Release Renew Command Line



  • Hi Guys,

    Trying to find a simple solution to this, haven't found yet, i guess you guys have an answer to this.

    Trying to "Release than Renew" my WAN IP Address using the command line and configuring a "Cron Task"

    Here's what i have tried [bge0 = WAN interface]
    None of these work, i must say i have tried them all since nothing worked.

    => # dhclient -r bge0, dhclient bge0

    => # ifdown bge0, ifup bge0

    => # service dhclient restart bge0

    => # /etc/rc.d/dhclient restart bge0

    => # manual of pfsense say => usage : dhclient [-bdqu] [-c conffile] [-l leasefile] interface => doesn't help much !

    => # /etc/rc.d/netif stop, # /etc/rc.d/netif start

    => # /etc/rc.d/dhclient interface=bge0 service=stop, /etc/rc.d/dhclient interface=bge0 service=start

    => # /etc/rc.linkup interface=bge0 action=stop, /etc/rc.linkup interface=bge0 action=start

    There must be a way to automate a script via Cron Task, or maybe not, i guess you guys know.

    Thanks

    Frank


  • LAYER 8 Global Moderator

    Why would you need something like this?  What is the use case?



  • [English is my second language, so it may sound strange at times]

    After I've analyse a bunch of logs files with WireShark + Watchguard Monitoring [Installed it temporaly to compare the results],

    it seems that my ISP is using Private "Class A" subnet for their HDTV IP services.

    But, it also seem that their DHCP servers are also using Private Class A For WAN=>  DHCP RESQUEST, OFFER, ACCEPT, ACK/SYN ….

    Also, Their 10.23.X.X Subnet [DHCP Server for clients] change every 7 dayz or so …  _">

    Their Leases are configured for 43200 seconds, which is 12 hours.

    I've experiences problems since 2 months, sometimes I would'nt get an IP address because my WAN DHCP lease wasn't renewed [Why, i still haven't found yet]

    The only solution => Cron Task => shutdown -r now => Every 11h00

    pfSense is rock solid, before the last 3 [OS/Firmware] updates, i didn't have to reboot the Firewall or anything.

    The installation is 15 minutes away and i need to access the Network remotely, but since 2 months, it is, i must say, pain in the butt [There is not always someone to manual reboot the Firewall]

    So that's pretty much it.

    I have friens with the same ISP, have look at the logs when i was able to, pretty much the same, but without the problems.

    I do know it's normal for ISP to Use Class A, but is there a way to have control over it, without allowing the Firewall to "Pass" the traffic from private network over public network.

    Thanks_


  • LAYER 8 Global Moderator

    "Their 10.23.X.X Subnet [DHCP Server for clients] change every 7 dayz or so"

    Your saying their dhcp server changes ever week or so??  Or that you just get a lease from a different dhcp server?  They might have multiple ones??  Have you tried to request a longer lease?  In the wan int setup for dhcp you can put in pretty much any advanced stuff, you can modify the timers on on renew, etc..

    I would look to fixing your issue with renew of your dhcp vs restart of the interface or release renew dhcp via some cron every 12 hours.. That would not be a fix to the issue but a work around at best.




  • Your right, sorry for my explanations, yes, they do use multiples DHCP servers, that's why I was saying it changes, because of course, I don't always get an IP Address from the same server.

    I've tried the advanced WAN DHCP configurations, but it doesn't allowed me to overwrite my ISP rules [The logs indicate the WAN interface Re-negociate the lease every 12 hours anyway]

    When you think about it, that's totally normal.

    I also think it's wise for them to configure their leases to 12 hours, for security reasons [Mail Servers, VPN Site-to-Site …. for non commercial clients],  [Most of times, even if you don't have an Enterprise account with a static IP, my friend's WAN IP don't change much over time, always get renewed]

    So i guess the only work around is to renew or reboot the firewall, or there's something else i've didn't saw.

    I'll try your suggestion again, and analyse furthur more for a couple of days, i'll get back with the results.

    Thanks.


Log in to reply