Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - HankG

Pages1
#1
General Discussion / DHCP Relay Server
June 26, 2024, 02:42:24 PM
Hello!

I have problems with DHCP relay. We have two sites, A and B, both have an OPNSense firewall, connected by a direct link. I want the opnsense on A to be the dhcp server for *both* sites. I understand that I can tell B to forward DHCP requests to A, but how do I configure *A* so that it specifically answers these DHCP requests with a specific subnet? We're still on ISC dhcpv4, I need to create some sort of interface for this, but I don't understand how and which. To my understanding, normally the circuit-ID that is sent with the dhcp relay might be used to determine which dhcp replies to serve, but I can't find any place to use that in the dhcp configuration web ui.

I'd be glad about any help on how to correctly set this up!
Greetings, Hank
#2
23.7 Legacy Series / Re: Problem with Virtual IPs and PPPoE
November 12, 2023, 09:09:54 PM
Thanks for the answer!

I just tried a NAT rule for the additional IP, it seems to work fine ;)

I'd love to get *any* IPv6, but alas a /29 additional IPv4 is all we can get.
#3
23.7 Legacy Series / Re: Problem with Virtual IPs and PPPoE
November 12, 2023, 08:56:13 PM
Proxy ARP definitely can be configured (I tried it), it didn't work ;)

So I "just" need to set the gateway for the Virtual IP Alias to the correct gateway for the PPPoE connection?
Yes, this works ;) now ICMP works.

I don't understand how to correctly use this though, I *don't* want all of these IPs to automatically work the same way the main IP does, so I tried to enable "Deny service binding", but then they stop being pingable. Will NAT rules specifically targetting these IPs still work? Can I create such NAT rules even if "Deny service binding" is disabled?

Sorry to ask so many questions, but I haven't been able to find much documentation on how these things work.

It would be great if the UI could just show (and require) the gateway setting for PPPoE connections ;)

Thank you very much for your help with this!
#4
23.7 Legacy Series / [Solved] Problem with Virtual IPs and PPPoE
November 12, 2023, 07:56:49 PM
Hello!

We're on 23.10, WAN is a PPPoE interface. It works fine. I've added two new virtual IPs (IP Alias) to it (WAN -> pppoe1), I can see incoming ICMP requests, but they seem to be *forwarded* to the default gateway instead of replied to. So they come in through WAN, then go out through WAN again.

19:50:39.291317 IP XXX.XXX.144.157 > XXX.XXX.162.48: ICMP echo request, id 70, seq 26, length 64
19:50:39.291327 IP XXX.XXX.144.157 > XXX.XXX.162.48: ICMP echo request, id 70, seq 26, length 64

The web ui shows the same [see screenshot]. How can I check with command line tools whether the IP aliases are correctly added to the pppoe1 interface?

Thanks for any help with this,
Greetings
Pages1