Can not get DHCP leases on new intel I225-LM based machine
-
Hello all,
I am new to pfsense and I am tearing my hair out trying to debug an issue on a new machine / new install. I can't get any clients to get a DHCP lease, or so it appears.
I recently bought this NUC: https://www.asrockind.com/en-gb/NUC%20BOX-1260P which has 2x 2.5gb interfaces based on the intel i225-LM NIC.
I see there was a lot of discussion on this NIC on this topic from last year here: https://forum.netgate.com/topic/159994/intel-ethernet-controller-i225-lm-support mainly around enabling the setting to disable hardware checksum offloading in 2.5.2, but that it should not be necessary in 2.6.0. However, my particular issue did not seem to be mentioned (or I am not smart enough to follow the conversation and it was mentioned...).
I have a fresh install of pfsense 2.6.0 and if I manually specify an address and dns on a client (IE: set LAN to static / 192.168.1.1, set windows client to 192.168.2.1, use .1 as my gateway, set dns manually to 8.8.8.8/8.8.4.4), things DO work as expected. I can get to the web UI as well as the outside internet, speed tests look good - no issues, but I simply can not get clients to receive an IP address via DHCP.
Various things I have tried:
- disabled hardware checksum offloading
- tried updating to the latest development build of pfsense (I read the support for the i225-lm in freebsd 12 might not have been great, so maybe freebsd 14 would make a difference)
- tried opnsense as well (freebsd 13 based)
- did a windows 10 install to sanity check the hardware seemed functional - nothing seemed out of the ordinary
Output of pciconf -lv
igc1@pci0:46:0:0: class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x15f2 subvendor=0x1849 subdevice=0x0000 vendor = 'Intel Corporation' device = 'Ethernet Controller I225-LM' class = network subclass = ethernet
I am not super versed in digging into dhcp logs and other techniques, but with the right guidance, I could probably fumble through it.
Any advice would be appreciated on debugging this, thanks!
-
@triplez What does your hardware say on it for it's REV#? Not specifically the one in the driver here (which says it's 3 but might not be).
It was noted last night in the subreddit that R1 and R2 had physical issues with the 2.5GbE driver but R3 works.
-
@rcoleman-netgate I am a bit of a freebsd newb - what command would help produce that output?
-
@rcoleman-netgate The document located at:
https://www.intel.com/content/www/us/en/support/articles/000057261/ethernet-products/gigabit-ethernet-controllers-up-to-2-5gbe.html
-->
https://cdrdv2.intel.com/v1/dl/getContent/621661 (downloads a pdf...)Has information about the different revisions. The document notes the branding string would be either Intel(R) Ethernet Controller I225-LM or Intel(R) Ethernet Controller (2) I225-LM or Intel(R) Ethernet Controller (3) I225-LM. I'm not sure if this information would be accurately reflected by dmesg in freebsd, but dumping some of the output from dmesg looks like:
igc1: <Intel(R) Ethernet Controller I225-LM> mem 0x76200000-0x762fffff,0x76300000-0x76303fff at device 0.0 on pci4
I'm not smart enough to know if the dmesg output is what I'm looking for, though.
-
Ack, no, sorry. Reinstalled windows and ran the nvm utility referenced here: https://forum.netgate.com/topic/159994/intel-ethernet-controller-i225-lm-support/137
Output:
C:\Windows\system32>C:\Users\Dev\Downloads\mb_driver_intel-i225-firmware-tool\Nvmupdate145\i225\nvmupdatew64e.exe -i -l Intel(R) Ethernet NVM Update Tool NVMUpdate version 1.35.30.0 Copyright (C) 2013 - 2020 Intel Corporation. Inventory [00:045:00:00]: Intel(R) Ethernet Controller (3) I225-LM Flash inventory started. Shadow RAM inventory started. Shadow RAM inventory finished. Flash inventory finished. [00:046:00:00]: Intel(R) Ethernet Controller (3) I225-LM Flash inventory started. Shadow RAM inventory started. Shadow RAM inventory finished. Flash inventory finished. [00:045:00:00]: Intel(R) Ethernet Controller (3) I225-LM Vendor : 8086 Device : 15F2 Subvendor : 1849 Subdevice : 0000 Revision : 3 LAN MAC : A8A159D0C985 Alt MAC : A8A159D0C985 SAN MAC : 000000000000 ETrackId : 80000181 SerialNumber : A8A159FFFFD0C985 NVM Version : 1.87(1.57) PBA : G23456-000 VPD status : Not set VPD size : 0 NVM update : No config file entry checksum : Valid [00:046:00:00]: Intel(R) Ethernet Controller (3) I225-LM Vendor : 8086 Device : 15F2 Subvendor : 1849 Subdevice : 0000 Revision : 3 LAN MAC : A8A159D0C984 Alt MAC : A8A159D0C984 SAN MAC : 000000000000 ETrackId : 80000181 SerialNumber : A8A159FFFFD0C984 NVM Version : 1.87(1.57) PBA : G23456-000 VPD status : Not set VPD size : 0 NVM update : No config file entry checksum : Valid
Looks like rev 3 to me.
