Upgrade and New Install Fails To Obtain DHCP Address



  • Setup #1:
    Internet Modem (Comcast) -> Core Switch Stack (LAN) -> Server 2012 R2 w/ Hyper-V running Pfsense 2.3.4-release-p1 -> Core Switch Stack (LAN)

    Setup #2:
    Internet Modem (Comcast) -> Core Switch Stack (LAN) -> Server 2012 R2 w/ Hyper-V running Pfsense 2.4.1 -> Core Switch Stack (LAN)

    Notes:  Modem connected to Core Switch Stack (master switch in stack only) via access port on seperate vlan via access port configuration (no vlan tagging).  Server 2012 R2 w/Hyper-V has Link Agg setup to Core Switch Stack for external access (Internet) and another Link Agg for internal access (LAN segments, no vlan tagging for primary lan, vlan tagging for secondary segments).

    So, with Setup #1, I tried upgrading Pfsense to version 2.4.0.  Internet stopped working.  Reviewed shows that DHCP was not getting an address.  I checkpointed the machines and reverted to the working checkpoint of 2.3.4 and everything started back working.  I decided to build a second virtual machine with Pfsense 2.4.1 (same specs, only difference being Generation 2 so SCSI Controller hard drives and DVD drive, networking the same but with different mac addresses, secure boot disabled.

    I experience the same issue as with the upgrade.  DHCP does not connect.  I checked the roadmaps for any bugs related to DHCP and they don't appear to be related.  I reviewed the VLAN WAN issue but it doesn't "appear" to be related to my situation.

    I took some logs:

    Pfsense 2.3.4 (Working)

    
    Note:  Read from bottom-to-top in chronological order.
    
    Oct 31 18:24:47	dhclient	6295	bound to 73.83.14.104 -- renewal in 99973 seconds.
    Oct 31 18:24:47	dhclient		Creating resolv.conf
    Oct 31 18:24:47	dhclient		/sbin/route add default 73.83.14.1
    Oct 31 18:24:47	dhclient		Adding new routes to interface: hn3
    Oct 31 18:24:47	dhclient		New Routers (hn3): 73.83.14.1
    Oct 31 18:24:47	dhclient		New Broadcast Address (hn3): 255.255.255.255
    Oct 31 18:24:47	dhclient		New Subnet Mask (hn3): 255.255.255.0
    Oct 31 18:24:47	dhclient		New IP Address (hn3): 73.83.14.104
    Oct 31 18:24:47	dhclient		ifconfig hn3 inet 73.83.14.104 netmask 255.255.255.0 broadcast 255.255.255.255
    Oct 31 18:24:47	dhclient		Starting add_new_address()
    Oct 31 18:24:47	dhclient		REBOOT
    Oct 31 18:24:47	dhclient	6295	DHCPACK from 96.120.103.1
    Oct 31 18:24:47	dhclient	6295	DHCPREQUEST on hn3 to 255.255.255.255 port 67
    Oct 31 18:24:47	dhclient		PREINIT
    
    

    Pfsense 2.4.0/2.4.1 (NOT Working, logs from 2.4.1)

    
    Note:  Read from top-to-bottom in chronological order.
    
    Oct 31 15:40:36	dhclient	64375	DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 2
    Oct 31 15:40:38	dhclient	64375	DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 4
    Oct 31 15:40:42	dhclient	64375	DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 7
    Oct 31 15:40:49	dhclient	64375	DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 20
    Oct 31 15:41:09	dhclient	64375	DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 15
    Oct 31 15:41:24	dhclient	64375	DHCPDISCOVER on hn3 to 255.255.255.255 port 67 interval 13
    Oct 31 15:41:37	dhclient	64375	No DHCPOFFERS received.
    Oct 31 15:41:37	dhclient	64375	No working leases in persistent database - sleeping.
    Oct 31 15:41:37	dhclient		FAIL
    
    


  • Update:  Tried with a Generation 1 VM, same issue.  For whatever reason, the DHCP client on version 2.4.x does not appear to be functional in a Hyper-V VM.


  • LAYER 8 Netgate

    You would have to back that statement up with actual packet captures showing the traffic failing. Perhaps your virtual environment or layer 2 is not configured properly.



  • @Derelict:

    You would have to back that statement up with actual packet captures showing the traffic failing. Perhaps your virtual environment or layer 2 is not configured properly.

    Well, considering that my working setup fails to obtain an IP address when upgrading to 2.4.0 but, when I revert the checkpoint back to the working 2.3.4, it is able to again, leads to believe my environment and layer 2 is working as it should.

    As a test, I will try setting up a new gen1 vm with 2.3.4 on it to confirm my theory about 2.4.x.



  • Status update.  So, I was able to get Internet working on a new install.  I have mac address spoofing enabled on the Internet interface and I believe that was causing issues.  Even when I enabled it on the new install, it still wasn't working.  Only when I disabled it on my working 2.3.4 install, release/renewed DHCP, shut that install down, and started the new install up (it uses the same mac addresses as the current working install) was it able to get a DHCP address.  So, that part solved.

    Now, when I import my configuration into the 2.4.1 install, I seem unable to get Internet access.  I thought it might be because I have plugins installed and need to get those installed on the 2.4.1 box.  I did this and the same issue.  On the console, you will see this:

    
    Waiting for Internet connection to update pkg metada and finish package reinstallationUpdating pfSense-core repository catalogue…
    
    

    It will fail to see the repositories and will indicate it is using the default configuration and will continue on like this until it finally boots.  However, it won't have an Internet IP address.  I'm assuming either a package configuration (freeradius, openvpn-client-export, pfBlockerNG) may be or some other setting being imported that is causing problems.



  • If your 2.3.4 is a VM, clone it and then do an in place upgrade to 2.4.1.  Take that config file and move it to your 2.4.1 installation.

    My guess is that there is a legacy configuration that is causing the issue.

    If you don't import your config from 2.3.4 and instead manually config it, does it work?



  • So, I tried upgrading my current install since mac spoofing was disabled.  I checkpointed first, then upgraded.  It was successful to 2.4.0.  I then checkpointed the VM and upgraded again.  Successful…ish.

    Essentially, my Internet VPN would not connect due to DNS errors.  I have custom options configured in Unbound DNS resolver for this.  It was because the upgrade put all my custom options ahead of this line:

    
    server:include: /var/unbound/pfb_dnsbl.*conf
    
    

    Once I moved that line back to the top and saved my settings, my Internet VPN connected.  So far, so good.



  • Wanted to finally update this.  Remember this error:

    
    Waiting for Internet connection to update pkg metada and finish package reinstallationUpdating pfSense-core repository catalogue…
    
    

    Essentially, it was FreeRadius.  It needed to be re-installed but, with the previous problems I was having, it was not working.  Once I resolved those (i.e. Internet and Internet VPN working), I was able to reinstall this package.  That took care of this.

    Hopefully, this helps someone dealing with the same/similar situation.


Log in to reply