Changing PPPoE Gateway

iowh3r · February 16, 2022, 10:17pm

Hi hope you all good
Im using a mikrotik ponit-to-point wireless link (lhg xl52 ac) to transfer internet and using pfsense as firewall.
I have two different pppoe account for two seperate link (therefore two different ips)
Unfortuanetly the ISP gives the same gateway for both pppoe accounts since Im using pfsense and it doesnt support (at least not stable) same gateway for two wan interfaces, im using double-nat scenario (pppoe connections on mikrotik and nat to pfsense)
I just wanted to know is there any solution to change gateway in between in order to get free of double nat ?
Something like creating a pppoe server on mikrotik and it acts as relay or so that we can change gateway ?

iowh3r · February 19, 2022, 9:09am

Any idea ?

joegoldman · February 19, 2022, 9:27am

the endpoints of ppp are defined inside the protocol itself and the /32 installed (whether you install a default route to the other end is up to the client though)

having said that, Mikrotik can install the route via interface declaration vs endpoint IP - which although they have same endpoint IP when its based on a certain src it should take the right interface.

The other option is do the 2 ppp’s on different VRFs and / or physical routers and then use internal routing (doesn’t have to be double NAT if all the routers have the right routes) then have a central one decide which router to send it through.

These are vague options though as I can’t get a clear picture of what you are trying to do, and i also don’t know the ins and outs of pfSense so that is likely a question better asked in their community.

jprietove · February 19, 2022, 12:22pm

Instead of using IP as gateway for your routes, you can use the interface itself, as they are Point To Point.

iowh3r · February 19, 2022, 6:30pm

the endpoints of ppp are defined inside the protocol itself and the /32 installed (whether you install a default route to the other end is up to the client though)

having said that, Mikrotik can install the route via interface declaration vs endpoint IP - which although they have same endpoint IP when its based on a certain src it should take the right interface.

The other option is do the 2 ppp’s on different VRFs and / or physical routers and then use internal routing (doesn’t have to be double NAT if all the routers have the right routes) then have a central one decide which router to send it through.

These are vague options though as I can’t get a clear picture of what you are trying to do, and i also don’t know the ins and outs of pfSense so that is likely a question better asked in their community.

Thanks for your response.
You’re right I should make this more clear. I’m using pfsense as my main router/firewall and I’m self hosting some services so there are port forwarding in pfsense.
As I mentioned earlier because of the this unique situation (ISP gives same gateway for both ppp accounts) I can’t route things right in pfsense, in order to solve this right now I created both ppp connections on mikrotik router and created two separate vlans and nat all data to those vlans which on the other side is of course pfsense. Everything works as expected.
The downside is that with this scenario I’m not able to manage my ppp connections through pfsense (unfortunately because of the regulations in my country I can’t have access to mikrotik router directly so everytime I need to change my ip I should hard reboot the router!). My main goal is to have ppp connection on pfsense but the gateway don’t be same. Is it even possible ?

joegoldman · February 20, 2022, 12:41am

So what this is telling me is you need pfSense help, and not something we can help you with - we can tell you how to do this on mikrotik (using interface as gateway rather than IP) and then using mangle to src-route or help you classify traffic in a Mikrotik, but this is a Mikrotik forum and if you want to achieve this on a pfSense router you’ll need to go talk to them.