What is wrong with my routing?

DJGogoCrazy

Hardware: Netgate 8200
Software: 24.11-RELEASE
Firmware: 03.00.00.03t-uc-18

I did a fresh install on my pfSense and had the following encounter.

My default PPPoE Gateway is ALWAYS 62.155.245.31?
Why?

nslookup 62.155.245.31
Server:  pi.hole
Address:  172.16.0.2

Name:    p3e9bf51f.dip0.t-ipconnect.de
Address:  62.155.245.31

Where does the 172.17.0.0/16 on the PPPoE interface come from? I didn't configure anything 172.17.x.x

Can anybody point my in the right direction what I did wrong? Thanks!

patient0

@DJGogoCrazy to get a better picture of your network layout: is pfSense behind a FritzBox? And regarding 172.17.0.0/16: Could you show us 'System > Routing > Static Routes', it has to be configured somewhere ;). I assume you're using Deutsche Telecom as internet provider?

FYI: It's usually a good idea to hide parts of your public IP; private IPs you don't have to hide.

Addition: or search the forum "telekom dsl", depending what is in front of the pfSense you got to set VLAN7 (or it set/can be set on the modem) and MTU 1492 for the WAN interface.

https://forum.netgate.com/topic/169846/vdsl-modem-und-telekom-pppoe-wie

https://forum.netgate.com/topic/172774/hilfegesuch-bei-telekom-vdsl-anschluss-mit-vigor167-und-pfsense/2

DJGogoCrazy

@patient0 Thanks for your answer.
The pfSense is behind a modem (Vigor 167) in bridge mode. The bridge mode is on and working. I just checked it to be sure.

True - Deutsche Telekom is my ISP.

My bad regarding the 172.16.0.0/16 - It's a network I wanted to use for Docker Containers ==> Problem SOLVED

FYI: It's usually a good idea to hide parts of your public IP; private IPs you don't have to hide.

I know but my public IP changes every 24hrs (custom periodic reset config). Or each time when I disable and enable the WAN_DSL interface (which is quite a lot in the fast few days.

I used the beta version of the current 24.11 version in ?May? and ?September? - can't remember the exact dates.
Did that leave some "config artifacts" that still stay when doing a Diagnostics > Factory Default? Like the "Keep Configuration" settings for WireGuard - only hidden?

DJGogoCrazy

On my Vigor the VLAN 7 was/is activated

My connection is working - I have internet access but the "default route" is showing wrong values

patient0

@DJGogoCrazy said in What is wrong with my routing?:

Did that leave some "config artifacts" that still stay when doing a Diagnostics > Factory Default? Like the "Keep Configuration" settings for WireGuard - only hidden?

I'm not sure about that, I wouldn't expect anything being left behind after a factory default.

Did your WAN work before with the beta version on the 8200 and the DrayTek?

@DJGogoCrazy said in What is wrong with my routing?:

My default PPPoE Gateway is ALWAYS 62.155.245.31

That sounds ok to me (but I don't use Telekom), PPPoE is a point-to-point connection (a /32 subnet) and the gateway is outside of the clients public IPs subnet.

I'd use another IP (like 1.1.1.1) for WAN monitoring, maybe the gateway is not ping-able.

patient0

@DJGogoCrazy said in What is wrong with my routing?:

My connection is working - I have internet access but the "default route" is showing wrong values

I see, not sure why you think the default route is wrong if it's working. Since the public IP you get from PPPoE is x.x.x.x/32 the gateway will always be outside that range.

According to the internet your values seem are possible, like "PPPoe (Telekom) connected but unable to ping any internet adress" on the Mikrotik forum. Get's an 79.* public IP and the gateway is 62.*

ip addresses
Flags: D - DYNAMIC; S - SLAVE
Columns: ADDRESS, NETWORK, INTERFACE
#    ADDRESS           NETWORK        INTERFACE   
;;; defconf
...
2 D  79.224.52.103/32  62.155.242.73  pppoe-t-vdsl

ip route
Code: Select all
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, v - VPN
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#     DST-ADDRESS       GATEWAY        DISTANCE
  DAv 0.0.0.0/0         pppoe-t-vdsl          1
  DAc 62.155.242.73/32  pppoe-t-vdsl          0
...

Someone with more Telekom knowledge may able to explain/help you better.

DJGogoCrazy

What is so strange is, that the IP of my gateway is not even online most of the time and it's still my gateway.

patient0

@DJGogoCrazy and the gateway with being online/offline you refer to it being pingable?

DJGogoCrazy

I am online and the "default gateway" (62.155.245.31) is not reachable (traceroute and/or ping).

nslookup 62.155.245.31
Server:  pi.hole
Address:  172.16.0.2

Name:    **p3e9bf51f.dip0.t-ipconnect.de**
Address:  62.155.245.31

The reverse IP lookup shows that this IP is meant as a 'client' IP from a dynamic pool

I have no physical connection (via a lan cable or mobile connection) to this IP except in my routing table.

Rebooting my 8200 to get "rid off" of the IP has no effect.

Even the resetting to factory defaults and only activating the WAN interface with my DSL (PPPoE) connection get's me back to my cursed "default gateway" (with 62.155.245.31) regardless of the dynamic IP address that gets shown on my WAN/DSL interface.

DJGogoCrazy

That's why I assume there are some "config artifacts" left when I was testing the beta of the now current_24.11 release

patient0

@DJGogoCrazy I highly doubt that you have something left in the config. These values you get from the upstream DHCP server.

If you're comfortable with the command line, ssh into your box and check your config for the gateway IP (or run the command from "Diagnostics / Command Prompt"):

fgrep 62.155.245.31 /cf/conf/config.xml

If the value is in the config it will show up that way.

What I'm suprised that you can ping it only sometimes. Gateways don't have to be pingable by law ;). They usually are but you may have to use anther IP for monitoring, like their DNS server. Telekom would be able to answer that.

And you can check the PPPoE logs "Status / System Logs / PPP"