Can’t get WAN IP from FiOS



  • I have installed pfSense for the first time (on a fanless Zotac mini PC) and was trying to take it live today. LAN-side everything seems to work. I can ssh into it, and I can connect to the Web interface.

    On the WAN side, however, the box can’t pick up an IP from Verizon via DHCP. Because I have FiOS there is no cable modem to reset, which appears to have helped most with similar issues. I did call up their tech support, and they were doing stuff with the ONT, which is their fiber-to-Ethernet interface on the outside of my house. However, it was to no avail.

    Do any of you have suggestions, what else I could try? Of course, I have rebooted and spoofed the pfSense's MAC address by having it use the one of the old router.



  • You're probably going to need to use the advanced configuration settings.

    A good starting point would be to read through these threads and their children.

    https://forum.pfsense.org/index.php?topic=94298.msg
    https://forum.pfsense.org/index.php?topic=114389.msg



  • After looking through those threads, it looks like in my case there is no reason for such a complex WAN DHCP configuration. I do not have a Verizon router/gateway on the premises. My service is Internet-only. The router I am trying to replace is a LinkSys model running DD-WRT. I am replacing it because I don’t trust the security, with updates happening very infrequently and being very hardware-specific.

    How is the pfSense DHCP client different from DD-WRT’s in a way that makes one work and the other doesn’t.



  • Capture a DHCP Discovery packet from each of them to determine the difference.

    The purpose of those treads is not solely about the complex network design.  There are dhcp options that may be required by the dhcp server.  Such as the option-125 back when I first detailed that.  It had nothing to do with network design or complexity.  It, or other options, simply was, may still be, required by Verizon's dhcp service.



  • @NOYB:

    Capture a DHCP Discovery packet from each of them to determine the difference.

    Thanks very much for the tip. I will give that a try the next time I have a chance.



  • @NOYB:

    Capture a DHCP Discovery packet from each of them to determine the difference.

    I’ll dig around the pfSense menu to find how to do that. I am wondering, whether DD-WRT is set up for it. Is it?



  • @DominikHoffmann:

    @NOYB:

    Capture a DHCP Discovery packet from each of them to determine the difference.

    I’ll dig around the pfSense menu to find how to do that. I am wondering, whether DD-WRT is set up for it. Is it?

    For pfSense
    Diagnostics / Packet Capture
    Interface: WAN
    Port: 67
    Level of detail: Full

    Download the capture and view in Wireshark.

    For DD-WRT
    Don't know.  Not familiar with it.
    If it doesn't have any menu driven capture, maybe it has tcpdump.
    If it doesn't have internal capture capability then maybe capture live with Wireshark by plugging PC into it's WAN port and then turn it on.



  • @NOYB:

    Download the capture and view in Wireshark.

    For DD-WRT
    Don't know.  Not familiar with it.
    If it doesn't have any menu driven capture, maybe it has tcpdump.
    If it doesn't have internal capture capability then maybe capture live with Wireshark by plugging PC into it's WAN port and then turn it on.

    For my DD-WRT router the only method I could find was to insert an Ethernet hub between the router and the ONT and also plug in my laptop running WireShark. I am hoping this will lead to success.

    I will still have to learn to use WireShark. It will be slow progress.



  • I've used and continue to use pfSense with many FIOS installs, it works fine. Which ONT is it?  Have you experimented with manual speed/duplex settings?

    FIOS residential can be problematic with DHCP release/renews if you aren't using their equipment. For this reason, I usually CLONE THE MAC of whatever crap Actiontec etc gateway they supply before I throw it in the garbage. This way, their network thinks it's talking to the original equip and does not balk at handing out IPs.  Saves a lot of wasted time calling into national tech support.



  • @luckman212:

    I've used and continue to use pfSense with many FIOS installs, it works fine. Which ONT is it?  Have you experimented with manual speed/duplex settings?

