DCHP not sending router/gateway to endpoint after fresh install
-
@wildfrog I cannot even speculate how many times I have installed/upgraded/changed pfSense with a DHCP server, testing with macs, windows, linux, phones, pretty much everything, on practically countless different devices and VMs and never seen that. Not once. And that's not counting the production sites that have never seen it either.
I would also investigate if there is anything such as DHCP snooping somewhere interfering.
The one thing you mention that I have never used is protectli hardware but that being the causation factor would surprise me almost as much as it being the ISC DHCP server in pfSense.
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
@derelict Right. I've definitely not done as many installs as you, but I'd never seen this before until I did a fresh install of 2.5.2, and later 2.6.
I think the oddest thing is that I don't get this behavior when installing a fresh v2.5. Just anything more recent. So it makes me wonder if something changed in this regard from 2.5 to the 2.5.1/2.5.2 build.
All that said, in a perfect world I'd be setting up a 2100 instead of building a Protectli box. But my clients are too big for a 1100 - but too small to justify a 4100. Supply chain is a thing.
-
There are a couple scenarios that can result in no gateway from DHCP.
-
If the firewall running pfSense software has no gateways it won't add a gateway in DHCP. For example, if you set a static IP address on WAN but did not add/select a gateway on the WAN interface then it does not add a gateway in DHCP automatically. You can still put one in manually, but you should fix the gateway settings (Add one under System > Routing and select it under Interfaces > WAN)
-
If the firewall only gets an IPv6 address+gateway and not IPv4 then it won't give an IPv4 gateway in DHCP automatically
-
If someone puts the literal string
nonein the gateway field of the DHCP server settings on the interface it will be left out, but that would have to be done explicitly, it doesn't happen automatically.
There is also the potential that it's a client problem but that seems less likely than one of the above.
If you run a packet capture of the DHCP request and response on the LAN you can look at it in Wireshark and see if the firewall is sending the gateway to the client(s).
-
-
@jimp I'm not quite sure how any of those 3 scenarios apply since this is the behavior on the very first connection - before running the setup wizard or performing any configuration of any sort and with no WAN connected.
Do you suppose that with no WAN connected, it would trigger scenario #1? And if so, it would seem that this behavior changed from v2.5.1 and later since v2.5 works as expected.
-
I have the same problem with a fresh installation of pfsense 2.6.
So I need to fill out this:
If I don't and there a gateway the client recieves no gateway, traffic flows then only to the pfsense which is available under: 192.168.100.1 .
On Pfsense 2.4.5 which is running at the moment in productive at home I don't have to do that.
So I will try to capture that with wireshark.
-
Ok I captured it on the client side one time with the gateway set and one time without.
When I don't set the gateway on the interface:
When I set the gateway:
So option 3 is not recieved at the client side and I assume that pfsense is not sending it, but why I don't know.
-
@hispeed said in DCHP not sending router/gateway to endpoint after fresh install:
When I don't set the gateway on the interface:
What exactly does that mean?
It looks like you are showing us DHCPACKs. I'm looking for the server-to-client communications not client-to-server.
I see you obfuscated a MAC address. Not sure why you are hiding that. MAC addresses are local to the broadcast domain and might prove useful in diagnosing problems down near layer 2 like DHCP.
Can you capture the entire DHCP process and post the actual PCAP?
-
Yes I captured it but I send it to you via private message because it contains the domains. This capture is from the pfsense interface without the gateway filled out.
-
@hispeed What does "Without the gateway filled out" mean? There is not a gateway set on the interface configuration itself?
A gateway should only be set on "WAN" or "Outside" interfaces. Are you saying the capture is on the "LAN" or "Inside" interface?
-
-
"Without the gateway filled out" -> This means I did not add 192.168.100.1 into the Gateway field in the DHCP Server on the LAN interface (other options). This means this field was empty.
Interface Lan it was always like this ( I never changed it for any test):
The capture was made on the pfsense with interfance "LAN". I disconected the VM and reconected it.
Info: IPv6 was deactivated I just activated for tests with IPv6.
-
I don't know if I recieve from this provider a gateway on the WAN interface. This is possible because my provider is special (Swisscom - Switzerland).
I also have to set DHCP Option 60 with VLAN 10 to recieve an IP address.
-
@hispeed Personally, I would leave IPv6 alone until you get IPv4 working but that might just be me.
-
@hispeed You don't have an IPv4 gateway there.
-
IPv4 is working fine when i add the pfsense gateway in the dhcp server on every interface.
-
@hispeed I would specifically set a gateway to be sent by the DHCP server on the 192.168.100.1 interface (set 192.168.100.1 there) and see if that corrects the inside DHCP. Then I would work on why you are not getting a gateway from the upstream DHCP server at the ISP.
-
@hispeed Did you mess about with anything here on the ISP interface?
-
Yes we have to use "Configuration Override" and add there:
interface "{interface}" {
send dhcp-class-identifier "100008,0001,,pfsense";
}The whole set up took me around 100h with testing and setting up, so its made with love and they do everything you will never use a pfsense or any other router which is not from them.
Nobody knows why and it would be better for Switzerland if you teach Swisscom how they need to set up the network. Make and keep it simple. This is also the reason why will go offline in the future and nobody can fix it :D.A friend will ask a friend tomorrow from the networking core team maybe I get an answer.
-
Since my OP, I've purchased a Netgate 4100.
On first boot. . .with only an endpoint plugged into LAN1. . .the macOS endpoint (Mac Mini) gets a DHCP-issued IP of 192.168.1.100 - and the Router/Gateway info is blank just like the image in the OP. It's exactly the same behavior as with the Protectli device in the OP. So it doesn't seem like it's the Protectli device.
Unplugged the Mac Mini and plugged in a MacBook Air via a USB-C adapter. Exactly the same result as above.
Unplugged the MacBook Air and plugged in a Windows 10 Pro desktop. Running ipconfig from the command prompt - for Default Gateway it gives me an IPv6 address and not an IPv4 address.
To clarify, this is a first-boot experience. No configuration at all.
Is this now expected behavior? Because this has never been my experience until v2.5.2. -
Interesting thread. I just tested on my 6100 running 22.05 snaps and traced the DHCP conversation with Wireshark. Definitely receiving opt 3 here. But this is a unit that's been through years of upgrades. Not a fresh install. I don't have time to pave and test right now but I have a new install scheduled in a couple of days with a 4100 and I'll be testing this for sure.
