pfSense WAN dhcp client exiting (error)
-
I had bought an extra mini NIC for a thin client (the computer is much faster than my old test computer) and it only arrived from China last week and so I now have one Pfsense for production and two with different hardware to test.
You won't believe me now, all three computers, despite having different hardware, showed the same error.
It took me ages to restore the individual backups (one per backup era) of the production onto the two test servers and then test them.
None of this made any difference. So in the end, completely frustrated, I went and deleted every single configuration on the test server, step by step. That took a really long time because I had rebooted the test server in the meantime, just to be sure that the change had an effect.
After that didn't help, I compared the configuration of a new, fresh installation, line by line from the XML backup file, what an amazing job and was actually able to find the error, this line triggers the loop:
<media>autoselect</media>
The entry "autoselect" is under Interfaces/WAN Speed and Duplex, which the programmers can now find out and also why the loop begins with it (see script rc.linkup Line "interface_configure($iface, true, true);").
Even a fixed value didn't solve the problem for me.
You just need to switch back to "Default (no preference, typically autoselect)"; ATTENTION do not set autoselect to "typically" where the text "WARNING: MUST be set to autoselect (automatically negotiate speed) unless the port this interface connects to has its speed and duplex forced." is misleading.
Ugh, what an act!!!
-
Urgh. Well nice to actually find the issue at least. Were all three devices using the same NIC type, all Realtek NICs?
-
Of the NICs, mainly Intel (different versions with different processors) and Realtek (different versions with different processors, tested with and without package Realtek-Re-km98.00_3).
In the meantime, the Firewall Ipfire and the Sophos Firewall had also installed on the two test computers, there were no problems.
Estimated the Pfense version 2.7.2 up to 50 times on the two test computers completely reinstalled in order to have comparable outcome.
Likewise, the script rc.linkup manipulated in order to generate entries in the system log, determined that this script is called several times (different PID in the logs), which the analysis really made really difficult.
Other mistakes discovered, but I will first have to search for whether they are known in the forum and whether there is already a solution.
I have had enough of testing now, I have other hobbies ...
-
Hmm, I've seen issues with igc flapping when you set 'autoselect' specifically but not any other driver.
-
Since I now know what I have to look for, I have busy with autonegotiation today and the pfSense version 2.7.2 definitely has a problem (not above the boot).
A restart of the ISP modem was simulated. Whatever led to a loop of the WAN Interfaces (if it under interfaces/wan/speed and duplex = autoselect).
I tried this with different NIC´s and Switches between the pfSense and the ISP, the problem can be clearly reproduced.
The solution to me is that the Switch/ISP is on negotiation and the pfSense, as already described, remains on default.
-
Hmm, so I assume a switch in between the modem and pfSense prevent the NIC flapping when the modem is reset?
Autoselect should be the default link setting anyway. The difference is that when you set the interface to autoselect, rather then leaving it set to default, the system runs ifconfig against it. That shouldn't make any difference but it seems in some circumstances it can.
-
No, the Switch simulates the NIC of the ISP modem and when I turn the Switch off, it is as if the ISP modem is booting, well and then the loop is created by the pfSene.
Since I also have a dedicated SYSLOG server, I can check this. PfSense is the only firewall that has problems with this, the other computers, firewalls or NAS etc. have no problems with it.
-
But if you do have the switch between the modem and pfSense it prevents the loop if the modem is rebooted? In other words it's a layer 1 problem, not layer 2.
-
No, nothing prevents the pfSense from looping!
Load the current version 2.7.2 onto a boot stick, install it on a computer (attention the hard drive will be deleted), accept everything, log in and change to autoselect under Interface/WAN/Speed and the nightmare begins!
-
Ok testing here....
