Virtual IP Question

[fbeye]

Hello.

I have everything set up [correctly] as it all "works" but wanted to verify.

So I have a block of 8 static ips, 6 usable. x.x.x.177 - x.x.x.182 and .182 is the default WAN/IP that my OPSN Firewall obtains, so all other [WAN] IP's use that as their Gateway.
Under Interface:Virtual IP's I have x.x.x.177 - x.x.x.182... But I was thinking, do I need the x.x.x.182 as a virtual ip if it in itself is the firewall WAN IP?
Also, being I have only a block of 8, that is a /29 but in Virtual IP when I add an entry, would that also be /29 or would it be /32 as it is by itself?

I guess my question about cidr is what /x in the entry wanting? The specific IP standalone or as part of the 8 ips

[Patrick M. Hausen]

Virtual IPs as /32. You can only use 4 in addition to .182 because one will be your default gateway provided by the ISP or data centre.
A /29 has 8 addresses, 6 usable, 1 for gateway, 5 for server(s).

So e.g.

.182/29 as the interface IP address, no virtual IP
.181/32 as virtual
.180/32 "
.179/32 "
.178/32 "
.177 your default gateway

HTH,
Patrick

[fbeye]

Interesting. Yeah I always used .182 as the Gateway only because it was always the WAN IP that has always been assigned during PPPoE be it OPNSense, Cisco ISR or even my default DSL Router, so assumed the .182 was the Gateway.

[Patrick M. Hausen]

If that is a PPPoE link your gateway should be auto configured and visible in System > Gateways. For a point to point link the constraints I mentioned do not apply so you might even be able to use all 8 IP addresses of your assigned /29.

The setup I described is for Ethernet style (broadcast) uplinks. The most common configuration if you get more than a single address.

If the UI is not of help, what are `ifconfig pppoe0` and `netstat -rn | grep default` showing?

Kind regards,
Patrick

[fbeye]

Well this is news to me. I have never seen this IP address in my life and of course is not even part of my Block of IP's

netstat -rn | grep default
default            75.160.240.27      UGS      pppoe0

[Patrick M. Hausen]

So there is a high probability you can use all 8 :)

[fbeye]

I guess I will have to try. I know on the printout I got YEARS ago it mentioned x.x.x.176 was 'reserved' and x.x.x.183 was 'broadcast' so yeah it seems .177 - .182 are usable. So on my Virtual IP's I would use  75.160.240.27 as my gateway instead of .182.
I suppose I will try it.

[Patrick M. Hausen]

Don't seta gateway on the virtual IPs at all. The system has got a global default gateway.

[fbeye]

Morning

Well here is the thing and the reason this topic came up. I have verified that if any IP [not] default WAN IP [.182] is being used to connect to a service via Caddy it will not work unless the Virtual IP in question [.181 for example] has a Gateway inputted into it.
Also, unless there is a GW in the Virtual IP in general, they will not show up in the 'ifconfig pppoe0'.

Like I said only going based on what I found and no other possible incorrect configuration I simply know I can't not caddy in on an ip not the wan ip unless that virtual ip has a gw in it.

And why is there a line through the last paragraph.

[Patrick M. Hausen]

Got it - my bad.

For some interface types a gateway is required to configure an IP Alias (ppp/pppoe/tun), leave this field empty for all other interface types.

I don't have virtual IP addresses on point to point interfaces, anywhere. All Ethernet type. Hence the restriction of e.g. only 5 out of 8 for /29.

So it looks like you do need a gateway set. Guess you'll have to experiment some more to come to a conclusion. I would create all 7 addresses but the standard one as aliases with gateway 75.160.240.27 and see what happens.

[fbeye]

Insane, so after talking to the ISP [I know a guy who works in the tech side] and explaining the situation. He can not find a reason why my PPPoE is picki9ng up an IP not even relevant to my network as the GW. He mentioned in the PPPoE I should set the WAN IP. When I go to Interface:Point-To-Point:Devices and set the IP/Gateway, it saves but does not APPLY. There is no apply button either after I change it.. But when I go back in, the field is empty again.
So that won't work. Then I went into GATEWAYS and inputted the .182 as GW and IP..Everything stops working. I changed it all back and it works but with the weird GW IP.

I am gonna just leave it as is, it works.

[Patrick M. Hausen]

Insane, so after talking to the ISP [I know a guy who works in the tech side] and explaining the situation. He can not find a reason why my PPPoE is picki9ng up an IP not even relevant to my network as the GW. He mentioned in the PPPoE I should set the WAN IP. When I go to Interface:Point-To-Point:Devices and set the IP/Gateway, it saves but does not APPLY. There is no apply button either after I change it.. But when I go back in, the field is empty again.
So that won't work. Then I went into GATEWAYS and inputted the .182 as GW and IP..Everything stops working. I changed it all back and it works but with the weird GW IP.

I am gonna just leave it as is, it works.

This on the other hand is perfectly normal. The pppoe0/WAN interface gets its IP address by the PPPoE negotiation. And point to point interfaces need not have endpoints in the same subnet. Theoretically they need not even have IP addresses at all. It's common for ISPs to have a single IP address as the gateway for all PPPoE customers connected to a certain device. Which then naturally does not match any customer's assigned address or subnet. E.g. my uplink - German Telekom:

Code Select Expand

root@opnsense:~ # ifconfig pppoe0
pppoe0: flags=10088d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1492
description: WAN (wan)
options=0
inet 87.138.xxx.yyy --> 62.156.244.43 netmask 0xffffffff

HTH,
Patrick