ISP to connect.
Quote from: endurium on February 23, 2026, 07:20:54 PMI know the WAN is connecting okay because successful authentication is confirmed in the logs, but the IP address shown isn't the correct static IP address that should be assigned by my ISP.
The IP assignment is part of the PPPoE handshake. You can as well see in the log, which IP is offered to you by the ISP.
So what does the log show regarding the IP?
And which IP do you get in fact? Is it a public one?
If you do not get the IP address you expect per your contract, only your ISP can fix that.
Here are some screenshots from my config, first the WAN interface config, do I need to specify an MTU figure?
Screenshot 2026-02-24 112504.png
The PPoE device settings - I'm guessing I only need to specify the underlying adaptor vtnet1 and not the wan interface?
Screenshot 2026-02-24 144135.png
The interfaces overview shows my ISP-assigned static IP for the WAN and gateway address 195.166.130.254, the latter which I've never seen before but looking it up shows the following info which does seem to make sense considering my ISP is Plusnet which uses BT infrastructure:
Hostname:254.core.plus.net
ASN:6871
ISP:British Telecommunications Plc
Screenshot 2026-02-24 152348.png
Finally here are the logs showing the WAN address binding-related messages.
Screenshot 2026-02-24 logfile.png
With my Asus router connected back to the WAN (OPNSense router unplugged from WAN), I checked it's logs and found entries for "local IP address 80.229.251.220" and "remote IP address 195.166.130.255", the latter which is in the same subnet as the earlier-mentioned gateway address 195.166.130.254 so I'm guessing that's expected?
Otherwise, what could be causing clients connected to my OPNSense router to not be able to connect to the internet?
Quote from: viragomann on February 23, 2026, 10:22:03 PMQuote from: endurium on February 23, 2026, 07:20:54 PMI know the WAN is connecting okay because successful authentication is confirmed in the logs, but the IP address shown isn't the correct static IP address that should be assigned by my ISP.
The IP assignment is part of the PPPoE handshake. You can as well see in the log, which IP is offered to you by the ISP.
So what does the log show regarding the IP?
And which IP do you get in fact? Is it a public one?
The
System: Gateways: Configuration page shows WAN_PPOE bound to the WAN interface with an IP Address of 195.166.130.254 and a Monitor IP of the same, with the status icon showing that it's down. If I edit the gateway entry and tick the box
Disable Gateway Monitoring then the gateway shows as being UP
If I look at the terminal screen showing the current interfaces details and the menu options, I see that the correct public static IP of 80.229.251.220 is being picked up.
Can you ping e.g. the ISP gateway or 8.8.8.8 from the OPNsense itself?
Quote from: Patrick M. Hausen on February 23, 2026, 10:24:03 PMIf you do not get the IP address you expect per your contract, only your ISP can fix that.
It appears that the IP address 195.166.130.254 is a remote IP address for my ISP which returns a local IP address of 80.229.251.220 which is what I'd expect.
Quote from: Patrick M. Hausen on February 24, 2026, 07:11:53 PMCan you ping e.g. the ISP gateway or 8.8.8.8 from the OPNsense itself?
I didn't try pinging the ISP gateway but pinging 8.8.8.8 or any other well-known public IP fails
So
- PPPoE authentication and IP address assignment works
- ICMP echo (ping) does not
Of course there can be a dozen more things amiss that would prohibit your clients from accessing the Internet but before your OPNsense can ping 8.8.8.8 it does not make sense to look any further.
I'd open a ticket with your ISP. You also wrote you did not receive your assigned fixed IP address, correct? So something is wrong.
Quote from: Patrick M. Hausen on February 24, 2026, 07:36:22 PMSo
- PPPoE authentication and IP address assignment works
- ICMP echo (ping) does not
Of course there can be a dozen more things amiss that would prohibit your clients from accessing the Internet but before your OPNsense can ping 8.8.8.8 it does not make sense to look any further.
I'd open a ticket with your ISP. You also wrote you did not receive your assigned fixed IP address, correct? So something is wrong.
