Static WAN interfaces crashes, DHCP is OK
-
I have setup pfsense, where the WAN interface is a static IP address. Normally this will be setup with DHCP from leases from the ISP. I know the IP addreses which are available to me, which are normally set with DHCP, so I know that this is a valid static IP. the static IP is NOT assigned/reserved from DHCP.
But when I set this static IP, the internet is up for around 15-30 minutes, and then the connection just dies, with ALARM WARN PINGER in the log of pfsense.
If I use DHCP on the WAN interface the connection is stable…This have been running fine for at least 2-3 weeks, but suddently The day before yesterday evening this behaviour began.
The ISP does give support "3. party products", but I am awaiting answer if assigning static IPs can cause issues like these.
It is kinda irritating, because now I cannot add a secondary IP (VIP), which I really need, (and the IP can change which is potentially bad)Can there be anything in pfsense that are the reason for this sort of behaviour.
-
What are the actual log entries in pfSense? Apinger will give more information about why it triggered an alarm. It could be that the gateway IP you have set is reacting the monitor pings sent by pfSense and blocking them causing apinger to think the connection has gone down. Try setting the monitor IP to something different in System: Routing: Gateways: (edit gateway) Monitor IP: A common address to use is 8.8.8.8, Google's public DNS.
Steve
-
Hi,
Thanks for answering. I have talked to the ISP which confirms, IP's MUST be assigned by DHCP. >:(
About the apinger check, when it says is down, IT IS down, it is not a false positive. -
Hmm, Ok. Maybe they have a very short DHCP lease time then.
You need to use static IP for the VIP? Do you have a range of public addresses?Steve
-
Hi,
Actually the lease times is 7 days..
Without knowing the details, it seems to be that their equipment must register this lease, so the equipment learns the MAC address of the equipment in my end. When it is first registret via dhcp, I can remove the DHCP lease, and change it to static (with the same IP as I got from the DHCP). But after some time this then stops working. If I just set a static IP, before the DHCP it is not working. This behaviour is the exact same from pfsense, and a laptop I have plugged in as a test directly to the modem, so I guess there is nothing really I can do.
I have sent by "complains" to my ISP, then we see how it goes. Most likely I will get nothing from it. :)Yes I have a handfull of public addresses (not in range though, or a full subnet).
-
Since any VIP you add will inherit it's MAC from the parent interface, could you not set a VIP to use DHCP?
Steve
-
There is one and only one instance where I would even attempt what you seem to have been trying for days now…
If I were running a public facing DNS server.Other than that, why don't you just use the default DHCP on the WAN and get DynDNS or something to track the changing IP?
BTW - I know my IP address also, but if I set it via static, my ISP will kick me also and say "They don't know why".
Its happening because they don't want you to have a static IP unless you fork out more $$$ for it.
They do it purposely.“Insanity: doing the same thing over and over again and expecting different results.”
Albert Einstein -
Hi,
I am using DHCP on the WAN, but I cannot use DHCP on an VIP on the WAN interface.
-
So your ISP provides you with multiple public IPs but you have to use DHCP to get them? And they are not fixed?
Seems odd.Steve
-
So your ISP provides you with multiple public IPs but you have to use DHCP to get them? And they are not fixed?
Seems odd.Steve
The IPs are fixed, but have to be optained using DHCP… :o
-
Well, completely broken. Complain to the ISP.
-
Indeed. ;)
Since any VIPs will inherit their MAC (unless you can spoof it?) DHCP cannot work. The easiest way around this may be to add more NICs instead of using VIPs. I don't know how practical that might be for you.
Steve
-
His situation is EXACTLY the same thing I already beat my head against with the install in Denmark and the ISP sounds exactly same, right down to the 5 IPs over DHCP. Had to use multiple virtual NICs on a pfsense 2.1 32bit install in esxi. (64bit version was being testy)
The bad news is it forced me to use DHCP at WAN.
Good news is the IPs haven't ever changed… YET.
-
Currently their are talking about some legal bull**** for why this is done :)
Anyhow, yes that is indeed possible, but I currently only have 3 nics on my alix board, which was ment like this, WAN,LAN,DMZ. if this cannot be done, I might have to drop the DMZ, or drop the idea of multi public IP for reverse NAT, depending on the source network.
-
Or get something with 5 physical NICs + 1 for LAN or something bigger with only 2 that will allow you to run pfsense in esxi… + VLAN switch.
-
His situation is EXACTLY the same thing I already beat my head against with the install in Denmark and the ISP sounds exactly same, right down to the 5 IPs over DHCP. Had to use multiple virtual NICs on a pfsense 2.1 32bit install in esxi. (64bit version was being testy)
The bad news is it forced me to use DHCP at WAN.
Good news is the IPs haven't ever changed… YET.
It is not really a problem, if the IPs changes RARELY, even with "static" IPs. I know that there are no real static IPs for home users, if you really want real static IPs you have to go with a pro line.
Which ISP is this? Full**** ? -
If you are looking to just repurpose those IPs for something in the DMZ, maybe the "Proxy requests to DHCP server on WAN subnet" option could be used.
-
Yes - Its fullrate…. Reading their Dutch pages was so fun for me.
You know how us Americans love the beautiful Dutch language.
Its like Greek to me, but I could do better with Greek. -
Yes - Its fullrate…. Reading their Dutch pages was so fun for me.
You know how us Americans love the beautiful Dutch language.Its Danish :)
-
Shut up… I meant to say Danish - Everybody knows they speak Danish in Denmark...
Especially us Americans - Its virtually our second language.
(Its early - I haven't had my coffee. No making fun of the dumb American guy before coffee :()
The guy who actually owns the rig had some phrases he wanted me to say so he could laugh at our dumb accents. :P
