You have a connection error: em0, em1 and em2 are connected together:

Oct 4 17:03:14 dhcpd: DHCPREQUEST for 192.168.3.2 from 00:07:e9:10:75:4a via em2: wrong network.

Oct 4 17:03:14 dhcpd: DHCPNAK on 192.168.3.2 to 00:07:e9:10:75:4a via em2

Oct 4 17:03:15 dhcpd: DHCPREQUEST for 192.168.3.2 from 00:07:e9:10:75:4a via em1

Oct 4 17:03:15 dhcpd: DHCPACK on 192.168.3.2 to 00:07:e9:10:75:4a via em1

Oct 4 17:03:15 dhcpd: DHCPREQUEST for 192.168.3.2 from 00:07:e9:10:75:4a via em0: wrong network.

Note that em0, em1 and em2 are all receiving a DHCP request from the same MAC address. It appears em1 has network 192.168.3.0/24 so DHCP requests for 192.168.3.2 on em0 and em2 will fail because em0 and em2 don't have network 192.168.3.0/24.

It is not obvious to me that this has anything to do with IPv6.

I will have another go if I get the time.

But I have migrated this over to my actual server for now, just changed the IPs in my forwarder, pfsense v2 is allot faster though, always wondered what was bugging down my internet speeds and that was the culprit v1.2.3 was just horrendously slow to the point I would get really annoyed!

But no it's great thanks for that but any feedbacks very much appreciated!

Jeremy.

@Nuno:

@pulsemedia:

thanks for reupload, but for me the new archive is still broken  :-\

maybe you should choose another way to upload the file e.g. mediafire.com?

Huh… Don't know what to say. I just downloaded it, renamed the extension from "txt" to "zip" and everything's fine.
Nevertheless I added a rapidshare download link. Try that one instead.

yay! finally got it :-)
thx

@madapaka:

@madapaka:

@tebeve:

Actually, as I learned in this thread over on the IPv6 board, from wagonza… "There is currently no integration between DHCP and Unbound…"

@wagonza:

There is currently no integration between DHCP and Unbound, in other words you will need to assign the IPs you want given o your DHCP clients by manually configuring them in the DHCP configuration page. Currently the way v4+v6 works is that when the DHCP service is set up it checks for:

Manually configured DNS servers and assigns those, if those are not configured It then checks to see if dnsmasq is enabled. If it is enabled, it assigns the IP(s) configured on the LAN. If it is not enabled it assigns the DNS servers configured in System->General Setup to the DHCP clients.

I know databeestje has also mentioned some other rtadvd fixes that he is looking into fixing, but the above still stands until Unbound is fully integrated. Which I guess is now becoming a necessity…so best I get cracking :)

This holds true for both IPv4 & IPv6 I believe.

So on the DHCP config page, under the DNS server fields, just put your pfSense box IP not the openDNS server addresses, clients will then use the pfSense box, which in turn will use the Unbound config to look up local entries then roll to the DNS servers listed on the System : General Setup -> DNS settings for all external lookups…. I think this is what johnpoz has been trying to get at.

Thanks everyone, especially tebeve, that practically did it. I guess someone has to update the Unbound DNS wiki page.

Spoke too soon, when I rebooted pfSense, it's no longer working, reverted to the old config, at least it's working although not like it's supposed to be.

@madapaka - Just FYI… as per my mention of this other thread on the IPv6 board, wagonza has updated the Unbound package. Maybe this might help your issues.

EDIT: sorry, got my threads mixed up… the fix applied to the unbound package was for a different issue. My bad.

I have a similar problem on my network.  I recently ran across some free software from Princeton: http://www.net.princeton.edu/software/dhcp_probe/.

It runs in the background and listens like a DHCP client.  You can configure it to know which is your real DHCP server and it will trigger a warning message which includes the IP and MAC address of any offending DHCP servers.

You still have to physically locate the rogue, but at least this warns you as soon as it happens.  I have also had some success finding the rogues by taking the MAC address that DHCP_probe gives me and checking the ARP caches of my switches to follow which ports have seen that MAC until I get to its final actual port.

Jeff

So it's just a case of me being too much belt & braces then - I should trust the system to work, and it will!

This is great, what would it take to make this into a real "package" that is installable via the web gui?  These extra dhcpd options are really sorely needed, I am shocked that you can't add arbitrary text to the dhcpd.conf without real hacking.

I also need to modify my dhcpd.conf (need to set option 66 to different strings based on MAC address) and this was easy to do with my previous router (linux running dnsmasq) and I know that it can be done with dhcpd.conf tweaks but like the OP I don't want the file to get erased or be prevented from setting other options via the GUI.  I am surprised there isn't an add-on package to add some extra options to the gui for dhcpd.

Meznev: could you please elaborate a little bit on how you solved this issue?

@nuffe:

Yeah, I don't use the gui more than I need to so I always check the logs from commandline. And their was nothing from dhclient :/

I have no trouble with dhclient getting a new lease on my system. Here's an extract from the system log (lease renewal time is 1 hour):

clog /var/log/system.log | grep dhclient

Sep 18 21:41:16 pfsense2 dhclient: RENEW
Sep 18 21:41:16 pfsense2 dhclient: Creating resolv.conf
Sep 18 22:41:34 pfsense2 dhclient: RENEW
Sep 18 22:41:34 pfsense2 dhclient: Creating resolv.conf
Sep 18 23:41:52 pfsense2 dhclient: RENEW
Sep 18 23:41:52 pfsense2 dhclient: Creating resolv.conf
. . .
Sep 24 21:43:09 pfsense2 dhclient: RENEW
Sep 24 21:43:09 pfsense2 dhclient: Creating resolv.conf
Sep 24 22:43:09 pfsense2 dhclient: RENEW
Sep 24 22:43:09 pfsense2 dhclient: Creating resolv.conf
Sep 24 23:43:10 pfsense2 dhclient: RENEW
Sep 24 23:43:10 pfsense2 dhclient: Creating resolv.conf

What are your logs full of that the dhcp lease fails to get renewed a few times a day and there is no record of dhclient in your logs?

@nuffe:

Dhclient is running….

Here's what dhclient processes look like on my system:

ps lax | grep dhclient

0  7393    1  0  76  0  3316  1328 select Is    ??    0:00.41 dhclient: vr0 [priv] (dhclient)
  65 13400    1  0  44  0  3316  1452 select Is    ??    0:00.38 dhclient: vr0 (dhclient)
    0 53718 53504  0  46  0  3524  1204 -      R+    0    0:00.01 grep dhclient

No one knows if the pfSense included version of dnsmasq can do conditional forwarding?

Does your ethernet switch support LAGG interface groups?

@Joolee:

I'll try hooking up the cisco switch to a draytek to see if it's pfsense or the switch that's so slow.

After testing, it seems the cisco switch is at fault… Enabling portfast on network ports helps, now the client is recognized in under 10 seconds.

Sorry for the inconvenience and thank you very much for your help!

For other people experiencing the same:

Ubuntu just does that. When you edit the interface config file, change the configuration to static and restart your network stack. The DHCP Client still thinks he has to configure the interfaces. Only solution afaik is reboot or kill the DHCP client.

sudo kill cat /var/run/dhclient.eth0.pid

Thank you wallabybob, spot on.

I had thought interface name was a bit odd, but as it was auto detected by pfsense, I thought little more about it!
Silly me. :-[

WAN now on vr0, LAN on em0, leaving me em1 & 2 for opt1 & 2.

Now that pfsense is up and running again, thanks to your kind help, I can start to struggle with captive portal!