Can’t get WAN IP from FiOS
-
I've used and continue to use pfSense with many FIOS installs, it works fine. Which ONT is it? Have you experimented with manual speed/duplex settings?
FIOS residential can be problematic with DHCP release/renews if you aren't using their equipment. For this reason, I usually CLONE THE MAC of whatever crap Actiontec etc gateway they supply before I throw it in the garbage. This way, their network thinks it's talking to the original equip and does not balk at handing out IPs. Saves a lot of wasted time calling into national tech support.
Thanks very much for the tip!
Cloning the MAC address of my DD-WRT router, which has worked for many years was the first thing I did to troubleshoot.
I will explore manual speed/duplex settings, when I get a chance.
-
Ok if you already did that, then yeah - tcpdump/Wireshark is your next move.
Here's a starting point-
1. pull out the cat5 cable from your FIOS ONT
2. ssh to your pfsense, go to opt 8 and run the following:
tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68
3. plug the cable back in and wait about a minute for some packets to be captured
4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)
5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>
-
Ok if you already did that, then yeah - tcpduimp/Wireshark is your next move.
Here's a starting point-
1. pull out the cat5 cable from your FIOS ONT
2. ssh to your pfsense, go to opt 8 and run the following:
tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68
3. plug the cable back in and wait about a minute for some packets to be captured
4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)
5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>
Thanks very much for the recipe!
-
I've used and continue to use pfSense with many FIOS installs, it works fine. Which ONT is it? Have you experimented with manual speed/duplex settings?
FIOS residential can be problematic with DHCP release/renews if you aren't using their equipment. For this reason, I usually CLONE THE MAC of whatever crap Actiontec etc gateway they supply before I throw it in the garbage. This way, their network thinks it's talking to the original equip and does not balk at handing out IPs. Saves a lot of wasted time calling into national tech support.
When I first detailed this out years ago on Verizon FiOS. Simply cloning the MAC was not enough. Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options). Soon as that was added it worked. Even without cloning the MAC. But the beauty of cloning the MAC and fully impersonating the ISP provided router is being able to swap them at will without breaking the lease. Or even run them in parallel if desired.
Frontier FiOS has dropped the use of option-125 and reduced the lease expiration from Verizon's 2 hours to 30 minutes. Much more out of the box compatible.
P.S. Check out the pfSense Status / Interfaces page. 2.4 and 2.3.3 now has relinquish lease option to send the DHCP release message to the server. :)
-
When I first detailed this out years ago on Verizon FiOS. Simply cloning the MAC was not enough. Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options). Soon as that was added it worked.
Hmm interesting! Could you point me to some more info on using that DHCP OPT 125? Never needed it myself, but I am in NYC (not Frontier country) and have an older Alcatel I211MK ONT (still GPON, but I don't think they use these much anymore…)
-
-
Which ONT is it?
How do I find out?
Look at the sticker on the back?
Google it and try to find the one that looks like yours?
https://www.google.com/search?site=&tbm=isch&source=hp&biw=1280&bih=676&q=fios+ont -
When I first detailed this out years ago on Verizon FiOS. Simply cloning the MAC was not enough. Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options). Soon as that was added it worked.
Hmm interesting! Could you point me to some more info on using that DHCP OPT 125? Never needed it myself, but I am in NYC (not Frontier country) and have an older Alcatel I211MK ONT (still GPON, but I don't think they use these much anymore…)
The two links in the second post of this thread.
Also advanced search for impersonate or Actiontec for user NOYB. -
Have you looked at system logs? Are there anything regarding this issue?
I have had some issues connecting FIOS (not verizon) and this was pure hardware issue, ex realtek NIC on pfsense side that incorrectly established link with FIOS. Manually changed link speed on realtek to 100mbit and it's got an IP, but this can be related only to Realtek. -
For pfSense
Diagnostics / Packet Capture
Interface: WAN
Port: 67
Level of detail: FullDownload the capture and view in Wireshark.
For DD-WRT
Don't know. Not familiar with it.
If it doesn't have any menu driven capture, maybe it has tcpdump.
If it doesn't have internal capture capability then maybe capture live with Wireshark by plugging PC into it's WAN port and then turn it on.I employed an old Netgear 100BaseT hub. I plugged the FiOS feed into the uplink port and both my LinkSys router running DD-WRT and my Mac into one of the other four ports.
Being a Mac guy, I used an app called CocoaPacketAnalyzer. I think, I managed to capture at least one of the DHCP packets:
58:6D:8F:30:6A:58 is the WAN MAC address of the router.
Am I on the right track?
-
Ok if you already did that, then yeah - tcpdump/Wireshark is your next move.
Here's a starting point-
1. pull out the cat5 cable from your FIOS ONT
2. ssh to your pfsense, go to opt 8 and run the following:
tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68
3. plug the cable back in and wait about a minute for some packets to be captured
4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)
5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>
I followed your instructions. Here is my command line output:
[2.3.2-RELEASE][xxx@xxx.com]/root: tcpdump -i re0 -w dhcplog.pcap -s 0 port 67 or port 68
tcpdump: WARNING: re0: no IPv4 address assigned
tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C0 packets captured
0 packets received by filter
0 packets dropped by kernelWhy would it say, “0 packets captured?” Doesn’t that point to something else being wrong, i.e., that re0 (my WAN interface) is incorrectly configured, somehow?
-
post output of
ifconfiggo simpler… try
tcpdump -i re0 tcpdump -i re1 tcpdump -i re2make sure you are capturing on the right interface … you should see packets flying by
-
Ok if you already did that, then yeah - tcpdump/Wireshark is your next move.
Here's a starting point-
1. pull out the cat5 cable from your FIOS ONT
2. ssh to your pfsense, go to opt 8 and run the following:
tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68
3. plug the cable back in and wait about a minute for some packets to be captured
4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)
5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>
post output of
ifconfiggo simpler… try
tcpdump -i re0 tcpdump -i re1 tcpdump -i re2make sure you are capturing on the right interface … you should see packets flying by
It turns out that while troubleshooting I had inadvertently changed the NIC speed to something incorrect. So, I have been able to capture DHCP packets:
It looks to me like the one shown here is either a DHCPOFFER or a DHCPACK message. The DHCP server is at 72.86.40.1 (= 0x48562801) and offers the IP address 72.86.40.140 (= 0x4856288C). I haven’t figured out, yet, which of the two it is.
-
Still not enough info. Seems like pfSense is acquiring a valid WAN IP 72.86.40.140 from the ONT. You don't have anything nonstandard in your WAN DHCP config do you? Might be able to tell more if you PM me a pcap file. If you're worried about leaking any private info, just disconnect your LAN first so only traffic between pfsense <-> ONT is in the capture. Try a packet capture without any filters- need to see other traffic in addition to the BOOTP.
-
Well, it turns out that that one of the NICs in my Zotac ZBOX-CI321NANO-U-W2B was bad.
I found out by swapping the WAN and LAN cables. While before the box failed to get an IP address from my ISP, after the swap it couldn’t be pinged by the LAN. After the swap the router did just fine setting up connectivity with the ISP.
I have now filed an RMA for replacement under warranty with Zotac. It had been an open-box unit purchased from Amazon for a real steal. Very possibly the previous owner had found the problem and returned it for credit without reporting the issue.
-
@luckman212 seems like you have a solid background with WAN IP issues on devices. My FiOS connection keeps dropping on the WAN interface and comes back when I reset the interface. Is there any way to solve this ?
I posted in detail here what is happening:
https://forum.netgate.com/topic/133896/wan-drops-connection-3-4-times-a-day-to-r210-ii-verizon-fiosThank you!