DHCP problem

cb831

What would the above log look like if ok ?

Something like

DHCPREQUEST on vr0 to 255.255.255.255 port 67 
DHCPACK from 79.142.231.1 
bound to 79.142.231.106 -- renewal in 150 seconds. 

DHCPREQUEST on vr0 to 79.142.231.1 port 67 
SENDING DIRECT 
bound to 79.142.231.106 -- renewal in 150 seconds. 

repeat above 3 every 150s

???

wallabybob

Sorry, I don't have a record of dhclient extending a lease in my system logs, but I would guess it would look something like what you provided. (My WAN link has its IP address provided by DHCP.)

cb831

Reading initial post I guess it should look like

Jan 31 00:07:32	dhclient[48305]: DHCPREQUEST on dc0 to 10.0.0.254 port 67
Jan 31 00:07:32	dhclient[48305]: SENDING DIRECT
Jan 31 00:07:32	dhclient[48305]: DHCPACK from 75.20.148.1
Jan 31 00:07:32	dhclient[48305]: bound to 75.20.151.141 -- renewal in 300 seconds.

and I do not get the ACK meaning that my FW does not recoqnize the ACK eventhough I can see it on the wire.

Any Ideas ?

wallabybob

@cb831:

Any Ideas ?

Something wrong with my earlier suggestions?

cb831

Certainly not :-)

But I did look into the logs and see that the FW does not recognize the direct dhcp ack.
I also checked the fw log and I see no drops (all my rules are logging including the default drop).
And I tried to allow anything from my DHCP server on the WAN interface.

But I still see the issue.

I tried to configure a CISCO 806 with ip address dhcp and it works like a charm. So problem must be that pfSense does not recoqnize the ack on the direct renew…
Is that a pfSense issue or an issue in the underlying FreeBSD ?

Thanks
Claus

cb831

Looks like this is the same issue

http://forum.pfsense.org/index.php?topic=19149.0;wap2

cb831

GOT IT:

There is an error in the FreeBSD implementation of dhclient. If I substitute the 70 dhclient with the 80 ditto the protocol runs smoothly

arc01fw03:/var#  ./dhclient -d sis3
DHCPREQUEST on sis3 to 255.255.255.255 port 67
DHCPACK from 79.142.231.1
bound to 79.142.231.106 – renewal in 150 seconds.
DHCPREQUEST on sis3 to 79.142.231.1 port 67
DHCPACK from 79.142.231.1
bound to 79.142.231.106 -- renewal in 150 seconds.

wallabybob

I don't understand what you mean by the 70 dhclient. Would you please explain?

cb831

I mean the /sbin/dhclient executable which runs the dhcp client logic.
If I replace this executable (which is based on FreeBSD 7.0 for pfSense 1.2.2) with the FreeBSD 8.0 executable it works as my previous post indicates.

As of now the 8.0 dhclient has renewed successfully without broadcast for 8h :-)

So now I just need to find out how to replace dhclient in /sbin which is R/O on my CFCARD. Right now i killed the /sbin/dhclient and run the 8.0 version out of /var on the pfSense command line.

Thanks

wallabybob

Understood, thanks.

Have you tried pfSense 1.2.3, which is rather more up to date than pfSense 1.2.2?

cb831

Actually I'm awaiting 2.0 but maybe this was a wrong strategy.

Also found http://www.pubbs.net/200902/freebsd/23740-dhclient-cant-renew-lease.html which suggests replacing the 7.0 dhclient with the 7.1 counterpart.

Is 1.2.3 FreeBSD 7.1 based ?

wallabybob

pfSense 1.2.3 is based on FreeBSD 7.2

cb831

I just installed 1.2.3 Nano 2G image on my CFCard and except for problems assigning interfaces to WAN and LAN and LAN IP address using the console (it ignored my input :-/) I managed to restore my configuration by assigning IP 192.168.1.2 to my own machine.

Now everything - including dhcp - seems to be fine :-)

Thanks for the input !!

Claus

cb831

UPDATE:

Upgrading to 1.2.3 was not enough to remove the failures renewing directly.
However substituting the /sbin/dhclient with the dhclient from FreeBSD 8.0 did the trick.

Thanks
Claus

Tuckie

Anyone have a copy of dhclient from 8.0 that they'd be willing to send me?

Thanks in advance, and much kudos to cb831!

edit: I got impatient so I downloaded the 220MB iso to extract the 77K file ;)

It appears to be working, I'm now getting:
Aug 16 17:30:35 dhclient[63382]: bound to 99.99.207.xxx – renewal in 300 seconds.
Aug 16 17:30:35 dhclient[63382]: DHCPACK from 99.99.206.xxx
Aug 16 17:30:35 dhclient[63382]: DHCPREQUEST on vlan0 to 10.0.0.1 port 67

Instead of:
Aug 16 17:11:03 dhclient[18353]: bound to 99.99.207.xxx – renewal in 300 seconds.
Aug 16 17:11:03 dhclient[18353]: DHCPACK from 99.99.206.xxx
Aug 16 17:11:03 dhclient[18353]: SENDING DIRECT
Aug 16 17:11:03 dhclient[18353]: DHCPREQUEST on vlan0 to 10.0.0.1 port 67

Hopefully it won't be dropping now.