T-Mobile Monitor IP
-
Hello All,
I use a Netgate 4100 with pFsense and T-Mobile home internet as the secondary ISP in a failover configuration. I was using 1.1.1.1 as the monitor IP for failover, but all of a sudden, it stopped working and would not go to online status. I think it had to do with CGNAT, as once I removed the Monitor IP, it was back online. Does anyone using this configuration know of a host IP address that would work with T-Mobile as a monitor IP -
@skull07 It's possible that your IP address has been blocked by 1.1.1.1. Did you try a different IP to monitor?
-
@rcoleman-netgate Yes I tried several. Even though I am back online with no Monitor IP I just tried a ping through that interface and it failed with 100% packet loss. I have Starlink as the default ISP on WAN1 and that returns pings just fine.
-
I've seen reports of T-Mobile Home Internet starting to drop pings on Reddit and on the T-Mobile Community. This is really going to be a pain if it's deliberate. At the moment pings are still working for me.
-
I can confirm my ping stopped working through T-Mobile as well, just noticed today. The T-Mobile community thread descriptions are comparable to my experience (packet loss of 94%). For now I have gateway monitoring disabled since it is my failover WAN.
Is there an alternative technique we can use for gateway monitoring in pfSense? TCP request, DNS, anything?
-
@tcw what IP were you using?
-
@rcoleman-netgate Thanks for replying. I generally have my primary and failover IPv4 monitor IPs set to a couple of servers in Cloudflare's AS (104.x.0.1 and 104.x.1.1 respectively) that consistently respond to pings. After searching I tried a handful of Hurricane Electric tunnel addresses, and as a last act of desperation tried 8.8.8.8 (my DNS server is not Google) before searching and finding this thread. Same behavior regardless of IP address used... 30-50 ms pings through my primary gateway, and about 19/20 pings timeout once it's used as the failover monitor IP for T-Mobile.
-
@tcw Interesting. I wasn't aware.
You can turn off the monitoring ACTION but maintain the monitor without any impact on your system
-
@rcoleman-netgate One poster on the T-Mobile community site indicated that Microsoft Teams determines host connectivity by pinging teams.microsoft.com, and people trying to use Teams recently on fixed wireless had all kinds of issues/disconnections. I don't think I'm brave enough to try this during a real work meeting, yet.
I realize there are separate options to disable monitoring and monitoring action, but in this case since the monitor is reporting erroneous information, would it just make more sense to disable monitoring on the secondary WAN altogether? Fortunately the monitoring works on the primary IP and the gateway fails over and back properly (at least with manually unplugging the primary WAN cable to test).
And I'm sure this is entirely a coincidence, but community.t-mobile.com is now throwing sporadic 403s for me.
-
As of this morning, pings are working and my gateway monitoring shows online (I did disable monitoring action and will leave it that way for the time being). Can anyone else who's had issues with ICMP confirm? Maybe T-Mo got the memo?
-
@tcw CG-NAT is just a mess on its own that I suspect it will fluctuate from one week to another, or even day to day.
-
This may or may not be related, but ever since I've had TMHI I've gotten messages like this:
Oct 24 17:10:31 router dpinger[26660]: TMHI_DHCP6 2620:fe::9: duplicate echo reply received Oct 24 17:10:32 router dpinger[26660]: TMHI_DHCP6 2620:fe::9: duplicate echo reply received Oct 24 17:10:44 router dpinger[26660]: TMHI_DHCP6 2620:fe::9: duplicate echo reply received Oct 24 17:10:46 router dpinger[26282]: TMHI_DHCP 149.112.112.112: duplicate echo reply received Oct 24 17:11:44 router dpinger[26282]: TMHI_DHCP 149.112.112.112: duplicate echo reply received Oct 24 17:12:40 router dpinger[26282]: TMHI_DHCP 149.112.112.112: duplicate echo reply receivedSo maybe their duplicate ping generator has been acting up.
-
@tcw Pings still not working for me. Did you ping within diagnostics or outside the gateway
-
@dem Yeah same here
-
@skull07 If I understand everything correctly, assigning a monitor IP to a gateway opens a state, so any subsequent traffic to that IP is routed through that gateway. So yes, I am pinging that IP in a terminal window and getting responses, as well as pfSense pinging that same IP from the firewall itself to measure packet loss for gateway monitoring (same mechanics as from Diagnostics/Ping).
-
@skull07 I am also having this issue with T-Mobile home internet. I get the "duplicate echo reply received" alerts in dpinger but there are no duplicates happening at least not in the packet trace of the WAN interface, I am using an ATT connection as my backup WAN. I seem to get phantom packet loss indications as well randomly where there really are no packets lost. I tried using unique singular public IP's that are not accessed by my systems and the problem still happens. It's something to do with the T-Mobile router and/or CGNAT which does not allow you to use passthrough mode or any options at all for that matter. It also blocks traceroute attempts to get an idea of intermediate gateways. Of course using this router makes for a double and maybe triple NAT scenario but I have no other way to get internet where I live and for most things it works fantastic. Just cant use dpinger anymore to get an idea of the link quality. If anyone does ever figure out what's going on here please post.
