Upgrade and New Install Fails To Obtain DHCP Address
-
Setup #1:
Internet Modem (Comcast) -> Core Switch Stack (LAN) -> Server 2012 R2 w/ Hyper-V running Pfsense 2.3.4-release-p1 -> Core Switch Stack (LAN)Setup #2:
Internet Modem (Comcast) -> Core Switch Stack (LAN) -> Server 2012 R2 w/ Hyper-V running Pfsense 2.4.1 -> Core Switch Stack (LAN)Notes: Modem connected to Core Switch Stack (master switch in stack only) via access port on seperate vlan via access port configuration (no vlan tagging). Server 2012 R2 w/Hyper-V has Link Agg setup to Core Switch Stack for external access (Internet) and another Link Agg for internal access (LAN segments, no vlan tagging for primary lan, vlan tagging for secondary segments).
So, with Setup #1, I tried upgrading Pfsense to version 2.4.0. Internet stopped working. Reviewed shows that DHCP was not getting an address. I checkpointed the machines and reverted to the working checkpoint of 2.3.4 and everything started back working. I decided to build a second virtual machine with Pfsense 2.4.1 (same specs, only difference being Generation 2 so SCSI Controller hard drives and DVD drive, networking the same but with different mac addresses, secure boot disabled.
I experience the same issue as with the upgrade. DHCP does not connect. I checked the roadmaps for any bugs related to DHCP and they don't appear to be related. I reviewed the VLAN WAN issue but it doesn't "appear" to be related to my situation.
I took some logs:
Pfsense 2.3.4 (Working)
Note: Read from bottom-to-top in chronological order. Oct 31 18:24:47 dhclient 6295 bound to 73.83.14.104 -- renewal in 99973 seconds. Oct 31 18:24:47 dhclient Creating resolv.conf Oct 31 18:24:47 dhclient /sbin/route add default 73.83.14.1 Oct 31 18:24:47 dhclient Adding new routes to interface: hn3 Oct 31 18:24:47 dhclient New Routers (hn3): 73.83.14.1 Oct 31 18:24:47 dhclient New Broadcast Address (hn3): 255.255.255.255 Oct 31 18:24:47 dhclient New Subnet Mask (hn3): 255.255.255.0 Oct 31 18:24:47 dhclient New IP Address (hn3): 73.83.14.104 Oct 31 18:24:47 dhclient ifconfig hn3 inet 73.83.14.104 netmask 255.255.255.0 broadcast 255.255.255.255 Oct 31 18:24:47 dhclient Starting add_new_address() Oct 31 18:24:47 dhclient REBOOT Oct 31 18:24:47 dhclient 6295 DHCPACK from 96.120.103.1 Oct 31 18:24:47 dhclient 6295 DHCPREQUEST on hn3 to 255.255.255.255 port 67 Oct 31 18:24:47 dhclient PREINITPfsense 2.4.0/2.4.1 (NOT Working, logs from 2.4.1)
Note: Read from top-to-bottom in chronological order. Oct 31 15:40:36 dhclient 64375 DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 2 Oct 31 15:40:38 dhclient 64375 DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 4 Oct 31 15:40:42 dhclient 64375 DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 7 Oct 31 15:40:49 dhclient 64375 DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 20 Oct 31 15:41:09 dhclient 64375 DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 15 Oct 31 15:41:24 dhclient 64375 DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 13 Oct 31 15:41:37 dhclient 64375 No DHCPOFFERS received. Oct 31 15:41:37 dhclient 64375 No working leases in persistent database - sleeping. Oct 31 15:41:37 dhclient FAIL
-
Update: Tried with a Generation 1 VM, same issue. For whatever reason, the DHCP client on version 2.4.x does not appear to be functional in a Hyper-V VM.
-
You would have to back that statement up with actual packet captures showing the traffic failing. Perhaps your virtual environment or layer 2 is not configured properly.
-
You would have to back that statement up with actual packet captures showing the traffic failing. Perhaps your virtual environment or layer 2 is not configured properly.
Well, considering that my working setup fails to obtain an IP address when upgrading to 2.4.0 but, when I revert the checkpoint back to the working 2.3.4, it is able to again, leads to believe my environment and layer 2 is working as it should.
As a test, I will try setting up a new gen1 vm with 2.3.4 on it to confirm my theory about 2.4.x.
-
Status update. So, I was able to get Internet working on a new install. I have mac address spoofing enabled on the Internet interface and I believe that was causing issues. Even when I enabled it on the new install, it still wasn't working. Only when I disabled it on my working 2.3.4 install, release/renewed DHCP, shut that install down, and started the new install up (it uses the same mac addresses as the current working install) was it able to get a DHCP address. So, that part solved.
Now, when I import my configuration into the 2.4.1 install, I seem unable to get Internet access. I thought it might be because I have plugins installed and need to get those installed on the 2.4.1 box. I did this and the same issue. On the console, you will see this:
Waiting for Internet connection to update pkg metada and finish package reinstallationUpdating pfSense-core repository catalogue…It will fail to see the repositories and will indicate it is using the default configuration and will continue on like this until it finally boots. However, it won't have an Internet IP address. I'm assuming either a package configuration (freeradius, openvpn-client-export, pfBlockerNG) may be or some other setting being imported that is causing problems.
-
If your 2.3.4 is a VM, clone it and then do an in place upgrade to 2.4.1. Take that config file and move it to your 2.4.1 installation.
My guess is that there is a legacy configuration that is causing the issue.
If you don't import your config from 2.3.4 and instead manually config it, does it work?
-
So, I tried upgrading my current install since mac spoofing was disabled. I checkpointed first, then upgraded. It was successful to 2.4.0. I then checkpointed the VM and upgraded again. Successful…ish.
Essentially, my Internet VPN would not connect due to DNS errors. I have custom options configured in Unbound DNS resolver for this. It was because the upgrade put all my custom options ahead of this line:
server:include: /var/unbound/pfb_dnsbl.*confOnce I moved that line back to the top and saved my settings, my Internet VPN connected. So far, so good.
-
Wanted to finally update this. Remember this error:
Waiting for Internet connection to update pkg metada and finish package reinstallationUpdating pfSense-core repository catalogue…Essentially, it was FreeRadius. It needed to be re-installed but, with the previous problems I was having, it was not working. Once I resolved those (i.e. Internet and Internet VPN working), I was able to reinstall this package. That took care of this.
Hopefully, this helps someone dealing with the same/similar situation.
