Can’t get WAN IP from FiOS
-
I have installed pfSense for the first time (on a fanless Zotac mini PC) and was trying to take it live today. LAN-side everything seems to work. I can ssh into it, and I can connect to the Web interface.
On the WAN side, however, the box can’t pick up an IP from Verizon via DHCP. Because I have FiOS there is no cable modem to reset, which appears to have helped most with similar issues. I did call up their tech support, and they were doing stuff with the ONT, which is their fiber-to-Ethernet interface on the outside of my house. However, it was to no avail.
Do any of you have suggestions, what else I could try? Of course, I have rebooted and spoofed the pfSense's MAC address by having it use the one of the old router.
-
You're probably going to need to use the advanced configuration settings.
A good starting point would be to read through these threads and their children.
https://forum.pfsense.org/index.php?topic=94298.msg
https://forum.pfsense.org/index.php?topic=114389.msg -
After looking through those threads, it looks like in my case there is no reason for such a complex WAN DHCP configuration. I do not have a Verizon router/gateway on the premises. My service is Internet-only. The router I am trying to replace is a LinkSys model running DD-WRT. I am replacing it because I don’t trust the security, with updates happening very infrequently and being very hardware-specific.
How is the pfSense DHCP client different from DD-WRT’s in a way that makes one work and the other doesn’t.
-
Capture a DHCP Discovery packet from each of them to determine the difference.
The purpose of those treads is not solely about the complex network design. There are dhcp options that may be required by the dhcp server. Such as the option-125 back when I first detailed that. It had nothing to do with network design or complexity. It, or other options, simply was, may still be, required by Verizon's dhcp service.
-
Capture a DHCP Discovery packet from each of them to determine the difference.
Thanks very much for the tip. I will give that a try the next time I have a chance.
-
Capture a DHCP Discovery packet from each of them to determine the difference.
I’ll dig around the pfSense menu to find how to do that. I am wondering, whether DD-WRT is set up for it. Is it?
-
Capture a DHCP Discovery packet from each of them to determine the difference.
I’ll dig around the pfSense menu to find how to do that. I am wondering, whether DD-WRT is set up for it. Is it?
For pfSense
Diagnostics / Packet Capture
Interface: WAN
Port: 67
Level of detail: FullDownload the capture and view in Wireshark.
For DD-WRT
Don't know. Not familiar with it.
If it doesn't have any menu driven capture, maybe it has tcpdump.
If it doesn't have internal capture capability then maybe capture live with Wireshark by plugging PC into it's WAN port and then turn it on. -
Download the capture and view in Wireshark.
For DD-WRT
Don't know. Not familiar with it.
If it doesn't have any menu driven capture, maybe it has tcpdump.
If it doesn't have internal capture capability then maybe capture live with Wireshark by plugging PC into it's WAN port and then turn it on.For my DD-WRT router the only method I could find was to insert an Ethernet hub between the router and the ONT and also plug in my laptop running WireShark. I am hoping this will lead to success.
I will still have to learn to use WireShark. It will be slow progress.
-
I've used and continue to use pfSense with many FIOS installs, it works fine. Which ONT is it? Have you experimented with manual speed/duplex settings?
FIOS residential can be problematic with DHCP release/renews if you aren't using their equipment. For this reason, I usually CLONE THE MAC of whatever crap Actiontec etc gateway they supply before I throw it in the garbage. This way, their network thinks it's talking to the original equip and does not balk at handing out IPs. Saves a lot of wasted time calling into national tech support.
-
I've used and continue to use pfSense with many FIOS installs, it works fine. Which ONT is it? Have you experimented with manual speed/duplex settings?
FIOS residential can be problematic with DHCP release/renews if you aren't using their equipment. For this reason, I usually CLONE THE MAC of whatever crap Actiontec etc gateway they supply before I throw it in the garbage. This way, their network thinks it's talking to the original equip and does not balk at handing out IPs. Saves a lot of wasted time calling into national tech support.
Thanks very much for the tip!
Cloning the MAC address of my DD-WRT router, which has worked for many years was the first thing I did to troubleshoot.
I will explore manual speed/duplex settings, when I get a chance.
-
Ok if you already did that, then yeah - tcpdump/Wireshark is your next move.
Here's a starting point-
1. pull out the cat5 cable from your FIOS ONT
2. ssh to your pfsense, go to opt 8 and run the following:
tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68
3. plug the cable back in and wait about a minute for some packets to be captured
4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)
5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>
-
Ok if you already did that, then yeah - tcpduimp/Wireshark is your next move.
