SG-1100 drops clients, lease time issue?

stephenw10

If it shows as off-line that means it's no longer in the ARP table. Packets from that device are not passing through pfSense for some reason.

The symptoms you are describing sound like you might have a rogue dhcp server on your network. When you find client that has hit this check it's IP info, is it actually using pfSense as it's gateway?
Does pfSense still list it in the dhcp status table? In the ARP table?

A router running as an AP is a common suspect for that. Also a phone running hotspot mode can do it.

Steve

keyser

@DrPhil

Sounds like a duplicate IP issue - some other device has the same IP as the LAN interface on your pfSense.

Once you have a client that went “offline” - as in no internet, try to ping the pfSense address from that client - it likely wont answer, but see if it answered the ARP request by running the command “Arp -a” in a windows elevated command shell.
Does the MAC-address for the gateway address actually match your pfsense MAC address, or is it some other devices Mac address?

DrPhil

Thank you @stephenw10 and @keyser.

I'll keep looking but I don't see a rogue DHCP server.
My older router is indeed running as an AP. No phone hotspots though.

I compared the DHCP leases on my pfSense with what Netgear (AP) was showing, and I did ARP -a on my windows. All 3 showed me a perfect match - MAC to IP.

Today actually went much better. No dropped connection complaints at all. At this point my 2 layperson hypotheses are

1. Maybe there was some caching happening somewhere, which made some devices look in a different place (e.g. maybe they were too used to a 24 hr lease, and didn't notice that the default is now 2 hrs).

2. I moved some devices to a static IP about 24 hrs ago. Maybe that covered any potential issues.

Is any of that even possible?

If I encounter dropped clients again, I'll try your suggestions. If not, I'll just count my blessings and move on.

DrPhil

So I had another dropped client issue today. Here's what I tried

From the client (Windows 10 PC)

1. Ping pfSense (192.168.1.1). No response
2. Ping WiFi access point (Netgear. 192.168.1.2). No response
3. ipconfig. Shows the "correct" IP (192.168.1.22) and gateway (192.168.1.1)
4. ARP -a. Does not list pfSense (192.168.1.1) but does list the WiFi AP (192.168.1.2)

Netgate / pfSense

1. DHCP lease: Lists the client as "online" and lease as "active". Consistent IP and correct MAC

WiFi AP (Netgear)

1. Lists the client as connected, with correct IP and MAC

Then I went back to the PC, disconnected the wifi and connected again. It got back online and worked fine.

Any thoughts on what might have happened?

DrPhil

I forgot to mention 2 things.

The ARP -a listed a bunch of correct IP / MAC combinations (just didn't have pfSense).

This client had a static IP. It was actually listed in pfSense has "online" and "static".

keyser

Am I correct in assuming it does not happen to all clients simultanously - as in some clients continue to have Internet Acccess while others are offline?

Since you seem pretty sure it’s not a duplicate IP problem, then I’m pretty sure it’s a Wifi issue.
Additional proof of that thesis is that you cannot ping the Wifi AP either when the problem is present. This is before traffic hits pfSense, so it’s not involved at that stage.

Any chance you could try a different Wifi Access Point? Alternatively try and wire a bunch of the clients, and see if any of the wired clients exibit the same issue.

DrPhil

Thank you @Keyser

Yes that is right. It does not happen to all clients at the same time, only some.

I don't have many wired clients to test out the Wifi thesis, except that my Wifi AP is a wired connection to pfSense. One time the AP itself got offline (which was a major chaos).

I don't have another Wifi AP. I don't mind buying one (I kind of do), if I am sure that would completely resolve the issue. Actually I probably do have another old router sitting around somewhere. Maybe I'll try that one next.

stephenw10

Mmm, it sounds a lot like a rogue dhcp server or an IP conflict. If something else was using pfSenses LAN IP though it would be complaining about that in the system log.

Steve

keyser

@DrPhil

I would definitly try a different AP because:

1: If some clients are accessing Internet while others are not, pfSense is at least passing traffic constantly (In fact online). When this is the case, the problem is usually IP conflict or rogue DHCP/arp poisoning - which you seem to have eliminated as explanations. With that the remaining “theoretical” explanations becomes pretty complicated/unlikely.

2: Since you loose the ability to ping the AP from suffering clients, then they are not even able to pass Wifi traffic to the AP/The AP does not handle that traffic correctly.
No pfSense involved in that problem unless pfSense is killing the link to the AP in the proces (and thus taking the AP’s IP interface offline). We know that’s not the case because other clients remain online.

It has to be the Wifi....

DrPhil

Thank you @stephenw10 and @keyser.

@keyser, based on your comment I looked up my Netgear (R7000, I am using the router as a wifi AP). It seems like many people online complain about dropped connections. Based on online advice, I reverted it back to a previous firmware version.

If that works, I'll come back and post details so future readers in a similar situation can benefit. For now, fingers crossed.