Cannot get DHCP functioning on 2nd Interface
-
Hi Gertjan, I have probably spent 10-15 hours over the past week and a half trying to get it up and running, but it's still not working. I've deleted all my VLANs and have tried to just get a simple laptop to try to get an DHCP address which I'm still unable to and recreated my interfaces several times, and I've also gone to /conf/config.xml to try to manually debug the interface but its still not working. I would post the code but it gets flagged as spam and i can't respond.
I'm starting to wonder if there is a BIOS/UEFI issue.
-
OPT3 = LAN2 right ?
Check on the console :
[24.03-RELEASE][root@pfSense.bhf.tld.tld]/root: ps ax | grep 'dhcpd -u' 7029 - Ss 0:11.34 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid igc0 igc1 igc2where I have "igc0 igc1 igc2" you should have "ixl0 igc1ixl1" = the interfaces on which dhcpd, the DHCP server daemon, is running.
I would stay away from VLAN as long as possible, and use VLANs only if basic networking is ok.
For DHCP to work on an interface like LAN2, not firewall rules whatsoever are needed as hidden DHCP pass rules will get inserted if you activate a DHCO server on an interface.
So, as soon as you hook up a device on LAN2, it should get a DHCP lease . yiu can check that by runningipconfig /allon that device.
Before hooking up, start a packet capture and hunt for DHCP traffic :
Select your interface igc1, traffic = UDP and port will be "67 68".
11:59:37.674838 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 11:59:38.677680 IP 192.168.2.1.67 > 192.168.2.37.68: UDP, length 363 11:59:39.748836 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 11:59:39.749441 IP 192.168.2.1.67 > 192.168.2.37.68: UDP, length 363where the 192.168.2.x network is my igc1.
Look also at Status > System Logs > DHCP
-
I did check my pfsense rules, and it does show the DHCP rules are enabled on port 67/68 based on /tmp/rules/.debug.
https://docs.netgate.com/pfsense/en/latest/firewall/pf-ruleset.html
I ran wireshark packet capture on my laptop, which sends the broadcast, but receives nothing from the PFsense router.
Also here's the packet capture from the router, where it does receive the broadcast request from Laptop:
-
Funny thing here is that it makes the DHCP offer before it receives the broadcast from the Laptop.
-
That a discover first, and then an offer afterwards for me, which is the right sequence.
The transaction ID is the same, so, who send the discover, got a reply. -
@Gertjan So any idea why my end device isn't getting any packets back? I've tried 3 laptops and a router, none of them gets a DHCP address, but it works if I manually assign a static IP. It also worked earlier if I assign a VLAN (getting DHCP).
-
What's between that 'device' and the pfSense LAN NIC ?
What happens when you connect the device by wire from the device NIC to the pfSense NIC ?
What was the device you were using to make the image :
as it saw the discover, broadcasted from the device, and the offer, send from pfSense.
-
What's between that 'device' and the pfSense LAN NIC ?
- Only a wire, the pfSense NIC a nd the device is directly connected
What happens when you connect the device by wire from the device NIC to the pfSense NIC ?
- This is how it is currently connected.
What was the device you were using to make the image :
- The image you replied to was captured using the built in pfSense packet capture utility which I saved as a pcap file and loaded into wireshark.
- I've run a packet capture on the end device using wireshark, when there is only a single wire through but I never see any of the pfSense packets that is reported on the pfSense packet capture tool.
-
After 3 weeks of trying to solve this issue, I'm about to return my hardware appliance and get a UniFi if I can't figure this out, its my last week before my return window trying to get PFsense working....
-
Wait ...
You are having troubles with the 'second' network.
What happens when you make LAN this second network, and the second network LAN ?
If the issues follows the NIC, you might have a NIC that can receive but not send ?! -
I tried that a few weeks ago and it actually worked (DHCP and all). It has to be a configuration issue and I cannot figure it out for the life of me. As I said, the LAN connection works if I:
1 - Manually assign a static IP
2 - When I had a VLAN setup to this LAN and the end device, DHCP works perfectly!
3 - When I configure it as a simple LAN interface and I also tried bridging it, I cannot get it to work.Primary LAN is a i226LM, secondary is a i226V
I've also double checked the BIOS settings (it's a Minisforum MS-01.
Last thing I'm going to try to backup my config, wipe everything and try to reconfigure it from scratch.I presently only have PFsense installed (directly, no proxmod or virtualization yet) and I'm using this as a HomeLab eventually. Was dipping my hand into PFSense trying to do more control before return to a commercial solution.
-
So I wiped the disk, and reinstalled from scratch, and before I did anything else, I configured the second LAN, and it worked.....I then reloaded my saved config I backed up prior to the wipe, and it was still working....
So something broke that wasn't related to my configuration and I have no idea what. So at this stage ( I had tried several attempts to reboot/reroot and lots of things, but something in the install broke basically).
-
T the other referenced this topic on
-
@Jedi2155 This is probably a bit late, but it might still help others out in the future:
If you have this issue, with the MS-01, it isn't your fault. It has to do the with I226-lm. It has intel Vpro on it, which for some reason messes with the DHCP leases. It's a known issue that's been around for a year or 2.
I was struggling with the same issue for a week or so until I stumbled upon an article that explained this in more detail.
On other systems you can turn off intel Vpro properly, but on the ms-01 it doesn't fix it for some reason.
-
@Danyo Thank you! I got it working now generally but it doesn't work in all cases and it depends on the end device. For example the i226-LM DHCP works with my Desktop which has an Intel NIC but it doesn't work if I plug it into my laptop (which doesn't have an Intel NIC), or my LG TV. This only applies to the i226-LM as you suggested but not the i226-V.
I'm wondering what within your research suggested issues with Vpro (which when I googled) is an umbrella term for dozens of features including several VM ones which are toggleable on the MS-01 BIOS. I have moved pfsense into a proxmox container so VM features are pretty useful even I don't know what they all do (yet).
-
@Jedi2155 I found several topics about it, but the main reason for it is this:
https://www.asrockind.com/en-gb/index.php?route=newsblog/faq&faq_id=91
On asrock boards they have the option to fully turn the function off, which allows DHCP leases to work once again.
edit.: it's interesting that it does work with intel devices on the other end, I have only tried my laptop and TV, and neither work, I might give my desktop a try later see if that works. Or just cave in and use that connection for the WAN side.
-
@Danyo Where did you read about the Intel devices works? i have searching about everywhere to find more info about this problem.
-
Its a firmware bug on that Intel port with remote management. Minisforum is aware as I have been complaining about for over a year now. You'll have to use one of the SFP+ ports. I've heard turning on KEA DHCP may fix it.
-
I was able to fix it by wiping and re-installing PFsense strangely. I also might've turned off some of those remote management features in the BIOS during the wipe that was turned on before the wipe.
