• 0 Votes
    4 Posts
    268 Views
    GertjanG

    @Seeking-Sense said in Trouble importing DHCP Mappings from 2.6 to 2.7.2:

    But existing and enabled are or should be two different things.

    When an interface is not connected (you ripped out the network, or powered down the device or switch on the other side), the DHCP server serving that interface will detect the "DOWN" system / hardware event, and shut down.
    pfSense won't even show you your DHCP server instance anymore.
    But, no panic, the settings will still be there. And when you connect (power up) the connection, it will auto-start, with the previously known settings.

    @Seeking-Sense said in Trouble importing DHCP Mappings from 2.6 to 2.7.2:

    One other issues I have come across is that KEA DHCP causes issues throwing PHP errors / crash reports in conjunction with pfblockerng dev.

    kea initially, when using 23.09 ? I can't recall, work fine but the implemention'27.2' (and 23.09, 24.03, before 24.11 came out) was, for my needs, to minimalist.
    You can use Kea, if you validated your requirement first.

    Here they are : Netgate Adds Kea DHCP to pfSense Plus Software Version 23.09

    As you can see, the details are here - published November 2023 :

    15493662-314e-4f6b-a7b1-21d126113858-image.png

    So, you need "static MAC DHCP leases" ?
    Ok, fine. Stick with ISC for the moment.

    Right now, 24.11 adds static DHCP leases, DNS registration, but is still limited about adding your own DHCP options.
    The upcoming 2.8.0 will have the same Kea support.

    Btw : kea by itself was and is rock solid for me. It had to stick with ISC because I wanted to keep my DHCP mac leases, my DHCP special options etc, but since 24.11 became available, I switched to kea. Options were still missing but with some copy and paste instructions from the source' (redmine) I could add what I needed.

    Btw : kea has no relations with pfBlockerng.

  • 2100 DHCP VLAN configuration

    Official Netgate® Hardware
    14
    0 Votes
    14 Posts
    729 Views
    stephenw10S

    Did you test some other client device behind the switch pulling a lease? How that differs from the switch as a client?

    Bizarre. Hard to see what might be different there.
    One possible test you could do would,be to assign mvneta0 as the LAN on the 2100 to remove the on-board switch. That's quite involved though.

  • Static Lease in Kea failing

    DHCP and DNS
    5
    0 Votes
    5 Posts
    873 Views
    GertjanG

    @NickJH

    Check this one :

    0a2b3de4-9ed3-4396-9d83-12078a0f97fa-image.png

    and hit the big bleu save button at the bottom of the page.
    Worked for me ©

    edit :
    and we never believe a GUI as it nature is hiding all the info we're looking for :
    a test !?!

    Because I know I've entered this :

    9d3fe825-15f5-4190-ad49-62c7c62fe8ec-image.png

    This must work :

    C:\Users\Gauche>nslookup bureau2 Serveur : pfSense.bhf.tld Address: 2a01:cb19:beef:a6eb:92ec:77ff:fe29:392c Nom : bureau2.bhf.net Addresses: 2a01:cb19:beef:a6eb::88 192.168.1.2

    and this is correct ...
    I'm also using static "IPv6 leases" because I really dont want to have to deal with IPv6 like '2a01:cb19:beef:a600:46d4:54ff:fe2a:36dc'.

    My LAN IPv6 '2a01:cb19:beef:a6eb:92ec:77ff:fe29:392c' is already a horror. Gone are the day you can 'quickly' ping LAN using "192.168.1.1" 😵

  • DHCP on Port vs VLAN

    L2/Switching/VLANs
    8
    0 Votes
    8 Posts
    610 Views
    J

    @mhd353 Yeah you could do that. Or like I said earlier, just change the 3.1 to 30.1 and use it as the native on that port, you can then add vlans later if needed. I've done it where I name the physical port "Trunk" and had no native network on it. I've also read recently that the physical port doesn't even need to be enabled but I never did that and doesn't sound like something that would work to me. Maybe I'll try it sometime just to find out.

  • 0 Votes
    19 Posts
    2k Views
    M

    First, configure mvneta1 interface with an IP address in a MGMT network that you choose (not vlan). And use this same network in the switch and AP for management purposes.

    Checking your screenshots, everything seems to be correct at the pfSense side.
    Check your netgear, make sure the MGMT network is correct (untagged) and in the same network as mvneta1 in pfsense, check if this same port is configured to receive vlan20 and vlan30 tagged, and the downlink has the same configuration.

    The port connecting pfSense to Netgear switch should be like this:
    VLAN 1 Untagged (MGMT of the switch)
    VLAN 20 Tagged
    VLAN 30 Tagged

    Netgear Switch to AP:
    VLAN 1 Untagged (MGMT of the AP)
    VLAN 20 Tagged
    VLAN 30 tagged

    Then, assign the wifi networks to use VLAN 20 and VLAN 30 respectively.

  • 0 Votes
    1 Posts
    195 Views
    No one has replied
  • 2 Votes
    1 Posts
    844 Views
    No one has replied
  • New pfSense setup in existing UniFi Setup

    DHCP and DNS
    5
    1 Votes
    5 Posts
    836 Views
    keyserK

    @Lace pfSense will do incoming and outgoing in much more detail and with more advanced filtering options than USG will ever do ;-)
    If you use the assistance of pfBlockerNG, you can GEO block countries, lists of know offenders and what not in both inbound and outbound directions.

