Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Could DHCP Have Blocked our internet traffic

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 186 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RutReturns
      last edited by

      I wasn't sure if this was the correct place to put this or not.
      Let me preface this post by saying the network is up and running now, but the issue I had and the way I fixed it is the reason for this post. I wanted to see if this is a normal issue or just random. This is kind of a long explanation, but I want to try to show what all I did before fixing the problem and how I got to where I was.

      Network Structure of the office in question (Relatively small and simple)(all windows machines):
      15 workstations
      2 servers (handling DNS for network)
      1 x 48 port network gigabit switch
      6 Unifi Access points
      1 PFSense firewall (also handling DHCP for network)
      1 OpenVPN server running on firewall (certain users use OpenVPN to connect a laptop from home then RDP into their workstations)

      I run Splashtop Business for remote access to PC's. Small app runs on all PC's and servers that connects to the web then to an app for me. I click their name in the list and connect right to them from any device. You will see that this is important in this case for troubleshooting.

      So I get a call the other day their network is down and no one can access the internet.
      My first move is to open the Splashtop app and verify everyone is offline. To my surprise only the workstations were offline. The 2 servers were still online. To verify I went ahead and connected to one of them and it worked fine.

      My next move was to connect OpenVPN from my office workstation to their office to see if the firewall would respond. OpenVPN connected right up no issues or delays.
      I logged into the firewall to verify all the services were running and to see if I saw any issues. All looked normal.

      I switched back into the server (logged in through Splashtop) and started pinging IP's within the network. All IP's responded properly.
      From the server, I tried to RDP into one of the workstations and I was successful.

      Now, on the workstation I was connected to (through RDP from the server using Splashtop) I ran some ping tests and everything in the network pinged successfully. I thought maybe it was a DNS issue so I started NSLOOKUP and it was working perfectly. I was able to resolve any address i was looking for. So I tried to ping google DNS server but got no reply. Something was blocking this traffic.

      The workstation I was logged on to was one of the ones a user works on from home. In the DHCP server, it has a static entry but the static address IS NOT set on the actual NIC of the PC. I didn't think about this until the end but it matters.

      So I backed out of the PC and went back in to the firewall since at this point everything seemed to be functioning just no traffic to the web. I will not explain everything I checked on the PFSense box since honestly none of it mattered but as I was going through it, I ended up on the DHCP status screen and I noticed every single device in the network showed inactive/offline. I knew this wasn't correct because I was logged on to a workstation and pinged various devices on the network successfully so I thought maybe there was something not working properly on the DHCP service. My next step was to restart the DHCP service. I waited a few minutes to give things time to update but nothing changed on the DHCP status screen. So I rebooted the PFSense firewall.

      Within about 2 minutes I got a text from the oringinal person in the office telling me the wireless is working now and they are able to get online, but none of the workstations were able to connect to the web still.

      My next step was to go back in to my Splashtop app and see if ANY workstations were back online and there were a few. I still didn't put it all together just yet as to what the factor was that was keeping the other workstations offline.

      Back in college, a professor told me once if I ever get in to a situation where there doesn't seem to be any logical explanation, reboot the device. This usually doesn't hold true when multiple devices are involved but I figured I had nothing to lose so I used Splashtop to log back in to the server and RDP'd back in to the same workstation I had logged in to before. I rebooted the machine just to see and would you believe it worked!!

      I sent the message telling everyone that couldn't get online to reboot their machines and it worked. All of the machines except for one could get back online.

      I logged back in to the PFSense box and went back to DHCP status and now every machine that was able to get online, showed active/online.

      Apparently the only one that couldn't was because she wasn't at her desk and didn't get the message to restart.

      So here is what I figured out in all of this:

      • Somehow, DHCP either got stuck or froze or something but because of it didn't see any of the online devices and any device it didn't see was blocked from web access.
      • The servers IP addresses were set statically on the server NIC's themselves which is probably why they could get online. The DHCP service wasn't needed for them.
      • The wireless devices and the workstations that were using dynamic addresses were able to get online first as soon as the firewall was rebooted.
      • The workstations that rely on static addresses from the DHCP server itself needed to be rebooted. I assume I could've done a ipconfig /release and /renew on each one to refresh the connection but I had them rebooted before I thought about it.
      • All the devices still had their IP addresses so I was able to communicate between them (which I assume was because their lease times weren't up and could hear from a DHCP server)

      So DHCP was clearly the culprit of this outage but I am not sure it was the sole process responsible.

      Has anyone else had this type of issue?
      Does anyone know what actually caused this?
      IS there a way for me to see a log or something that could show what exactly went wrong?
      If so, does anyone know how to prevent this in the future?

      I know this was long and I appreciate you taking the time to read it. I was trying to be thorough and not leave anything out because I know sometimes the smallest details matter in a case like this.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.