How to force PPPOE reconnect to get new IP

ricardolanes · May 05, 2025, 04:41:59 PM

Hello my friends!

The IPs I receive from my ISP are constantly being attacked. How do I fix this? By reconnecting the PPPOE and receiving a new IP, easy.

But how do I reconnect my PPPOE in OPNsense?
I tried turning the interface off/on, without success.
I tried turning the PPPOE off/on, also without success.

Is there a quick and easy way to do this?

Patrick M. Hausen · May 05, 2025, 04:54:05 PM

Any public IPv4 address you receive will be attacked 24x7. The entire legacy internet is scanned by bots 24x7. Matter of fact.
Be happy your firewall blocks it and ignore it. There is no need to log blocked connection attempts.

Or use IPv6.

ricardolanes · May 05, 2025, 05:06:06 PM

Quote from: Patrick M. Hausen on May 05, 2025, 04:54:05 PMThere is no need to log blocked connection attempts.

It is logging in by default, is there any way to turn it off?

I can't turn it off here

Patrick M. Hausen · May 05, 2025, 05:22:17 PM

Firewall > Settings > Advanced > Logging

meyergru · May 05, 2025, 05:42:52 PM

What seems strange, is that the destination port is always UDP 14640 at a high rate from different sources that seem not to be from the same network. If that is not a mere concidence, I would verify that this is not traffic that one of your own clients induces.

ricardolanes · May 05, 2025, 06:42:30 PM

Quote from: meyergru on May 05, 2025, 05:42:52 PMWhat seems strange, is that the destination port is always UDP 14640 at a high rate from different sources that seem not to be from the same network. If that is not a mere concidence, I would verify that this is not traffic that one of your own clients induces.

Exactly, and I don't even have clients lol :)
I use OPNsense in my home lab to manage my network

This must be a "botnet" as @Patrick mentioned, they scan the internet and maybe the hacker behind this scan knows of a flaw in this port of some specific service, since he knows that the IPs are changing, it could be that one day it will fall on some machine that has this service active and he will exploit it.

Well, thank you very much, gentlemen.

Bob.Dig · May 05, 2025, 10:18:03 PM

Quote from: ricardolanes on May 05, 2025, 06:42:30 PMand I don't even have clients

Sure you do. Every PC, Phone whatever you have at home is a client.
Maybe it is a torrent client or a virus which leads to this blocked traffic...

ricardolanes · May 05, 2025, 10:40:05 PM

Yes, I understand, but that's not it.

I even thought about that (due to a mistake I made when understanding the traffic, I thought it was an output, but I realized it was an input on the WAN), so I turned off the switch and it continued, only with OPNsense turned on on the WAN.

Thanks in advance!

verfluchten · May 08, 2025, 01:34:18 AM

They are not getting past the WAN interface if you do not NAT that port. You don't need to worry about this too much.
If you NAT the port that they attack, it's a different story, and you simply block them one after another until the torrent dries up.

How to force PPPOE reconnect to get new IP

ricardolanes

May 05, 2025, 04:41:59 PM

Patrick M. Hausen

May 05, 2025, 04:54:05 PM #1

ricardolanes

May 05, 2025, 05:06:06 PM #2

Patrick M. Hausen

May 05, 2025, 05:22:17 PM #3

meyergru

May 05, 2025, 05:42:52 PM #4

ricardolanes

May 05, 2025, 06:42:30 PM #5

Bob.Dig

May 05, 2025, 10:18:03 PM #6 Last Edit: May 05, 2025, 10:20:38 PM by Bob.Dig

ricardolanes

May 05, 2025, 10:40:05 PM #7

verfluchten

May 08, 2025, 01:34:18 AM #8