    FIOS residential can be problematic with DHCP release/renews if you aren't using their equipment. For this reason, I usually CLONE THE MAC of whatever crap Actiontec etc gateway they supply before I throw it in the garbage. This way, their network thinks it's talking to the original equip and does not balk at handing out IPs.  Saves a lot of wasted time calling into national tech support.

    Thanks very much for the tip!

    Cloning the MAC address of my DD-WRT router, which has worked for many years was the first thing I did to troubleshoot.

    I will explore manual speed/duplex settings, when I get a chance.



  • Ok if you already did that, then yeah - tcpdump/Wireshark is your next move.

    Here's a starting point-

    1. pull out the cat5 cable from your FIOS ONT

    2. ssh to your pfsense, go to opt 8 and run the following:

    tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68

    3. plug the cable back in and wait about a minute for some packets to be captured

    4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)

    5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>



  • @luckman212:

    Ok if you already did that, then yeah - tcpduimp/Wireshark is your next move.

    Here's a starting point-

    1. pull out the cat5 cable from your FIOS ONT

    2. ssh to your pfsense, go to opt 8 and run the following:

    tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68

    3. plug the cable back in and wait about a minute for some packets to be captured

    4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)

    5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>

    Thanks very much for the recipe!



  • @luckman212:

    I've used and continue to use pfSense with many FIOS installs, it works fine. Which ONT is it?  Have you experimented with manual speed/duplex settings?

    FIOS residential can be problematic with DHCP release/renews if you aren't using their equipment. For this reason, I usually CLONE THE MAC of whatever crap Actiontec etc gateway they supply before I throw it in the garbage. This way, their network thinks it's talking to the original equip and does not balk at handing out IPs.  Saves a lot of wasted time calling into national tech support.

    When I first detailed this out years ago on Verizon FiOS.  Simply cloning the MAC was not enough.  Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options).  Soon as that was added it worked.  Even without cloning the MAC.  But the beauty of cloning the MAC and fully impersonating the ISP provided router is being able to swap them at will without breaking the lease.  Or even run them in parallel if desired.

    Frontier FiOS has dropped the use of option-125 and reduced the lease expiration from Verizon's 2 hours to 30 minutes.  Much more out of the box compatible.

    P.S. Check out the pfSense Status / Interfaces page.  2.4 and 2.3.3 now has relinquish lease option to send the DHCP release message to the server.  :)



  • @NOYB:

    When I first detailed this out years ago on Verizon FiOS.  Simply cloning the MAC was not enough.  Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options).  Soon as that was added it worked.

    Hmm interesting!  Could you point me to some more info on using that DHCP OPT 125? Never needed it myself, but I am in NYC (not Frontier country) and have an older Alcatel I211MK ONT (still GPON, but I don't think they use these much anymore…)



  • @luckman212:

    Which ONT is it?

    How do I find out?



  • @DominikHoffmann:

    @luckman212:

    Which ONT is it?

    How do I find out?

    Look at the sticker on the back?

    Google it and try to find the one that looks like yours?
    https://www.google.com/search?site=&tbm=isch&source=hp&biw=1280&bih=676&q=fios+ont



  • @luckman212:

    @NOYB:

    When I first detailed this out years ago on Verizon FiOS.  Simply cloning the MAC was not enough.  Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options).  Soon as that was added it worked.

    Hmm interesting!  Could you point me to some more info on using that DHCP OPT 125? Never needed it myself, but I am in NYC (not Frontier country) and have an older Alcatel I211MK ONT (still GPON, but I don't think they use these much anymore…)

    The two links in the second post of this thread.
    Also advanced search for impersonate or Actiontec for user NOYB.



  • Have you looked at system logs? Are there anything regarding this issue?
    I have had some issues connecting FIOS (not verizon) and this was pure hardware issue, ex realtek NIC on pfsense side that incorrectly established link with FIOS. Manually changed link speed on realtek to 100mbit and it's got an IP, but this can be related only to Realtek.



  • @NOYB:

    For pfSense
    Diagnostics / Packet Capture
    Interface: WAN
    Port: 67
    Level of detail: Full

    Download the capture and view in Wireshark.

