DHCP - No Free Leases (pf_2.4.3-release-p1)
-
Hi there,
I'm having the following issue:
I've configured a /19 network, a pool of 8170 IPs (reserved 20 IPs), and started having "no free leases" messages after about 1500 leases or such...
Here's an example of that:
Aug 1 13:50:32 dhcpd DHCPDISCOVER from 8c:8e:f2:xx:xx:xx via em11: network 10.0.192.0/19: no free leases
Aug 1 13:50:31 dhcpd DHCPDISCOVER from 00:22:57:xx:xx:xx via em11: network 10.0.192.0/19: no free leases
Aug 1 13:50:27 dhcpd DHCPDISCOVER from 40:9c:28:xx:xx:xx via em11: network 10.0.192.0/19: no free leases
Aug 1 13:50:26 dhcpd DHCPDISCOVER from 40:9c:28:xx:xx:xx via em11: network 10.0.192.0/19: no free leasesConfigured the same scope on a Cisco router and had no problems, with currently 2500+ active leases.
Can't understand why pfsense DHCP is saying "no free leases", when it still has more than 3/4 IPs left.
Tried to reduce the lease time, from 3600 to 900, and max lease to 1800 , but it's still the same...At around 1500+ leases I start getting "no free leases" messages.
If I restart ou stop/start the service, it's only the time until the leases catch up and start seeing the same error again.
I read other users talking about file permissions and leases not being released, but that years ago.
Anyone has any ideas how to solve this?
Thank you!
Best regards,
Hugo -
What did you define as the DHCP pool?
-
could you post the output of the file /var/dhpd/etc/dhcpd.conf
maybe there is an issue with huge subnets? (biggest i have in production is a /22)also, have you tried enabling the rrd-graphs for dhcpd ? (you can check the usage over a period of time then)
-
-
Here's the output:
option domain-name "gestao"; option ldap-server code 95 = text; option domain-search-list code 119 = text; option arch code 93 = unsigned integer 16; # RFC4578 default-lease-time 900; max-lease-time 1800; log-facility local7; one-lease-per-client true; deny duplicates; ping-check true; update-conflict-detection false; authoritative; subnet 10.0.192.0 netmask 255.255.224.0 { pool { ignore bootp; ignore-client-uids true; range 10.0.192.20 10.0.223.240; } option routers 10.0.223.250; option domain-name-servers 10.0.223.250; default-lease-time 900; max-lease-time 1800; }
I've 5000+ users on-site, so I really needed the /19 subnet...:)
Although I've been lucky, since I've not seen more that 3000 connected at the same time (WiFi), but with IoT and everyone having 2 or 3 devices, it's just a question of time.The graphs are enabled:
And this is strange...
The DHCP is OFF and there are still 1519 leases, even tough they should have already been deleted...
Maybe that's the problem...leases not being deleted?But for that to be the issue, there should be more ppl complaining about it, no?
Thank you!
-
I don't think that graph will change until you reenable dhcpd and it actually expires the leases. You can see from the graph that they were increasing during peak and decreasing during off-peak.
I have run at least a /19. It might have been larger.
I have never seen no free leases unless there were actually no free leases.
Except on one occasion where someone enabled MAC Allow in the DHCP Server instead of creating a MAC Address Passthrough in the Captive Portal.
That was fun.
-
So it's strange...Even with just 1500+ leases it started complaining about no free leases...
I also tried to change range, stop/start and nothing, always the same problem.Really out of ideas on how to solve this...besides relying on an external dhcp server...:-/
-
I guess you should learn the format of the dhcp leases file and take a look there to see what you can see.
https://www.freebsd.org/cgi/man.cgi?query=dhcpd.leases&sektion=5&manpath=freebsd+ports
That file is located at
/var/dhcpd/var/db/dhcpd.leases
in pfSense. -
I've looked into the files.
It's pretty standard stuff and I've not spotted any problems.Here's a example of a lease:
lease 10.0.210.31 { starts 3 2018/08/01 12:28:38; ends 3 2018/08/01 12:43:38; tstp 3 2018/08/01 12:43:38; cltt 3 2018/08/01 12:28:38; binding state active; next binding state free; rewind binding state free; hardware ethernet 88:d7:f6:xx:xx:xx; set vendor-class-identifier = "android-dhcp-7.0"; client-hostname "android-xxxxxxxxxxxxxxxx";
The pool permits 8000+ IPs, but after 1500+ it starts giving "No Free Leases" error messages.
Any ideas?
Thank you!
-
Update:
I've deleted all the leases from dhcpd.leases and deleted the dhcpd.leases~ file and activated the dhcp server on pfsense again and until now, no problems...:-)
2039+ leases and going, without any issues...
Will let this run for a couple of days to see if the problem is resolved...
The 1st time, the system was already running for at least 1 week, before ppl started complaining. -
Same problem...:(
Just 1248 leases in use this morning, but already the message "network 10.0.192.0/19: no free leases"...
It must be some pfsense dhcpd issue...since I never had this problem with other dhcpds...
Anyone any ideas?
Thank you!
-
It's ISC dhcpd just like everyone else runs.
You have enough RAM?
-
That's the thing...it's pretty standard stuff...or it should be!
Never had this problem with any other dhcpd in the past...It's something on pfsense...what...I don't know...
If I switch to another dhcpd, on another *nix box...no problems, cisco router...no problems, windows server...no problems...
Just pfsense having issues...RAM is OK...
Memory usage
62% of 16325 MiB -
I found this on another forum...Makes any sense?
This and similar errors RECENTLY started happening to me too. It appears that dhcpd made a significant change in how it handles ranges assigned to a subnet. It appears that if you have any hosts with a fixed-address that exists in your range, the entire range is ignored for anything other than your host entries! This IMHO is a step backwards, but here is my workaround (declare every address in your range as a range itself)
From what I understand...if someone has a fixed address, the dhcpd goes crazy and ignores the range?! Is this correct?!
Thank you!
-
That's how it has been as long as I can remember, the dynamic range is for truly dynamic addresses and static mappings have to outside any dynamic range.
-
pfsense gui will not let you put in a reservation for an IP that is inside your pool.
Other than windows dhcp, which allows for reservations inside a pool.. Yeah your reservations are outside your pool range.. Is that what causing you problems?
-
What I make of it :
@ihugof said in DHCP - No Free Leases (pf_2.4.3-release-p1):
It appears that if you have any hosts with a fixed-address that exists in your range,
So : "If there is some device that has a fixed IP - and this IP is within a pool of the serving DHCP, dhcpd goes on strike".
It can be any client with a user (who doesn't like DHCP) and he assigned to his device a static IP, which brings down the whole cirque ?If this IP can be arpped down, that you should try to firewall it out, and restart dhcpd ...
-
The thing is...anyone can decide to try to fix their IP...and that seems to "crash" the dhcpd...
-
It seems that anyone that try to fix their own IP...can cause problems...Which is kind of dumb...dhcpd side anyway...
-
I have never seen that... I can try and duplicate here.
Just so everyone is clear your pool is say .100 to .200
Then some client sets itself static at .150 and your saying dhcpd stops handing out any IP/Leases in that pool.. Or fails to hand out to a client asking for .150?
That would be stupid and for sure an issue, because your saying any single client on a network could cause what amounts to a dos attack just by setting a static IP to some other IP in the range it got from the dhcpd at first.