Connecting my Asus router to the modem instead of the OPNSense router works fine, so I'm not sure it's worth raising a ticket with my ISP. The correct (static) IP is returned, according to the logs which state "treating 195.166.130.254 as far gateway for 80.229.251.220/32"
What would I need to look for to see if the firewall is blocking outbound requests from LAN interface clients?
Some ISPs detect a router change and give you a temporary non-routable network in which you can register your new hardware. Some do this for ONTs only, others even want to know when the router changes. Ask them, they must know.
Maybe your WAN IP is now something like 10.x.x.x, which would give an indication.
A newly installed OPNsense is not blocking anything from LAN and comes with NAT enabled on WAN. Also it does not block anything outbound from the firewall itself.
Looking closer at your screen shots - why do you have routes for 8.8.8.8 and 9.9.9.9 to your loopback interface? With these active it's natural you cannot ping e.g. 8.8.8.8.
The logfile entries look good.
Quote from: meyergru on February 24, 2026, 07:48:11 PMMaybe your WAN IP is now something like 10.x.x.x, which would give an indication.
Nope. Look at their screen shots above. But the routes on lo0 are suspicious.
Quote from: Patrick M. Hausen on February 24, 2026, 07:49:35 PMA newly installed OPNsense is not blocking anything from LAN and comes with NAT enabled on WAN. Also it does not block anything outbound from the firewall itself.
Looking closer at your screen shots - why do you have routes for 8.8.8.8 and 9.9.9.9 to your loopback interface? With these active it's natural you cannot ping e.g. 8.8.8.8.
The logfile entries look good.
Those entries are the DNS servers I specified in the general config, I didn't add them to my loopback interface. Should I remove them? I have tried pinging 1.1.1.1 and amazon.com to no avail.
Quote from: meyergru on February 24, 2026, 07:48:11 PMSome ISPs detect a router change and give you a temporary non-routable network in which you can register your new hardware. Some do this for ONTs only, others even want to know when the router changes. Ask them, they must know.
Maybe your WAN IP is now something like 10.x.x.x, which would give an indication.
The WAN is an FTTC connection via a fibre modem whose output is connected to my router, whether it's my Asus router or my OPNSense router (which I'm clearly struggling to get working) and the Asus router connects just fine to the WAN and I can surf the web from any connected clients.
Yes, the WAN IP as well as the default gateway are on Plusnet. However, neither is reachable from here as well. This looks like a new development area where connectivity is not yet established.
On the other hand, if it works with an Asus router... I would check what WAN IP and default gateway you get with the Asus router. But heck, ask your ISP what is wrong there. Obviously, they give your the PPPoE credentials, so they must be able to deal with a different router.
What else is routed to lo0? Have you clicked on that large "Expand" button, yet?
But to get the real and complete picture, please post the output of these two commands:
ifconfig
netstat -rn
Quote from: meyergru on February 24, 2026, 08:01:54 PMYes, the WAN IP as well as the default gateway are on Plusnet. However, neither is reachable from here as well. This looks like a new development area where connectivity is not yet established.
On the other hand, if it works with an Asus router... I would check what WAN IP and default gateway you get with the Asus router. But heck, ask your ISP what is wrong there. Obviously, they give your the PPPoE credentials, so they must be able to deal with a different router.
I can't reach the remote WAN IP 195.166.130.255 but I can reach the local WAN IP 80.229.251.220 (which is my public static IP address). The Asus router doesn't show the default gateway in it's UI, but would the gateway be the remote IP address 195.166.130.255 which shows up in it's logs?
It does not need to be, the gateway you are given can also further away than your counterpart. IDK how / if the Asus router shows its gateway.
Had another chance to take a look at this issue, checked my firewall rules, outbound NAT (set to Auto) and the WAN shows as UP so tried pinging 9.9.9.9 from an SSH session in OPNSense and it worked, so it would appear that the WAN is working fine as far as routing outbound traffic is ocncerned, but doing the same from an SSH session on my PC connected to the OPNSense LAN fails with "host unreachable" errors, even though the PCs ip config shows the correct client IP handed out b DHCP and the gateway being the LAN ip of 192.168.1.1
I've created firewall rules to allow traffic in and out of the LAN but that made no difference.