networking

Lost without routing Sense

elrey741

2 min read
Lost without routing Sense

So, I was curious about how I could push down a static route from my pfSense router (and it looks to also work for OpnSense as well under Services --> DHCPv4) to my work vlan for another network (my work's lab network (i.e. where some machines that I have are at, because we use them for hacking labs/classes normally (essentially they are more vulnerable devices, so I wanted them on another vlan to where they could talk out but not back to my work (unless initiated from work vlan))))

So, I stumbled across this reddit post: https://www.reddit.com/r/PFSENSE/comments/5ei112/dhcpoptions_pushing_a_static_route/
which then led me to this blog post: https://ercpe.de/blog/advanced-dhcp-options-pushing-static-routes-to-clients#classless-static-routing
talking about converting the necessary values to hex (contrary to the post's pictures you need lower case hex not uppercase at least on 2.4.4-RELEASE-p2 of pfSense). So, below is a quick script that I threw together to convert the necessary value in the proper format.
So as an example say my work lab network's info is 192.168.22.1/24 and my work network is 10.0.0.1/16
So, in that example I gave you can do the following
pfsense-route_hex.sh 24 '192.168.22.0' '10.0.0.1'

Also, make sure you use the 121 dhcp option and I am sure opnsense has something similar.

Lastly, you should also be able to curl right to bash (I know, before you comment on how this is bad look here) like this.

curl -fsSL 'https://git.io/JtVB6' | bash -s '24' '192.168.22.0' '10.0.0.1'

Update 1: I finally got around to installing OPNSense, and when trying to add the static route ( additional options ) it defaults to text...you don't want to choose that 😅. You want to choose string, or else the computers on your network won't be able to convert things properly.

Recently had ⬆️ happen and because of this, and I had to make sure that the static routes were working 🙃

Update 2: I also created an undo script so you can read the static routes that you have already created. You can read all the static routes you have already created. It isn't the most elegant, but it is better than converting hex by hand 😁

curl -fsSL 'https://git.io/JGZrh' | bash -s '18:c0:a8:16:0a:00:00:01'

Sign up for more like this.

Enter your email
Subscribe