openbgpd PfSense and no gateway

itNGO

Hello Everyone,
we are just in progress of implementing PFSense HA-System as our front BGP-Router for our own RIPE-AS.

Everything behind and in front of PfSense is working as expected.
However the PfSense itself has no gateway for itself as there is no gateway given by our ISP. Just and only a BGP-Neighboor peering with Transfer-Net

At the moment it looks like the PfSense exactly knows what to do, when a client is using it as default gateway. However it is not knowing how to handle traffic, which it originates from itself. Even external publishing is working. Just the PfSense can not check for updates or even access anything beyond its local Networks.

Regards

Joerg

jimp

pfSense will need a default gateway defined and selected/enabled.

itNGO

Hello Jimp,

thanks for the answer.
I know that pfSense needs a gateway. The BGP-FRR-Config gives me one. I can see that in Diag-Routing.

But this is somehow not used by PfSense itself.

jimp

Right, but it has to be setup as a gateway manually in pfSense. The base system doesn't have a way to fully accommodate a dynamic default route/gateway from a routing protocol. Without the gateway entry, several things will fail to behave as expected.

That might improve in the future, but at the moment it isn't possible to completely manage the default dynamically.

itNGO

Ok understood. I can set the 4 BGP Neighboors as Gateway.
But these are non routable blackholes which request one of our RIPE-Public IP to be the source. Is that configurable?

Source 1.1.1.1/32 -> GW 2.2.2.2/24

Like it can be done on Diag-Traceroute for the Source-Interface.
But now for the whole system.