DHCP Client Oddity on the WAN
-
I'm running into an issue with my DHCP client and my ISP. Here's the scenario:
1. I get a (dynamic) address from my ISP from the WAN port. Everything looks good, it has a lease expiration of two days. Internet works fine, everything works.
2. A few hours later, the link on my WAN goes down because the ISP decides to do some kind of maintenance or has an outage.
3. The link eventually comes back up, but my ISP's DHCP server is not ready. PfSense's DHCP client is requesting an address, and then finally gives up, and instead uses to the previous IP that was leased to it.This is a problem because my ISP (Comcast) eventually gets the DHCP server running again, but because I haven't asked for a lease, it won't let any traffic go to/from my PfSense box. I now have to wait until the cached lease expires at which it will ask for a lease and reprovision me with my ISP on the network. The renewal time for these leases can be days, so its a problem.
Unfortunately, I would have expected the "Retry Time" setting to work (and retry to get the lease if it hadn't heard anything back), but if pfsense decides to use the previous/cached lease (and it always does because the behavior is to cache the previous IP to a file), then it will assume all is well, when it actually isn't.
Does anyone know of a good workaround for this problem?
-
yeah do a manual release/renew on the interface status page if you need to get a new lease.
-
yeah do a manual release/renew on the interface status page if you need to get a new lease.
The issue with that is it requires LAN access. When it goes down, I have to go onsite and log in on the LAN to access the web interface.
-
Well you could edit the advanced dhcp stuff on your wan, you could override the lease time so it shorter and will try and renew faster and expire sooner if not renewed. Lots of features here that could help. On the wan interface, click the dhcp advanced and then read the help linked too for what might help in faster renewal, I would think the superseding of the lease time you could set to say 2 hours vs 2 days. All that should happen is your renew more often, and fails then you should do a new discover when expired at most 2 hours.
Such issues with connections to a remote site is why out of band access is such big plus with remote sites. Be it you have a user hotspot off their phone data connection and remote their machine to access pfsense from the lan side or put in a dedicated out of band connection is up to you vs having to actually go onsite. A secondary connection be it used for failover/loadbalance or just out of band access is good thing to have for any site really.
