ISP assigned static IP issue

[Badante]

I am with a local fiberoptic company, Altafiber, and have a 1gb service with a static IP. The challenge is that they insist on putting a crappy Zyxel between the ONT and my Protectli Vault running opnsense via a proxmox vm. The Zyxel cannot be put in bridge mode. I have tried spoofing the mac address of the Zyxel but it will not work. We still have internet because I have the ONT plugged directly into the WAN port on my Vault but have to set opnsense to DHCP. The ISP states that they do not support bypassing their hardware.


Does anyone have experience with working past something like this? I was thinking that maybe I need to do something more than just spoof the mac address but, to be honest, I would have no idea what. I am not a network guy. Any help would be greatly appreciated!

[Badante]

 


Update:


ISP says they will not support or assist with bypassing their device. I could really use some help with this, if anyone feels they are up to it!

[Monviech (Cedrik)]

Option 1:

If you want to do this the clean way, ask your provider for a /30 IPv4 subnet (most of the time thats only available in business internet subscriptions). Then your preferred router can be a device in the same network as the provider router with its own IP address.

Option 2:

Another way, depending on what you need, if you don't have vlans and only want to use the OPnsense to protect one internal network, you can run it in transparent bridge mode.

Option 3:

If the Zyxel modem/router can be configered you can create an exposed host for your OPNsense on it, and create static routes for all the internal networks behind your OPNsense. You deactivate NAT in the OPNsense and let the zyxel handle it for all your networks.

None of these Options are particularly nice, except the first one which gives you full functionality and all features of a proper Internet connection.

[Badante]

Option 1:

If you want to do this the clean way, ask your provider for a /30 IPv4 subnet (most of the time thats only available in business internet subscriptions). Then your preferred router can be a device in the same network as the provider router with its own IP address.


This is a business internet subscription. The subnet is 255.255.255.232 so I believe it is already /30, correct?


I guess I am not comprehending the setup you are talking about. Here is a basic drawing of my network (I doubt you need the visual but...). They Zyxel would provide the static IP but I want my opnsense to provide all of the security (VPN, Firewall, etc...).


Sorry. I am muddling my way through this.

[Monviech (Cedrik)]

Yes a /30 network has 4 ip addresses:
- Network Address
- Provider Zyxel Device (most likely)
- Free IP Address for your use
- Broadcast address.

Your provider should tell you where to connect your device that gets this free IP address, and which device is your gateway (most likely the IP of the Zyxel).