    But sure you can use both - allthough it is a compliccated setup with more failure options.

  • pfSense 2.7.1 & new DHCP service

    General pfSense Questions
    6
    0 Votes
    6 Posts
    824 Views
    jimpJ

    Colors should convey some kind of meaning. Choosing a random color just to have it be a color seems like a bad idea.

    The grey color already has a well-known intended meaning of something being inactive/disabled. I don't see the need to change it.

  • Switch DNS/DHCP from pfSense and add ADDS server

    DHCP and DNS
    1
    0 Votes
    1 Posts
    350 Views
    No one has replied
  • 0 Votes
    4 Posts
    804 Views
    V

    @hydrian
    You can get it work with a single public IP, but probably not with a MAC lock. CARP uses certain MAC addresses, which cannot be spoofed as far as I know.

  • 0 Votes
    11 Posts
    2k Views
    S

    Final reply to this thread for anyone in the future who needs to setup something similar:

    I've put the full solution, including the NodeRed flow here: https://gist.github.com/Slyke/7d5b290f1d5695fdd79f5e0a08837c93

  • 0 Votes
    39 Posts
    4k Views
    JonathanLeeJ

    @stephenw10 yes we can agree the user can configure it wrong all over. Again, an administrator might fat finger a large static DHCP list with a couple entries thus causing hostname mix ups. That for one would be very hard to pinpoint. Moreover, we know the amount of hours system administrators work. It's a lot of hours. This would make PfSense have a ease of use software functionality built in. I assumed that if pfSense allowed multiple duplicate entries, it was done for a situation when two devices need to be swapped in and out and need the same IP address, in this mindset PfSense should still log the correct hostnames. Again, if that was the reason for PfSense allowing the GUI duplicate entries.

    Weird thing to research, but the hostnames mixup was what I was after and or why
    PfSense would allow the duplicate entries in the first place. Let's agree admins have monster static dhcp lists that are updated and changed all the time within a secure setting. This situation would want controls in place for hostnames. Finally, logs for the hostnames could get bonkered up and with a monster list and that would be hard to track down why hostnames are wrong. We know PfSense now has experimental layer 2 Ethernet filtering.

  • Custom DHCP script

    DHCP and DNS
    5
    0 Votes
    5 Posts
    759 Views
    S

    @bmeeks I solved it by copying both the curl and sh binaries into the chrooted folder and specifying the path to them directly:

    mkdir -p /var/dhcpd/bin mkdir -p /var/dhcpd/usr/local/bin cp /bin/bash /var/dhcpd/bin/ cp /usr/local/bin/curl /var/dhcpd/usr/local/bin/

    Then in my /var/dhcpd/etc/dhcp_update.sh script:

    #!/bin/sh BASE_URL="http://your-web-server.com/your-endpoint" EVENT_TYPE="$1" IP_ADDRESS="$2" MAC_ADDRESS="$3" case "$EVENT_TYPE" in "1") ONLINE_STATE="online" ;; "2"|"3") ONLINE_STATE="offline" ;; *) ONLINE_STATE="unknown" ;; esac URL="${BASE_URL}?ip=${IP_ADDRESS}&mac=${MAC_ADDRESS}&state=${ONLINE_STATE}&event=${EVENT_TYPE}" echo "DHCP Announce: $URL" /usr/local/bin/curl -X GET "$URL"

    It aborted with exit code 6, which means that cURL couldn't resolve the hostname (good news!). I still haven't tested this with my proper endpoint, but I think it will work now.

  • No DHCP on proxmox

    Virtualization
    2
    0 Votes
    2 Posts
    760 Views
    NollipfSenseN

    @Richard-1 said in No DHCP on proxmox:

    On my Win11 VM I receive ip configuration from DHCP server, on my physical PC no DHCP configuration received, I need to enter ip, subnetmask, gateway, ... manually to connect to network.

    It's the way you have it setup...please see here: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

    Did you connect your physical PC to pfSense LAN? Nothing is wrong to connect manually though. You should consider amending your title as Proxmox doesn't do DHCP.

  • DHCP Option 252, Option 42 Questions

    DHCP and DNS
    5
    0 Votes
    5 Posts
    1k Views
    P

    @JonathanLee sorry if I wasn't clear. No, one URL should be enough

  • 0 Votes
    4 Posts
    1k Views
    N

    @chrisjx Hi,
    I also have a location with two ISPs, one is the primary and the second is a Starlink.
    So I know how to setup the LAN4 as a OPT and assigned VLAN 40 to it. But how do I make sure the Starlink is on VLAN 40 then?

    Did you managed to get this working?

    BR
    Nick

  • VPN with DHCP from server LAN

    OpenVPN
    14
    0 Votes
    14 Posts
    2k Views
    J

    @djdmx Good to hear!!
    Sorry I haven't answered any of your posts, just getting over the flu. But you didn't need my help anyway!

  • 0 Votes
    1 Posts
    544 Views
    No one has replied
  • 0 Votes
    1 Posts
    675 Views
    No one has replied