Multi-wan with PPPoE not working when get same gateway

Started by charles, Today at 09:08:44 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 09:08:44 AM
Hi,

I have 5 PPPoE lines from the same ISP.

After binding them to different interfaces on OPNsense and dialing each up separately, they obtain different IP addresses (all with 32-bit subnets) but the same gateway.

I configured unique monitor IPs for each gateway in the Gateway settings, and now the gateway status (including probe latency and packet loss) shows normal for all.

I also set up individual SNAT rules for each interface—with source/destination addresses set to "any", IPv4 protocol, and translation to the outgoing interface's IP.

However, when I create rules in Firewall -> Rules -> LAN and specify a gateway, only the rule pointing to the first PPPoE gateway works; the others fail to connect.

I've been using this exact setup on pfSense without issues for years. The key was just setting unique monitor IPs. But it seems this doesn't work on OPNsense?

Did I miss something crucial, or is this not supported on OPNsense? Are there any alternative workarounds?

Thanks!
Today at 09:34:12 AM #1 Last Edit: Today at 09:36:32 AM by Monviech (Cedrik)
https://github.com/opnsense/core/issues/8181#issuecomment-2571634803

https://github.com/opnsense/core/issues/5238#issuecomment-927822469

I doubt it works in pfsense if its unsupported by FreeBSD in general.

If not, whats the configuration magic for that? It would need multiple FIBs (aka virtual routing instances)
Hardware:
DEC740
Today at 05:34:18 PM #2
PPP interfaces don't really need a gateway IP address - it's point-to-point, there's no ARP involved.

@Monviech Could we work around this by assigning random (or static) dummy IP addresses to PPP gateways?

@charles As a workaround, maybe creating static gateways with random IP addresses works?

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Today at 06:06:52 PM #3
I do not have much knowledge about this, I just wanted to reference these tickets that say its not possible for some reason.

What I assume is that dhclient installs interface routes like this

default via 10.0.0.1 dev pppoe0
default via 10.0.0.1 dev pppoe1
etc...

And these overwrite each other so last pppoe connection that comes up wins or something? I dunno though its all assumptions from my end.
Hardware:
DEC740
Print
Go Up Pages1
User actions