WAN ISP insists on DHCP for static IPs



  • I have an ISP that is providing us with a static /29.  Telus Fiber.  To setup the IP, they insist we set our interface to DHCP, then call them and tell them the MAC address of our interface, at which point they register our static IP, and have us refresh the DHCP to pull it.  If I then set it up as a static IP with the correct gateway, it works.

    After 24hrs, the gateway shows offline and I can no longer ping out from the WAN IP.  If I switch it back to DHCP, PFSense makes a new gateway with _DHCP appended to the WAN interface name. Looking at Gateway status, the original Static gateway now shows ONLINE, but the new one Pfsense made shows PENDING.

    The new, automatically created gateway isn't assigned to any of my gateway groups. I can rule a network to the "Telus_Only" gateway group, and the clients pull public IPs that show as Telus IPs.  So it's working….

    So I guess if telus doesn't see a DHCP request every day from my gateway, they deactivate my static IP.

    I have 2 other WANs with other providers and they do not work this way, I configure the static IP and they stay online.  My next step is to setup a second pfSense box with sync, so I want to make sure it's setup correctly before moving forward.

    Thanks!



  • They are doing it that way because they only want a VALID MAC to get that static, and not anybody who simply plug in that IP.

    It works and fails because apparently the ISP DHCP has a 24 hour lease interval.  When you switch back to static on you end, when the next DHCP renew occurs, your box doesn't respond at which time the ISP DHCP drops u because you didn't respond.

    If you are adamant you need to do it your way, switch ISP, because they are not going to change procedure just for you.



  • @vinistois:

    So I guess if telus doesn't see a DHCP request every day from my gateway, they deactivate my static IP.

    Yes. Why not play it their way and use DHCP? Other than your wish for having static addressing, do you have any valid reason for not using DHCP?

    Personally I would be more upset about the stupid procedure to have to register a MAC address. It was the standard 20 years ago but it's just administration with no advantage.


  • Netgate

    My next step is to setup a second pfSense box with sync, so I want to make sure it's setup correctly before moving forward.

    If you want to do HA you will find that that ISP's service is going to not work very well. You'll probably need to either get a real business-class, static service from them or use somebody else.



  • @Derelict:

    My next step is to setup a second pfSense box with sync, so I want to make sure it's setup correctly before moving forward.

    If you want to do HA you will find that that ISP's service is going to not work very well. You'll probably need to either get a real business-class, static service from them or use somebody else.

    Oh, I missed that my question was answered already…

    I have such "semi-static" DHCP-reservations from my ISP as well and find it sad that pfSense still have that limitation, as otherwise I would do HA. :'(

    With the only alternative ISP, I would have to go down from symmetric gigabit to 500/50 and pay more than twice as much. I haven't even investigated if they offer static...



  • @Derelict:

    My next step is to setup a second pfSense box with sync, so I want to make sure it's setup correctly before moving forward.

    If you want to do HA you will find that that ISP's service is going to not work very well. You'll probably need to either get a real business-class, static service from them or use somebody else.

    First of all thank you all for your input, much appreciated.

    HA is the whole reason for getting a /29 from them.  And it is a full on business-class static IP.  There are really only 2 providers in my area (shaw and telus).

    The way it is now, my static gateway stays "ONLINE" as long as I leave the DHCP one in there.  The DHCP one stays on status "pending".  My gateway groups only have the static one in them, and if I assign certain vlan to use that gateway, it works.


  • Netgate

    There is no way to get a DHCP CARP VIP so it is never going to work.



  • @Derelict:

    There is no way to get a DHCP CARP VIP so it is never going to work.

    well that is just total junk!


  • Netgate

    I would agree that ISP service profile and provisioning is junk.



  • I got an idea from a reddit user:

    • have a device on the network spoof the mac of your WAN interface and do a DHCP request on a schedule

    This sounds like it could work.  Could I use something like a packet squirrel that would run a script, every day it could spoof the required MACs, do a dhcp req, then go dormant until the next day?

    Since I have a switch on the WAN side to split the WAN to the two firewalls, I could just plug it into that switch.  It would pull all three necessary IPs once per day.