DHCP Client Issue



  • Hi all,

    So I have a VERY frustrating issue that makes me want to leave pfSense as it’s such basic core functionality that is messing up.

    The firewall gets its IP using DHCP from my cable provider, which is all fine and dandy except I was having power outages and what was happening was everything was coming back up but the firewall would come back up before the modem and would not obtain an IP. Logically if the firewall doesn’t have an IP one would think it would try to renew periodically but it will go hours and take no action on its own and I have to log in and renew the lease.

    I’ve heard it’s because the Hiltron modems give a 192.168.100.0 IP before fully booting up and I even changed a setting a few months ago to delay 120 seconds or so before trying to obtain an IP but that still doesn’t work.

    My solution was to get a UPS, which of course is not a fix but a bandaid solution and of course the next power failure lasted longer than the UPS!



  • Hi,

    On the Interfaces / WAN page, check "Advanced configuration".

    Then read https://docs.netgate.com/pfsense/en/latest/book/interfaces/ipv4-wan-types.html -you'll be recognizing your issue right away, and close to a solution ;)

    dd1b98fe-1ca6-406f-9081-6acbce8ae3de-image.png



  • @Gertjan
    Hi there,

    Thank you for the prompt reply :)

    So I did as you said and I see there are several protocol timing settings I can set, which is fine and maybe solve my problem, however when reading the document linked it has values such as 60 seconds and 5 minutes by default. To me, it seems it’s just simply not doing these.

    
    retry time;
    	     The retry statement determines the	time that must pass after the
    	     client has	determined that	there is no DHCP server	present	before
    	     it	tries again to contact a DHCP server.  By default, this	is
    	     five minutes.
    
    

    I would think after 5 minutes (after everything is back online 100%) pfSense would get its IP and be back in business. If it missed that mark, then 10 minutes, 15, 20, etc. after 8 hours it still doesn’t work and I simply reboot the firewall and it works makes me think something isn’t functioning the way it should.

    Am I missing something? I do appreciate your help!


  • LAYER 8 Global Moderator

    Just reject your modems dhcp server 192.168.100 address... In the 10 some years been using pfsense, and cable modems I have never run into this issue.. The lease time that your modem should hand out from its 192.168.100 address pool should be really short.. So once it gets say a 192.168.100 address that should expire shortly and then it would get an IP from your ISP..



  • @xero9
    From the symptoms you describe it sounds like you are hitting this bug https://redmine.pfsense.org/issues/9267

    Specifically, what happens is that if the DHCP client times out and there is any cached lease, pfSense will use said IP regardless of if it is valid or not for the remaining lease time.

    However, if you are willing to compile dhclient and apply a patch using the pfSense system patch tool, it's pretty straightforward to fix this.

    Rejecting the lease from the modem as mentioned earlier will also likely work. However the caveat to be aware of is if your modem loses upstream link when pfSense tries to renew the DHCP lease (small chance but not zero) you may lose your connection.



  • @nkaminski This sounds like my issue exactly!

    So I'm no stranger to applying patches to file and re-compiling in say a Linux environment, but are there instructions on how I do this under pfSense? Is there a site with some documentation I can read? Thanks!


Log in to reply