Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense as DHCP server and DD-WRT as access points: DHCP not passing thru DD-WRT

    Scheduled Pinned Locked Moved DHCP and DNS
    35 Posts 5 Posters 11.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      sure - but send up that other sniff as well from pfsense.

      What exactly is release renew for - once you switch from static to dynamic it would request ip…

      You already have the sniff be it at mirror port or pfsense -- do sniff on client as well.  From the sniff you showed it looks to be a full dhcp transaction.. discover, offer, request, ack

      dhcp servers dont send out offers unless they see a discover, and clients don't send out requests unless they see the offer.  So clearly client and server are seeing each others traffic.  Only question is did it not see the ack for some reason.  So sniff on client tells you that side of the story.

      And looking into the details of the offer and request and ack tells you what was offered what was requested, etc.  If you don't see another discover or request then you got a client problem where thinks it has IP but is not actually setting it on the interface, etc.  Because if for some reason it didn't like or see the ack it wold send out more requests or discovers.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • G
        gjaltemba
        last edited by

        @Derelict:

        Put your ddwrt in bridge mode (I think they stupidly call it "router" mode or something, which confuses everyone involved.)

        My ddwrt is configured as Gateway mode, WAN disabled and DHCP Server disabled now. Wireless clients obtain ip from active DHCP server on lan.

        1 Reply Last reply Reply Quote 0
        • R
          riahc3 Banned
          last edited by

          @johnpoz:

          sure - but send up that other sniff as well from pfsense.

          What exactly is release renew for - once you switch from static to dynamic it would request ip…

          Just to force it a "release" and "force" a renew.

          @johnpoz:

          You already have the sniff be it at mirror port or pfsense – do sniff on client as well.  From the sniff you showed it looks to be a full dhcp transaction.. discover, offer, request, ack

          Sorry for the stupid question but can I sniff in Wireshark with a 802.11n adapter under Windows correctly?

          Im gonna see if I can do this now as Im a bit in a hurry…

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Yeah this is really dead simple to turn any wireless router be it running dd-wrt or native firmware as AP.  You connect it to your network with a lan port and disable its dhcp server = AP.  You don't even really need an IP on your lan if you don't want - that just makes it easier to admin the wifi portion from your network is all.

            Its actual lan ip has nothing to do with bridge the wifi to to the lan ports.

            It seems clear to me from the sniffs, and that wired clients on the dd-wrt is getting dhcp fine that must be something wrong with the client to be honest.  Once we see sniff on the wifi client we can be sure - but he has shown in sniffs a full transaction discover, offer, request, ack..  That the client doesn't get the ack but gets the offer and sends a request seems odd.

            I would guess something wrong with client.  Once we see the full sniff and details of offer and request and ack maybe we will know more, etc.  But the mode of the router be it gateway/router/ap sholdn't really matter in pretty much every mode it bridges the wifi to the lan, and clearly there is discover going out on the wired lan for pfsense to see and send out a offer, etc.

            edit: unless windows sniffing wifi ?  What?  Your not sniffing the wifi traffic off the air, your sniffing the traffic that the client sees once its authenticated to the wifi network..  You should have on problems sniffing that be it windows, linux, bsd, whatever..  Here I fired up wireshark, connected to wifi network - here is it seeing traffic.  Notice the DELL, that is my built in wifi adapter – nothing fancy, etc.  Where you can have problems is sniffing the raw wifi traffic without being authed to the wifi, etc.

            wifiint.png
            wifiint.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • R
              riahc3 Banned
              last edited by

              Change to RAR and check your pm johnpoz

              wireshark.txt

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                This is from your sniff on the client called client1.cap

                It shows your client releasing 1.88, then requesting 1.88 and then the dhcp server giving it 1.88 with the ack,.

                If your client is showing that it doesn't have an IP address, then that is on the client - because from this it clearly thinks it does.  It even releases that IP back to the dhcp server before it asks for new one and gets back 1.88 again, etc..

                But your client clearly shows ACK for the dhcp transaction when you sniff.  So your issue is with client nothing to do with pfsense or dd-wrt.

