DHCP simply fails to issue leases, but is running on both CARP peers.

Numbski

I can simplify this down to two log entries.  At startup I get this in the logs of my backup pfSense box:

Jun 29 14:47:53 dhcpd: failover peer declaration with no referring pools.
Jun 29 14:47:53 dhcpd: In order to use failover, you MUST refer to your main failover declaration
Jun 29 14:47:53 dhcpd: in each pool declaration. You MUST NOT use range declarations outside
Jun 29 14:47:53 dhcpd: of pool declarations.
Jun 29 14:47:53 dhcpd: failover peer dhcp1: I move from recover to startup

Hmm…

So back on box one, we get this:

Jun 29 15:11:25 dhcpd: failover peer dhcp0: I move from startup to recover
Jun 29 15:11:21 dhcpd: DHCPDISCOVER from 00:11:24:a6:2c:85 via sis0: not responding (startup)

I get that "not responding" error over and over again, either stating "startup" or "recovering".  No matter what however, I cannot get an IP address assigned.  Does this sound familiar to anyone?

hoba

Please paste the config of both dhcp servers. Also make sure there is a shared carp IP on the Interface were the both DHCP Servers are running.

Numbski

Box one:

option domain-name "oss-solutions.net";
default-lease-time 7200;
max-lease-time 86400;
authoritative;
log-facility local7;
ddns-update-style none;
one-lease-per-client true;
deny duplicates;
failover peer "dhcp0" { 
  primary;
  address 172.16.10.2;
  port 519;
  peer address 172.16.10.3;
  peer port 520;
  max-response-delay 60;
  max-unacked-updates 10;
  split 128;
  mclt 600;

  load balance max seconds 3;
}
subnet 172.16.10.0 netmask 255.255.255.0 {
        pool {
                deny dynamic bootp clients;
                failover peer "dhcp0";
                range 172.16.10.101 172.16.10.200;
        }
        option routers 172.16.10.1;
        option domain-name-servers 172.16.10.2;
}

Box Two:

option domain-name "oss-solutions.net";
default-lease-time 7200;
max-lease-time 86400;
authoritative;
log-facility local7;
ddns-update-style none;
one-lease-per-client true;
deny duplicates;
failover peer "dhcp0" { 
  secondary;
  address 172.16.10.3;
  port 520;
  peer address 172.16.10.2;
  peer port 519;
  max-response-delay 60;
  max-unacked-updates 10;
  mclt 600;

  load balance max seconds 3;
}
subnet 172.16.10.0 netmask 255.255.255.0 {
        pool {
                deny dynamic bootp clients;
                failover peer "dhcp0";
                range 172.16.10.101 172.16.10.200;
        }
        option routers 172.16.10.1;
        option domain-name-servers 172.16.10.3;
}

hoba

Not sure if this causes the problem but why are your dns-servers different? Configuration should be the same on both machines. You can use the shared CARP IP as DNS if you want to make this failovercapable.

Numbski

Not the cause.  I have since changed that dns setting with no effect.  It appears that the systems request a DHCP IP, and then when the pfSense box tries to issue it, it times out getting there (odd…)

Numbski

Resolved.  Several issues I've had were all related to this one problem.

http://forum.pfsense.org/index.php?topic=1582.msg9276#msg9276