Static arp in DHCP overwritten

netbug

Hi,

When adding a static DHCP mapping we select "Create an ARP Table Static Entry for this MAC & IP Address pair."
After saving the static mapping can be found in the ARP table shortly, but it is overwritten after 15 to 60 seconds by the default value of 1200 seconds.

We are using a Netgate 3100 with 23.09-RELEASE (arm).

Please look into this and provide a fix if possible.

Any help would be appreciated.
Thanks.

johnpoz

@netbug there was some previous issues with static arp.. But I thought those were all addressed in 23.09 - there was a patch available before.

But I have a static arp set for one of my IPs in dhcp.. And shows perm for the arp entry

netbug

@johnpoz , thanks for your reply!

The IP that i have added as static arp in the DHCP server is: 192.168.50.60

But at this moment it show up as expiring:
[23.09-RELEASE][admin@pfSense.localdomain]/root: arp -a | grep -i 192.168.50.60
? (192.168.50.60) at aa:11:bb:cc:1b:aa on mvneta1 expires in 1197 seconds [ethernet]

When I add, by means of testing, the static arp via the command line I get the following results:

Add the static mapping:
[23.09-RELEASE][admin@pfSense.localdomain]/root: /usr/sbin/arp -s 192.168.50.60 aa:11:bb:cc:1b:aa

Then view the results:
[23.09-RELEASE][admin@pfSense.localdomain]/root: arp -a | grep -i 192.168.50.60 && date
? (192.168.50.60) at aa:11:bb:cc:1b:aa on mvneta1 permanent [ethernet]
Thu Nov 16 23:15:57 CET 2023

After e few moments again it shows:
[23.09-RELEASE][admin@pfSense.localdomain]/root: arp -a | grep -i 192.168.50.60 && date
? (192.168.50.60) at aa:11:bb:cc:1b:aa on mvneta1 expires in -1700172951 seconds [ethernet]
Thu Nov 16 23:16:04 CET 2023

And a few moments later it states:
[23.09-RELEASE][admin@pfSense.localdomain]/root: arp -a | grep -i 192.168.50.60 && date
? (192.168.50.60) at aa:11:bb:cc:1b:aa on mvneta1 expires in 1187 seconds [ethernet]
Thu Nov 16 23:17:53 CET 2023

After that the static mapping is gone and replaced with the default expire of 1200 seconds.

johnpoz

@netbug

I am unable to duplicate this on my 23.09

netbug

@johnpoz

Thanks for testing.

In my test the device was turned on and online on the given IP.
Was that also the case in your test?

Furthermore I have noticed that it sometimes takes longer before it is overwritten.
Maybe you can check again after e few hours and then check again if it is still permanent?

Also: Does anyone have an idea why there is sometimes a negative expire: -1700172951?
For example: ? (192.168.50.60) at aa:11:bb:cc:1b:aa on mvneta1 expires in -1700172951 seconds [ethernet]

The only entry that remains constantly permanent is the LAN interface IP: pfSense.localdomain

The rest all changes back to expiring in e few seconds to max a few minutes.

netbug

Ok, did some additional tests and it becomes clearer now.

• When i ad a static ARP via the DHCP server on a lease that is offline, it stays permanent.
• The moment the device comes online, the behavior starts as described.
• Also when i refresh the lease using dhclient -r and than dhclient the static arp entry turn expiring.

johnpoz

@netbug well as you can see in my previous one that was a real client.. But let me me set say static for my PC and see if I can get it go away from static arp..

BRB

edit: ok there seems to be something still wrong with statics..

So I set a static for my 192.168.9.100 in the dhcp server

And once hit apply that seems to be working, BUT!!! if I just do a renew of the dhcp is seems to stick - but when I release and renew then the arp is no longer set to static

So yeah something doesn't smell right for sure.. Once it set static on pfsense, it should always be static..

netbug

@johnpoz

Good to hear you can replicate it.

Could you let me know what the next step will be to create a bug report?
Or is this ticket the bug report :)

johnpoz

@netbug I believe there was redmine about this already.. Might be able to re open it, maybe its some sort of regression, I thought it was fixed at one point. At least the symptom that was reported then - but this looks different, if I recall correctly the static entries were not surviving a reboot.

I don't think this was brought up back in the previous issues with static arp..

The static not surviving a reboot is for something pfsense could do something about. But his is odd, a client gettings IP that was reserved for it and set as static - shouldn't somehow undo the static??

When I get a chance I will look in redmine if there is something related to this - if not I will open one and point to this thread.

johnpoz

@netbug ok there is a redmine that talks about this

https://redmine.pfsense.org/issues/15010

Here is simple way to duplicate it.. Reposted with more info, and also showing that can duplicate it really at will. So notice I had static set, but arp not showing static

See the 192.168.9.100, but if I hit save in there then it shows up as static again.

Now if you just do a renew on the dhcp client it seems to stay static - but have noticed it go to that large neg number

But if I do a full /release and then renew on the client, its back to dynamic

edit: so just some more info.. Notice that static setting for 9.10, that is my nas and it actually has the IP set on the nas static. I just put that static reservation in there from a previous arp issue where they were not surviving reboot. But that client since its not dhcp the arp entry stays as perm..

Looks like this is the correct redmine

https://redmine.pfsense.org/issues/14970

netbug

@johnpoz Thanks for your help. Will wait for a fix.

PS: This issue started after the latest upgrade of pFsense.

mlharmon

@netbug For what it's worth, I ran into this same issue recently and found a workaround that seems to be effective.

In pfSense, I added the cron package and then created a job that runs every 19 minutes with the following command that creates a static arp entry such as:

arp -s 192.168.9.10 00:11:32:7b:29:7d

Hopefully you or someone else stumbling across this post will find this information helpful.