    For DD-WRT
    Don't know.  Not familiar with it.
    If it doesn't have any menu driven capture, maybe it has tcpdump.
    If it doesn't have internal capture capability then maybe capture live with Wireshark by plugging PC into it's WAN port and then turn it on.

    I employed an old Netgear 100BaseT hub. I plugged the FiOS feed into the uplink port and both my LinkSys router running DD-WRT and my Mac into one of the other four ports.

    Being a Mac guy, I used an app called CocoaPacketAnalyzer. I think, I managed to capture at least one of the DHCP packets:

    58:6D:8F:30:6A:58 is the WAN MAC address of the router.

    Am I on the right track?



  • @luckman212:

    Ok if you already did that, then yeah - tcpdump/Wireshark is your next move.

    Here's a starting point-

    1. pull out the cat5 cable from your FIOS ONT

    2. ssh to your pfsense, go to opt 8 and run the following:

    tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68

    3. plug the cable back in and wait about a minute for some packets to be captured

    4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)

    5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>

    I followed your instructions. Here is my command line output:

    [2.3.2-RELEASE][xxx@xxx.com]/root: tcpdump -i re0 -w dhcplog.pcap -s 0 port 67 or port 68
    tcpdump: WARNING: re0: no IPv4 address assigned
    tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
    ^C0 packets captured
    0 packets received by filter
    0 packets dropped by kernel

    Why would it say, “0 packets captured?” Doesn’t that point to something else being wrong, i.e., that re0 (my WAN interface) is incorrectly configured, somehow?



  • post output of

    ifconfig
    

    go simpler… try

    tcpdump -i re0
    tcpdump -i re1
    tcpdump -i re2
    
    

    make sure you are capturing on the right interface … you should see packets flying by



  • @luckman212:

    Ok if you already did that, then yeah - tcpdump/Wireshark is your next move.

    Here's a starting point-

    1. pull out the cat5 cable from your FIOS ONT

    2. ssh to your pfsense, go to opt 8 and run the following:

    tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68

    3. plug the cable back in and wait about a minute for some packets to be captured

    4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)

    5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>

    @luckman212:

    post output of

    ifconfig
    

    go simpler… try

    tcpdump -i re0
    tcpdump -i re1
    tcpdump -i re2
    
    

    make sure you are capturing on the right interface … you should see packets flying by

    It turns out that while troubleshooting I had inadvertently changed the NIC speed to something incorrect. So, I have been able to capture DHCP packets:

    It looks to me like the one shown here is either a DHCPOFFER or a DHCPACK message. The DHCP server is at 72.86.40.1 (= 0x48562801) and offers the IP address 72.86.40.140 (= 0x4856288C). I haven’t figured out, yet, which of the two it is.



  • Still not enough info. Seems like pfSense is acquiring a valid WAN IP 72.86.40.140 from the ONT. You don't have anything nonstandard in your WAN DHCP config do you? Might be able to tell more if you PM me a pcap file.  If you're worried about leaking any private info, just disconnect your LAN first so only traffic between pfsense <-> ONT is in the capture. Try a packet capture without any filters- need to see other traffic in addition to the BOOTP.



  • Well, it turns out that that one of the NICs in my Zotac ZBOX-CI321NANO-U-W2B was bad.

    I found out by swapping the WAN and LAN cables. While before the box failed to get an IP address from my ISP, after the swap it couldn’t be pinged by the LAN. After the swap the router did just fine setting up connectivity with the ISP.

    I have now filed an RMA for replacement under warranty with Zotac. It had been an open-box unit purchased from Amazon for a real steal. Very possibly the previous owner had found the problem and returned it for credit without reporting the issue.



  • @luckman212 seems like you have a solid background with WAN IP issues on devices. My FiOS connection keeps dropping on the WAN interface and comes back when I reset the interface. Is there any way to solve this ?

    I posted in detail here what is happening:
    https://forum.netgate.com/topic/133896/wan-drops-connection-3-4-times-a-day-to-r210-ii-verizon-fios

    Thank you!


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy