Android and DHCP
-
Hello all,
This is my first post in the PFSense forums, though I have been using pfsense for a long time now. Also, please excuse my English as it's not my native language.
I have a weird issue with Android devices and dhcp. My wireless router is a D-Link DIR 855 and this is plugged in my switch to be part of the LAN which has 10.10.1.0/24 network (D-Link is a network member and as a gateway it uses the PFSense interface). Pfsense is configured to handle dhcp leases for this subnet and the D-Link is used only as an access point, forwarding requests to PFSense.
The configuration works very well with almost all my devices, except my Nexus 5 (now using Android 6 which was offered as an official upgrade) and my wife's Samsung Galaxy S3. Both of them do not get an IP address even though they look to be connected but they are not able to get to the Internet. I even says "Connected but no Internet access". If I try to offer the IP based on their MACs it works very well but if I go back to automatically assign via dhcp, same issue.My iPad Air works correct, every other device I tried with works, except the Android devices. I checked the dhcpd logs and the requests get to PFSense but no IP is offered and if I check the device I see some random IP that i guess the device takes when it cannot get a dhcp lease.
I have another network 10.10.6.0/24 with Linksys E1200v2 which works without issues with all devices. This has dd-wrt installed and it is used the same way, as an AP, PFSense handles dhcp requests.
Any of you got this issue?
-
I've never had this issue and plenty of my users have Android devices. This sounds more like a problem between your D-Link router and Android. Have you tried adjusting the security settings on your D-Link or manually setting the channel? Just Googled the problem and quite a few links came up mentioning the same kind of issues.
-
Will try to check the channel and security settings. As far as I know they are WPA2-Personal, same as the iPad. Also, like I said, I see the device negotiating the IP address but the lease doesn't get through. I'll keep looking, will keep you guys in the loop.
Also, any other suggestions are welcomed, thanks.
-
Your saying pfsense does not send offer upon getting a discover from them? I would sniff and take a look at the actual discover to see why pfsense might not send offer, you sure pfsense just doesn't have any free IPs available? You say it works when you set reservation?
Seems like a no brainer solution then - just set reservation ;)
-
I would not say a no brainer :)
The functionality should work. I'll try to sniff the traffic and see. I see the following steps:dhcpd: DHCPDISCOVER from <android_mac>via em1
dhcpd: unexpected ICMP Echo Reply from <wan gateway="">dhcpd: DHCPREQUEST for <android_generic_ip>(<android_generic_ip_broadcast>) from <android_mac>via em1: wrong network.
dhcpd: DHCPNAK on <android_generic_ip>to <android_mac>via em1
dhcpd: DHCPOFFER on 10.10.1.92 to <android_mac>(android-bc7f624dc4286c05) via em1It seems PFSense offers the IP, it looks like a valid lease but the phone does not take it.</android_mac></android_mac></android_generic_ip></android_mac></android_generic_ip_broadcast></android_generic_ip></wan></android_mac>
-
Well, then you have a phone problem, not pfSense one.
-
Only Android phones…
-
Yes. And?
-
I would agree if the issue is with only one device. But when you try with 2-3 devices and the result is the same I guess some digging would help…
Other devices work as expected. I don't think PFSense is the problem, I just want to get some suggestions, maybe something I have overlooked. -
The phone sends DHCPREQUEST, gets DHCPOFFER, then it refuses that… Dig into your phone/Android.
-
"dhcpd: DHCPREQUEST for <android_generic_ip>(<android_generic_ip_broadcast>) from <android_mac>via em1: wrong network."
So its doing a request for wrong network?? Its so much easier to just see the sniff vs log, that your obfuscating mac addresses??
What IP is it asking for, did a ping go out and it comes back with an answer from your gateway??
"unexpected ICMP Echo Reply from <wan gateway="">"</wan></android_mac></android_generic_ip_broadcast></android_generic_ip> -
What IP is it asking for, did a ping go out and it comes back with an answer from your gateway??
"unexpected ICMP Echo Reply from <wan gateway="">"</wan>That part's just a quirk of dhcpd's listening, it sees gateway monitoring ping replies. Doesn't hurt anything as it just ignores it and log spams.
-
So much better to just sniff and see exactly what is going on, what gets requested, what gets offered, etc. etc..
-
Guys, thank you all for your ideas.
I solved the issue and I am happy to say that both Android and PFSense have no issues (it was kind of clear from the beginning).
The problem here was VMWare Workstation, let me explain: I use my desktop as a home lab and have a some network interfaces that I bridge in order to get all the networks I need. I did the whole config on Win 8.1 but when I migrated to 10, for some reason, it did not migrate the networks correctly and I had to redo them. It seems that even after this was done, there was one more issue. Workstation started the DHCP and NAT services in Windows, services that I had stopped and selected to start only manually.
For some reason DHCP was started and using VMNet1 as a custom network with IP 192.168.209.x/24 and some wireless devices went to this DHCP server for leases. It's interesting because VMNet1 is bridged with my LAN 10.10.0.X/24. The only way I can see the weird interface was if I used Virtual Network Editor without admin right (start Workstation not as an admin but as a normal user, screenshots attached). Screenshot 1 is taken without admin rights and screenshot 2 with admin rights and as you see they both have VMNet1. Windows does not report that virtual interface but for some reason it was there giving out IP leases. After I stopped Workstation DHCP service, everything is running smoothly.
Sorry for the long post and thanks for all your help.
Best regards,
Andrei
-
The problem here was VMWare Workstation
In future, you might want to mention this little nugget a little sooner. Virtualized installs add a whole other level of details & troubleshooting.
-
The network was hidden even with ipconfig /all so I didn't really know, only after some troubleshooting.