DCHP not sending router/gateway to endpoint after fresh install

jimp

There are a couple scenarios that can result in no gateway from DHCP.

If the firewall running pfSense software has no gateways it won't add a gateway in DHCP. For example, if you set a static IP address on WAN but did not add/select a gateway on the WAN interface then it does not add a gateway in DHCP automatically. You can still put one in manually, but you should fix the gateway settings (Add one under System > Routing and select it under Interfaces > WAN)
If the firewall only gets an IPv6 address+gateway and not IPv4 then it won't give an IPv4 gateway in DHCP automatically
If someone puts the literal string none in the gateway field of the DHCP server settings on the interface it will be left out, but that would have to be done explicitly, it doesn't happen automatically.

There is also the potential that it's a client problem but that seems less likely than one of the above.

If you run a packet capture of the DHCP request and response on the LAN you can look at it in Wireshark and see if the firewall is sending the gateway to the client(s).

wildfrog

@jimp I'm not quite sure how any of those 3 scenarios apply since this is the behavior on the very first connection - before running the setup wizard or performing any configuration of any sort and with no WAN connected.

Do you suppose that with no WAN connected, it would trigger scenario #1? And if so, it would seem that this behavior changed from v2.5.1 and later since v2.5 works as expected.

hispeed

@jimp

I have the same problem with a fresh installation of pfsense 2.6.

So I need to fill out this:

If I don't and there a gateway the client recieves no gateway, traffic flows then only to the pfsense which is available under: 192.168.100.1 .

On Pfsense 2.4.5 which is running at the moment in productive at home I don't have to do that.

So I will try to capture that with wireshark.

hispeed

@hispeed

Ok I captured it on the client side one time with the gateway set and one time without.

When I don't set the gateway on the interface:

When I set the gateway:

So option 3 is not recieved at the client side and I assume that pfsense is not sending it, but why I don't know.

Derelict

@hispeed said in DCHP not sending router/gateway to endpoint after fresh install:

When I don't set the gateway on the interface:

What exactly does that mean?

It looks like you are showing us DHCPACKs. I'm looking for the server-to-client communications not client-to-server.

I see you obfuscated a MAC address. Not sure why you are hiding that. MAC addresses are local to the broadcast domain and might prove useful in diagnosing problems down near layer 2 like DHCP.

Can you capture the entire DHCP process and post the actual PCAP?

hispeed

@derelict

Yes I captured it but I send it to you via private message because it contains the domains. This capture is from the pfsense interface without the gateway filled out.

Derelict

@hispeed What does "Without the gateway filled out" mean? There is not a gateway set on the interface configuration itself?

A gateway should only be set on "WAN" or "Outside" interfaces. Are you saying the capture is on the "LAN" or "Inside" interface?

wildfrog

@derelict In line with my response to @jimp a couple days ago. . .are you saying that if the WAN gets no gateway information - either from DHCP or configured manually - that pfSense will not pass along internal gateway/router information to endpoints on the LAN (as pictured in the image in my OP)?

hispeed

@derelict

"Without the gateway filled out" -> This means I did not add 192.168.100.1 into the Gateway field in the DHCP Server on the LAN interface (other options). This means this field was empty.

Interface Lan it was always like this ( I never changed it for any test):

The capture was made on the pfsense with interfance "LAN". I disconected the VM and reconected it.

Info: IPv6 was deactivated I just activated for tests with IPv6.

hispeed

@wildfrog

I don't know if I recieve from this provider a gateway on the WAN interface. This is possible because my provider is special (Swisscom - Switzerland).
I also have to set DHCP Option 60 with VLAN 10 to recieve an IP address.

Derelict

@hispeed Personally, I would leave IPv6 alone until you get IPv4 working but that might just be me.

Derelict

@hispeed You don't have an IPv4 gateway there.

hispeed

@derelict

IPv4 is working fine when i add the pfsense gateway in the dhcp server on every interface.

Derelict

@hispeed I would specifically set a gateway to be sent by the DHCP server on the 192.168.100.1 interface (set 192.168.100.1 there) and see if that corrects the inside DHCP. Then I would work on why you are not getting a gateway from the upstream DHCP server at the ISP.

Derelict

@hispeed Did you mess about with anything here on the ISP interface?

hispeed

@derelict

Yes we have to use "Configuration Override" and add there:

interface "{interface}" {
send dhcp-class-identifier "100008,0001,,pfsense";
}

The whole set up took me around 100h with testing and setting up, so its made with love and they do everything you will never use a pfsense or any other router which is not from them.
Nobody knows why and it would be better for Switzerland if you teach Swisscom how they need to set up the network. Make and keep it simple. This is also the reason why will go offline in the future and nobody can fix it :D.

A friend will ask a friend tomorrow from the networking core team maybe I get an answer.

wildfrog

@jimp & @Derelict

Since my OP, I've purchased a Netgate 4100.

On first boot. . .with only an endpoint plugged into LAN1. . .the macOS endpoint (Mac Mini) gets a DHCP-issued IP of 192.168.1.100 - and the Router/Gateway info is blank just like the image in the OP. It's exactly the same behavior as with the Protectli device in the OP. So it doesn't seem like it's the Protectli device.

Unplugged the Mac Mini and plugged in a MacBook Air via a USB-C adapter. Exactly the same result as above.

Unplugged the MacBook Air and plugged in a Windows 10 Pro desktop. Running ipconfig from the command prompt - for Default Gateway it gives me an IPv6 address and not an IPv4 address.

To clarify, this is a first-boot experience. No configuration at all.
Is this now expected behavior? Because this has never been my experience until v2.5.2.

luckman212

Interesting thread. I just tested on my 6100 running 22.05 snaps and traced the DHCP conversation with Wireshark. Definitely receiving opt 3 here. But this is a unit that's been through years of upgrades. Not a fresh install. I don't have time to pave and test right now but I have a new install scheduled in a couple of days with a 4100 and I'll be testing this for sure.

fbcfc809-641f-4897-ba43-5d97c4327d62-CleanShot 2022-05-10 at 17.42.46.png

wildfrog

@luckman212
When you get your 4100, I'd love to see what your Mac's network preferences show you on first boot.

With 2.5 and prior, first boot - with no WAN connected - always gave the Mac a local IP, subnet, & router. And after 2.5 it seems that there's no router info passed to macOS - at least not via IPv4. So it seems that something changed after v2.5.

This just-arrived 4100 is the only pfSense+ device I have on hand, so not really able to directly compare CE builds to pfSense+.

wildfrog

Update. After running the setup wizard and setting the WAN interface information, upon reboot it fills in the IP, subnet, and router information on the macOS endpoint as expected.

It seems that for v2.5 and prior, it wasn't necessary to configure the WAN for it to pass IPv4 router/gateway over the LAN via DHCP. It just showed up on first boot with no configuration. Then after 2.5 it seems to have changed.

Hmmmm.