Verizon FiOS and pfSense DHCP Issue
-
@JKnott Ok so with their router connected to the ONT directly and pfsense behind that, the internet has stayed up now for almost 3 hours. I guess on Saturday and I will reconnect everything back the way I had it. I will try the mac spoofing too. I really don't understand what could be causing this but I will troubleshoot further on the weekend and update as I know more. If you have anything you think I should look at, let me know. Thank you JKnott for your help.
-
I have uploaded capture files from Packet Capture. There used to be a problem where the file extension had to be change, but I thought that had been fixed.
-
@JKnott Hi JKnott. This morning I reconnected everything back through pfSense. I tried the mac spoof. Still went down right at the 2 hour mark. What I just did a few minutes ago was remove that new nexus 3048 switch i put in and put my old catalyst 2960s in. That is the only change that was made when this all started happening. I really don't know why that would cause any issues but I figured i just try it. If this doesn't work though, I have no idea what could be causing this. It goes down on the dot every 2 hours. It just goes offline and starts experiencing packet loss with the gateway and thus can't renew a dhcp address. I will update further as I know more. If you have anything you think I should check let me know. Thank you.
-
@JKnott Ok update real quick. So putting the old switch back did not change anything which I thought would be the case. What I am currently trying is I took an off the shelf router (Linksys AC1200). I have my FiOS ONT connected to that and single LAN connection from the router to a pc here. I have internet right now. I am going to wait 2-3 hours here to see if it stays up or not. If not, then there has to be something Verizon changed. If it does stay up, then I have a problem in pfSense somewhere and I will probably need some help because I changed nothing on pfSense recently other than some of my vlans. The vlan numbers didn't change I just changed some interface addresses. For example, I changed my wired subnet from 192.168.20.0/24 to 172.16.20.0/24. All my internal vlan routing and connections have been fine though. No issues there.
Do you think it would be worth it to just reinstall pfSense? I am not really running any major packages right now. I use Avahi, DHCP Relay (to my Windows DHCP Server), Squid (mainly just for the AV), and I have the DNS Resolver on which I dont even really need on anymore. I had it on for when I was messing around with pfBlockerNG. I will update after this test. If anyone has any ideas, I would appreciate it. Thank you for your help and time.
-
See what happens with the other router. I don't know that reinstalling pfSense would help, but it wouldn't hurt.
-
@JKnott Hi JKnott. So the Linksys router never went offline. It was online for like 4 hours with no issues before I went back to pfSense. I really have no idea what to check at this point. Exactly two hours after reset the WAN interface, I get packet loss according to the gateway monitor (I tried turning this off but that didn't work) and then the WAN goes offline. I can simply release and renew the wan in the status > interfaces and it comes back up. Anything else I should check short of just reinstalling pfSense from scratch? Thank you for your help.
-
@capn783 said in Verizon FiOS and pfSense DHCP Issue:
@JKnott Hi JKnott. So the Linksys router never went offline. It was online for like 4 hours with no issues before I went back to pfSense. I really have no idea what to check at this point. Exactly two hours after reset the WAN interface, I get packet loss according to the gateway monitor (I tried turning this off but that didn't work) and then the WAN goes offline. I can simply release and renew the wan in the status > interfaces and it comes back up. Anything else I should check short of just reinstalling pfSense from scratch? Thank you for your help.
Hi @capn783 - a fellow pfSense user here with a FiOS internet connection. I have not seen troubles like the ones you describe though. Quick question: Do you have IPv6 enabled on the pfSense firewall (e.g. WAN interface)? If yes, do you see any difference if you disable it? Also, just be sure, have you already tried using a different ethernet cable between the ONT and pfSense router?
Hope this helps.
-
@JKnott @tman222 Hi guys. Thank you for sticking with me on this. As of this morning it looks like I have it fixed. I have had the ONT connected directly to pfsense now since 12:25 AM and the internet has not gone down since. Here is what happened.
The box I use for my pfSense is a SuperMicro SYS-5018A-FTN4. When I initially set this up, I had 5 connections. The wan to igb0, LAN (Management) to igb1, and lagg0 for the vlan routing (igb2 and igb3). The 5th connection was an ethernet from the IPMI to my switch. Now a little while ago I forgot the password to the IPMI login so I stopped using it. When I threw my new Nexus switch in I never reconnected the IPMI connection because I was like I don't remember the password so I'll just leave it disconnected for now and fix it later. Well after some researching last night, I ran across this post on this forum. A little ways down the user bamhm 182 mentions having the same issue and that it ended up being caused by him having IPMI enabled on his r210 with nothing connected to it. This what I believe caused my issue here. The IPMI defaults to failover mode when enabled on the SuperMicro box and will use igb0 if there is no connection to the IPMI port. I reconnected the IPMI last night (even though I can't log in because I can't remember the password lol) at 12:25 and since then I have had 0 issues. I will continue to monitor but I think this is solved now.
Again thank you for help, time, and recommendations.
-
Ah, I see. I actually use a Supermicro 5018D-FN8T as my pfSense box so I know the setting you are referring to. It looks like that IPMI and pfSense may have been competing for the WAN IP Address causing the intermittent connectivity. This probably also means that some point your IPMI admin interface may have been publicly exposed. Try to see if there is way to reset the IPMI password (e.g. through the BIOS perhaps) if you can't remember it. Once you have done that, log into the IPMI admin interface and change the IPMI interface from "failover" to "dedicate".
https://serverfault.com/questions/361940/configuring-supermicro-ipmi-to-use-one-of-the-lan-interfaces-instead-of-the-ipmi
Hope this helps.
-
i know this is old but when i did a google search i found this so i thought i would comment here. So i too replaced my Verizon FiOS router with a pfsense firewall/router. and sure enough every 24 hours i received the send error 65 message and everything would hang until i rebooted the pfsense. I started playing around with the DHCP settings on the WAN interface. When i set them to "freeBSD default" the problem went away. so the defaults listed in my protocol timing section are timeout=60 retry=3-- select timeout=0 reboot=10 backoff cutoff=120 and initial interval=10
so i am day 3 with no problems. i have asked the quality assurance team (my 14 year old daughter who is home 24/7 now because covid-19, with iPhone and iPad) to let me know of any problems. so far she and not generate any bug reports :)