Here's a starting point-
1. pull out the cat5 cable from your FIOS ONT
2. ssh to your pfsense, go to opt 8 and run the following:
tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68
3. plug the cable back in and wait about a minute for some packets to be captured
4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)
5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>
Thanks very much for the recipe!
-
I've used and continue to use pfSense with many FIOS installs, it works fine. Which ONT is it? Have you experimented with manual speed/duplex settings?
FIOS residential can be problematic with DHCP release/renews if you aren't using their equipment. For this reason, I usually CLONE THE MAC of whatever crap Actiontec etc gateway they supply before I throw it in the garbage. This way, their network thinks it's talking to the original equip and does not balk at handing out IPs. Saves a lot of wasted time calling into national tech support.
When I first detailed this out years ago on Verizon FiOS. Simply cloning the MAC was not enough. Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options). Soon as that was added it worked. Even without cloning the MAC. But the beauty of cloning the MAC and fully impersonating the ISP provided router is being able to swap them at will without breaking the lease. Or even run them in parallel if desired.
Frontier FiOS has dropped the use of option-125 and reduced the lease expiration from Verizon's 2 hours to 30 minutes. Much more out of the box compatible.
P.S. Check out the pfSense Status / Interfaces page. 2.4 and 2.3.3 now has relinquish lease option to send the DHCP release message to the server. :)
-
When I first detailed this out years ago on Verizon FiOS. Simply cloning the MAC was not enough. Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options). Soon as that was added it worked.
Hmm interesting! Could you point me to some more info on using that DHCP OPT 125? Never needed it myself, but I am in NYC (not Frontier country) and have an older Alcatel I211MK ONT (still GPON, but I don't think they use these much anymore…)
-
-
Which ONT is it?
How do I find out?
Look at the sticker on the back?
Google it and try to find the one that looks like yours?
https://www.google.com/search?site=&tbm=isch&source=hp&biw=1280&bih=676&q=fios+ont -
When I first detailed this out years ago on Verizon FiOS. Simply cloning the MAC was not enough. Packet capture revealed option-125 was being used (Actiontec WR424 others may use different options). Soon as that was added it worked.
Hmm interesting! Could you point me to some more info on using that DHCP OPT 125? Never needed it myself, but I am in NYC (not Frontier country) and have an older Alcatel I211MK ONT (still GPON, but I don't think they use these much anymore…)
The two links in the second post of this thread.
Also advanced search for impersonate or Actiontec for user NOYB. -
Have you looked at system logs? Are there anything regarding this issue?
I have had some issues connecting FIOS (not verizon) and this was pure hardware issue, ex realtek NIC on pfsense side that incorrectly established link with FIOS. Manually changed link speed on realtek to 100mbit and it's got an IP, but this can be related only to Realtek. -
For pfSense
Diagnostics / Packet Capture
Interface: WAN
Port: 67
Level of detail: FullDownload the capture and view in Wireshark.
For DD-WRT
Don't know. Not familiar with it.
If it doesn't have any menu driven capture, maybe it has tcpdump.
If it doesn't have internal capture capability then maybe capture live with Wireshark by plugging PC into it's WAN port and then turn it on.I employed an old Netgear 100BaseT hub. I plugged the FiOS feed into the uplink port and both my LinkSys router running DD-WRT and my Mac into one of the other four ports.
Being a Mac guy, I used an app called CocoaPacketAnalyzer. I think, I managed to capture at least one of the DHCP packets:
58:6D:8F:30:6A:58 is the WAN MAC address of the router.
Am I on the right track?
-
Ok if you already did that, then yeah - tcpdump/Wireshark is your next move.
Here's a starting point-
1. pull out the cat5 cable from your FIOS ONT
2. ssh to your pfsense, go to opt 8 and run the following:
tcpdump -i <wan_interface_name>-w dhcplog.pcap -s 0 port 67 or port 68
3. plug the cable back in and wait about a minute for some packets to be captured
4. hit CTRL+C and then copy that .pcap file to your desktop computer (use scp)
5. open that pcap in Wireshark and take a look… happy hunting ;)</wan_interface_name>
I followed your instructions. Here is my command line output:
[2.3.2-RELEASE][xxx@xxx.com]/root: tcpdump -i re0 -w dhcplog.pcap -s 0 port 67 or port 68
tcpdump: WARNING: re0: no IPv4 address assigned
tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C0 packets captured
0 packets received by filter
0 packets dropped by kernelWhy would it say, “0 packets captured?” Doesn’t that point to something else being wrong, i.e., that re0 (my WAN interface) is incorrectly configured, somehow?