-
@triplez it should have no issues there... but I would run a packet capture if you can... focus it on the WAN interface, disconnect and reconnect the cable, see if it asks for a new WAN IP... it probably is, and is getting a response, but I suspect your ISP is PRIQ-tagging their traffic as VLAN0, P7 and that's why you're not getting anything.
-
That is rev.3 you can see it in the pciconf output:
igc1@pci0:46:0:0: class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x15f2 subvendor=0x1849 subdevice=0x0000
But also the issues that applied to were only the i225-V as far as I know so you should be fine i225-LM NICs.
So something else is happening there. Is the dhcpd service even running? Check Status > Sevices.
It should work by default on LAN. It may refuse to start in the event of a conflict though for example.
Check the logs in Status > Logs > DHCP. You should see the service start and clients requesting a lease. Like:Nov 1 00:42:12 dhcpd 92419 Internet Systems Consortium DHCP Server 4.4.2-P1 Nov 1 00:42:12 dhcpd 92419 Copyright 2004-2021 Internet Systems Consortium. Nov 1 00:42:12 dhcpd 92419 All rights reserved. Nov 1 00:42:12 dhcpd 92419 For info, please visit https://www.isc.org/software/dhcp/ Nov 1 00:42:12 dhcpd 92419 Config file: /etc/dhcpdv6.conf Nov 1 00:42:12 dhcpd 92419 Database file: /var/db/dhcpd6.leases Nov 1 00:42:12 dhcpd 92419 PID file: /var/run/dhcpdv6.pid Nov 1 00:42:12 dhcpd 92419 Internet Systems Consortium DHCP Server 4.4.2-P1 Nov 1 00:42:12 dhcpd 92419 Copyright 2004-2021 Internet Systems Consortium. Nov 1 00:42:12 dhcpd 92419 All rights reserved. Nov 1 00:42:12 dhcpd 92419 For info, please visit https://www.isc.org/software/dhcp/ Nov 1 00:42:12 dhcpd 92419 Wrote 0 NA, 0 TA, 0 PD leases to lease file. Nov 1 00:42:12 dhcpd 92419 Bound to *:547 Nov 1 00:42:12 dhcpd 92419 Listening on Socket/6/mvneta1/2a00:23c8:7282:112::/64 Nov 1 00:42:12 dhcpd 92419 Sending on Socket/6/mvneta1/2a00:23c8:7282:112::/64 Nov 1 00:42:12 dhcpd 92419 Server starting service. Nov 1 00:42:26 dhcpd 90650 DHCPREQUEST for 172.21.16.148 from 5e:f7:c8:ae:82:23 (cedev-3) via mvneta0 Nov 1 00:42:26 dhcpd 90650 DHCPACK on 172.21.16.148 to 5e:f7:c8:ae:82:23 (cedev-3) via mvneta0
Steve
-
@stephenw10 Yes, I can confirm the service is running. Thank you for pointing me to those logs, I am learning some new terminology.
(I changed my subnet to 192.168.3.0/24 here)
Here is an excerpt from those logs:
Nov 1 01:40:07 dhcpd 99893 Internet Systems Consortium DHCP Server 4.4.2-P1 Nov 1 01:40:07 dhcpd 99893 Copyright 2004-2021 Internet Systems Consortium. Nov 1 01:40:07 dhcpd 99893 All rights reserved. Nov 1 01:40:07 dhcpd 99893 For info, please visit https://www.isc.org/software/dhcp/ Nov 1 01:40:07 dhcpd 99893 Config file: /etc/dhcpd.conf Nov 1 01:40:07 dhcpd 99893 Internet Systems Consortium DHCP Server 4.4.2-P1 Nov 1 01:40:07 dhcpd 99893 Database file: /var/db/dhcpd.leases Nov 1 01:40:07 dhcpd 99893 Copyright 2004-2021 Internet Systems Consortium. Nov 1 01:40:07 dhcpd 99893 PID file: /var/run/dhcpd.pid Nov 1 01:40:07 dhcpd 99893 All rights reserved. Nov 1 01:40:07 dhcpd 99893 For info, please visit https://www.isc.org/software/dhcp/ Nov 1 01:40:07 dhcpd 99893 Wrote 0 class decls to leases file. Nov 1 01:40:07 dhcpd 99893 Wrote 0 leases to leases file. Nov 1 01:40:07 dhcpd 99893 Listening on BPF/igc0/a8:a1:59:d0:c9:85/192.168.3.0/24 Nov 1 01:40:07 dhcpd 99893 Sending on BPF/igc0/a8:a1:59:d0:c9:85/192.168.3.0/24 Nov 1 01:40:07 dhcpd 99893 Sending on Socket/fallback/fallback-net Nov 1 01:40:07 dhcpd 99893 Server starting service. Nov 1 01:40:25 dhcpd 99893 DHCPDISCOVER from b0:25:aa:2c:b1:69 via igc0 Nov 1 01:40:26 dhcpd 99893 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:29 dhcpd 99893 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:29 dhcpd 99893 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:33 dhcpd 99893 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:33 dhcpd 99893 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:42 dhcpd 99893 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:42 dhcpd 99893 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:49 dhcpd 99893 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:49 dhcpd 99893 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:53 dhcpd 2533 Internet Systems Consortium DHCP Server 4.4.2-P1 Nov 1 01:40:53 dhcpd 2533 Copyright 2004-2021 Internet Systems Consortium. Nov 1 01:40:53 dhcpd 2533 All rights reserved. Nov 1 01:40:53 dhcpd 2533 For info, please visit https://www.isc.org/software/dhcp/ Nov 1 01:40:53 dhcpd 2533 Config file: /etc/dhcpd.conf Nov 1 01:40:53 dhcpd 2533 Internet Systems Consortium DHCP Server 4.4.2-P1 Nov 1 01:40:53 dhcpd 2533 Database file: /var/db/dhcpd.leases Nov 1 01:40:53 dhcpd 2533 Copyright 2004-2021 Internet Systems Consortium. Nov 1 01:40:53 dhcpd 2533 PID file: /var/run/dhcpd.pid Nov 1 01:40:53 dhcpd 2533 All rights reserved. Nov 1 01:40:53 dhcpd 2533 For info, please visit https://www.isc.org/software/dhcp/ Nov 1 01:40:53 dhcpd 2533 Wrote 0 class decls to leases file. Nov 1 01:40:53 dhcpd 2533 Wrote 0 leases to leases file. Nov 1 01:40:53 dhcpd 2533 Listening on BPF/igc0/a8:a1:59:d0:c9:85/192.168.3.0/24 Nov 1 01:40:53 dhcpd 2533 Sending on BPF/igc0/a8:a1:59:d0:c9:85/192.168.3.0/24 Nov 1 01:40:53 dhcpd 2533 Sending on Socket/fallback/fallback-net Nov 1 01:40:53 dhcpd 2533 Server starting service. Nov 1 01:40:54 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 via igc0 Nov 1 01:40:55 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:58 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:40:58 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:06 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:06 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:22 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:22 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:33 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:33 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:37 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:37 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:41 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:41 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:49 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:41:49 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:42:06 dhcpd 2533 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 01:42:06 dhcpd 2533 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0
So it appears there are offers. I've never used any packet capture techniques, but I assume there are ways to further inspect the traffic on the client and see what it is actually getting. I will look into this.
-
Yes, indeed it appears the client either never sees the DHCP offer or is rejecting it.
Running a packet capture on the pfSense LAN port should confirm it is being sent at least.
https://docs.netgate.com/pfsense/en/latest/diagnostics/packetcapture/webgui.htmlRunning a capture on the client directly would show if it's seeing the offers.
Is that laptop connected directly to the LAN port or is there anything in between?
Steve
-
@stephenw10 Hello again, sorry for the delay.
Yes, the laptop is corrected directly to the LAN port. I did try with a dumb switch in between as well, but behavior was the same. So, running the following tests with the direct connection - my observations...
Packet capture examples from pfsense / LAN / filtered to UDP ports 67, 68
18:15:24.760838 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300 18:15:31.645623 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300 18:15:38.506824 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300 18:15:54.523784 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300
Those look like DHCPOFFERs, right?
Looking at the dhcpd logs around the same time:
Nov 1 18:15:30 dhcpd 55122 DHCPDISCOVER from b0:25:aa:2c:b1:69 via igc0 Nov 1 18:15:31 dhcpd 55122 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:15:38 dhcpd 55122 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:15:38 dhcpd 55122 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:15:54 dhcpd 55122 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:15:54 dhcpd 55122 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:16:26 dhcpd 55122 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:16:26 dhcpd 55122 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:16:29 dhcpd 55122 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:16:29 dhcpd 55122 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:16:37 dhcpd 55122 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:16:37 dhcpd 55122 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:16:54 dhcpd 55122 DHCPDISCOVER from b0:25:aa:2c:b1:69 (LAPTOP) via igc0 Nov 1 18:16:54 dhcpd 55122 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (LAPTOP) via igc0
Running wireshark on the client (LAPTOP) around the same time:
17 1.006514 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xad5daadb 136 4.741099 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xad5daadb 242 12.625480 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xad5daadb 351 28.641990 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xad5daadb 368 60.515676 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x520c9611 372 63.732579 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x520c9611 376 71.626199 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x520c9611 379 88.361085 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x520c9611
I tried running a packet capture on the client using my existing working router just so I would know what the data should look like (this is now the 192.168.2.0 subnet):
1 0.000000 0.0.0.0 255.255.255.255 DHCP 358 DHCP Request - Transaction ID 0xd7cb8c86 2 0.005490 192.168.2.1 192.168.2.72 DHCP 342 DHCP ACK - Transaction ID 0xd7cb8c86
-
Did you already try disabling hardware checksum offloading? And rebooted to be sure it applied?
Seeing that in a pcap in the igc driver but not at the other end of a directly connected cable implies the hardware is not putting it on the wire for some reason.
Steve
-
@stephenw10 I did and rebooted multiple times throughout all my testing.
I noticed some generic error message in the windows event view logs:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address xxx. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Which seems...not useful. I tried a completely different windows machine (laptop has a realtek NIC, other machine has an intel NIC) and observed the same behavior. Just to try and rule out some windows issues, I booted a live ubuntu image and experienced the exact same behavior. Can set a manual address and get connected, but DHCP does not work.
pcap (all UDP traffic, might be extraneous things in here) on pfsense LAN:
00:51:11.692951 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 285 00:51:11.693055 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300 00:51:12.587322 IP6 fe80::3ee5:e629:f781:f4ce.5353 > ff02::fb.5353: UDP, length 45 00:51:13.264491 IP6 fe80::3ee5:e629:f781:f4ce.5353 > ff02::fb.5353: UDP, length 139 00:51:16.287778 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 285 00:51:16.287871 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300 00:51:16.590436 IP6 fe80::3ee5:e629:f781:f4ce.5353 > ff02::fb.5353: UDP, length 45 00:51:40.538343 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 285 00:51:40.538453 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300 00:51:40.607481 IP6 fe80::3ee5:e629:f781:f4ce.5353 > ff02::fb.5353: UDP, length 45 00:51:54.490489 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 285 00:51:54.490570 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300 00:51:56.306841 IP6 fe80::3ee5:e629:f781:f4ce.5353 > ff02::fb.5353: UDP, length 139 00:51:57.050628 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 285 00:51:57.050703 IP 192.168.3.1.67 > 192.168.3.10.68: UDP, length 300 00:51:57.592485 IP6 fe80::3ee5:e629:f781:f4ce.5353 > ff02::fb.5353: UDP, length 45 00:51:58.339711 IP6 fe80::3ee5:e629:f781:f4ce.5353 > ff02::fb.5353: UDP, length 139
dhcpd logs:
Nov 2 00:49:41 dhcpd 89628 DHCPDISCOVER from b0:25:aa:2c:b1:69 via igc0 Nov 2 00:49:42 dhcpd 89628 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (kubuntu) via igc0 Nov 2 00:49:46 dhcpd 89628 DHCPDISCOVER from b0:25:aa:2c:b1:69 (kubuntu) via igc0 Nov 2 00:49:46 dhcpd 89628 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (kubuntu) via igc0 Nov 2 00:49:54 dhcpd 89628 DHCPDISCOVER from b0:25:aa:2c:b1:69 (kubuntu) via igc0 Nov 2 00:49:54 dhcpd 89628 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (kubuntu) via igc0 Nov 2 00:50:11 dhcpd 89628 DHCPDISCOVER from b0:25:aa:2c:b1:69 (kubuntu) via igc0 Nov 2 00:50:11 dhcpd 89628 DHCPOFFER on 192.168.3.10 to b0:25:aa:2c:b1:69 (kubuntu) via igc0
To echo what you said, at this point...I think it is some kind of hardware issue. With my limited networking knowledge, it doesn't feel? like this is a pfsense issue. I also tried upgrading to the latest pfsense plus version just to see if anything different would happen - no dice.
There does appear to be a newer version of the NVM for this NIC, though I could not figure out how to get the nvm tool to update (it kept failing with a nondescript error message). I contacted ASRock about this / if they have a way for me to update it, but have yet to hear back. The release notes are as follows:
(in picture form) https://imgur.com/B0LTT74
(or text)Version 1.68: • Increment security revision variable in CSS header • Upgrade PHY FW to 4C08-8754 • Fix LM HW sku value in MAC FW
I doubt it would make a difference, but it's unlikely I could get it updated before my return window on this device is up - and it would be much less stress to simply get a netgate appliance I know would work
-
Hello again,
I long since returned the unit and got my installation working on another device with no issues. That said, I just (7 months later!) got an update from ASRock that it was in fact a problem on their end. If anyone somehow ends up here via google, it might be good to know that as of 6/2/2023, this is the situation:
We have used isc-dhcp-server (Linux) & Open DHCP Server (Windows) to test in our lab, and we are able to duplicate your symptom.
Test Configuration
BIOS: P1.40
Memory: Corsair CMSX32GX4M2A3200C22
Storage: Kingston A400
OS: Ubuntu / Windows 10 LTSC 2021
We have discovered LAN1 (Intel I225-LM with vPro Essentials) could not work as DHCP server properly.
When we switch to LAN2 (Intel I225-LM without vPro), the client PC could receive DHCPOFFER (assigned IP).
After some further testing, we found the symptom is related to vPro (AMT) function of I225-LM in general.
Currently, we are still co-working with Intel to solve this symptom.
If there is any update about the solution or conclusion, we will inform you as soon as possible. -
Hmm, good to know. I wonder what's blocking that....
-
Nice they confirmed the issue is on their side but gee Intel. With some of the previous issues with rolling out 2.5gb chips one would think they’d make sure to avoid that again. But no……
-
Mmm, we haven't seen any issues like that on the i225/226 NICs we have. But, yeah....
-
I think there must be some sort of conflict between AMT & DHCP Server function with I225 NIC.
So far, I couldn't get DHCP Server to work if I225-LM has AMT enabled.
The temporary solution for DHCP Server to work is disabling I225-LM's AMT function.
Not sure if this is also the case with I226 NIC tho. -
I have the same ASRock NUC.
How can I disable the AMT function ? On my NUC Bios ?
3 months after having bought this unit, I still cannot use it as I would like and if I don't find a solution, I will resell it.
-
I have the Intel NUC 11 Pro Kit NUC11TNHv70L, which also has a 2.5GB Intel Ethernet Controller I225-LM NIC. I have pfSense installed and have also pulled out my hair for the past three weeks, trying to set up pfSense on Proxmox on the NUC. I've followed all the instructsions for Proxmox, and I've also chatted quite a bit on discord with some experts on Proxmox.
I've set up packet capturing on both clients and server (pfSense), and I'm experiencing the same.
DHCPACK and DHCPOFFER packets are sent from pfSense, but they do not go beyond the network card. They are never received by the client. When I came across this thread, I thought I had my answer. I was using AMT. So I disabled it, but the issue remains.
When I swap DHCP servers to another one on my network, everything works great. When I swap the LAN interface on pfSense to use a USB-Ethernet plugged into the NUC and set up on Proxmox as a Linux Bridge, that also works great.
But using the Intel Ethernet Controller I225-LM does NOT work with pfSense's DHCP Server. I've tried PCI direct. I've tried Linux bridges. I've tried everything.
DHCPACK and DHCPOFFER packets are not received by the client. Something is preventing the packet from going beyond the Intel Ethernet card. There is an issue with this card and pfSense's DHCP Server or with this card and DHCP Server's in general.
I hope someone can figure out why and provide an update/fix.
-
How did you deactivate the AMT function ?
I have an ASRock 1220p.
Thanks