                I hid your mac because you had done that previous, and not my place to say what or what you don't want on public forum, etc.  But it all the same mac, etc..

                yourclientsniff.png
                yourclientsniff.png_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Everything is also in Status->System Logs->DHCP on pfSense.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • R
                    riahc3 Banned
                    last edited by

                    @johnpoz:

                    This is from your sniff on the client called client1.cap

                    It shows your client releasing 1.88, then requesting 1.88 and then the dhcp server giving it 1.88 with the ack,.

                    If your client is showing that it doesn't have an IP address, then that is on the client - because from this it clearly thinks it does.  It even releases that IP back to the dhcp server before it asks for new one and gets back 1.88 again, etc..

                    But your client clearly shows ACK for the dhcp transaction when you sniff.  So your issue is with client nothing to do with pfsense or dd-wrt.

                    I hid your mac because you had done that previous, and not my place to say what or what you don't want on public forum, etc.  But it all the same mac, etc..

                    So with this you are saying it is a Windows 8.1 problem?

                    Before making this post, I thought back about what you said that it was only this client so I ran a few tests.

                    With my Android smartphone, it does seem to get a IP from the pfSense and it can access the internet.

                    So you mentioned its a problem with the client…..so I want ahead and tested if the problem is the laptop or Windows 8.1

                    I loaded up a LiveUSB with Ubuntu on the same laptop and IT GETS A IP AND CAN ACCESS THE INTERNET.

                    I took ANOTHER step. Windows 8.1 Safe Mode with networking. Same thing so the problem is obviously Windows 8.1

                    So now what?  >:( It is so frustrating that at the end of the day its the fault of a operating system that randomly decides not to work.

                    Obviously this is WAY out of the scope of pfSense so Im not sure what do to/ask anymore...

                    @Derelict:

                    Everything is also in Status->System Logs->DHCP on pfSense.

                    Yup. It shows basically the same thing johnpoz posted in the pictures.

                    1 Reply Last reply Reply Quote 0
                    • R
                      riahc3 Banned
                      last edited by

                      Wired works.

                      Oh fuck this…..now it suddenly works. I plugged the wire, unplugged the wire, tried to connect via wifi, and now it gets the IP, gateway, everything thru DHCP.....

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Same thing is in the logs for this, but its best to see with your own eyes sometimes what is happening with these protocols vs just a log dhcp server saying it sent offer, etc..

                        For you 8.1 problem - try resetting the tcp/ip stack.  In elevated prompt

                        netsh int ip reset

                        or netsh int ip reset c:\path\resetlog.txt

                        if you want a log.  Also check firewall settings and or antivirus/security software..  What is odd is it releases the address, so it knows it has it - just not showing/using it.  Try the reset of the stack.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • R
                          riahc3 Banned
                          last edited by

                          @johnpoz:

                          Same thing is in the logs for this, but its best to see with your own eyes sometimes what is happening with these protocols vs just a log dhcp server saying it sent offer, etc..

                          For you 8.1 problem - try resetting the tcp/ip stack.  In elevated prompt

                          netsh int ip reset

                          or netsh int ip reset c:\path\resetlog.txt

                          if you want a log.  Also check firewall settings and or antivirus/security software..  What is odd is it releases the address, so it knows it has it - just not showing/using it.  Try the reset of the stack.

                          Now it works. Do you still recommend I do this johnpoz?

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ
                            johnpoz LAYER 8 Global Moderator
                            last edited by

                            What it just started working out of the blue?  Or did you actually do something.. Is it using a different IP than the 1.88 one?  If its working then there would be no reason to reset the stack.

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            1 Reply Last reply Reply Quote 0
                            • R
                              riahc3 Banned
                              last edited by

                              @johnpoz:

                              What it just started working out of the blue?  Or did you actually do something.. Is it using a different IP than the 1.88 one?  If its working then there would be no reason to reset the stack.

                              1: I plugged the laptop wired and it got a IP from DHCP
                              2: I unplugged it, wireless connected automatically and it got a IP from DHCP.

                              I did nothing else. Yes, ipconfig shows it got a .88

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                very odd..  But sounds like your good to go then.

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.8, 24.11

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.