[SOLVED] Why doesn't DHCP work consistently on my PFsense box?



  • I have PFsense running on a 1u intel supermicro atom box. Trying to get an IP on this thing is largely hit-or-miss. I've left it request for an hour and it never gets a reply from the cable modem. There's an initial 192.168.1.x IP that always works fine and I can login to the modem and view things. After a minute or so, em0 drops to 0.0.0.0 and all I can do is a tcpdump and watch the DHCP requests go out but aside from a few ARP packets and ICMPv6 stuff, the modem just never sends a reply. Sometimes, all of a sudden, I'll reboot the 1u, or power cycle the modem and suddenly things connect up and I can get to the internet again. I loathe rebooting after updates. I had the cable tech come out last summer and he found some corroded fittings on an outside filter and replaced them. It seemed to work better after that. Today, I powered off the modem to change UPS batteries and was without internet for 3 hours. Finally, I gave up. Plugged in my laptop to the modem, got an IP within a minute and bridged it to a USB NIC. PFsense is currently running off the bridged USB nic. Why is this so f'd up? Thanks.


  • Rebel Alliance Developer Netgate

    Sounds like a problem with your NIC/hardware and not the OS, or perhaps the combination of that NIC+Modem.

    There are tens of thousands of people using DHCP without issue.

    Next time it happens, check your DHCP logs and other logs and see what is there, especially from dhclient.



  • It seems that you're having the issue with your pfSense box not waiting to receive DHCP IP from the cable modem...a known issue and here is the fix. Go to you WAN interface and scroll to DHCP Client Configuration, then select advance and place 900 (which is 15mins) in the timeout box, then save and reboot the pfSense...all should be good.

    Screen Shot 2019-12-12 at 4.43.53 PM.png



  • @NollipfSense I was running a tcpdump on em0 after rebooting the modem and I would see pfSense send out the DHCP request, but never get a reply from the modem:

    14:24:23.174311 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:xx:xx:f2, length 300
    

    These would repeat endlessly. I should still have seen a DHCP reply coming back to pfSense (and pfSense ignoring it) if I'm understanding you correctly.



  • @Dave-R2 No, the modem is slow to reply; so, pfsense then decides it won't get one and goes on to working with LAN. etc.



  • @NollipfSense - Thanks. I gave it a go and still no dice. Even tried changing the MAC on em0. The modem just doesn't send a DHCP reply to the NIC on the pfSense box. dmesg has several entries like this while the DHCP requests are being sent.

    Dec 11 17:19:46 ara kernel: arpresolve: can't allocate llinfo for 113.xxx.xxx.1 on em0
    

    @jimp mentioned a flaky NIC. Could be, but I still don't get why tcpdump on em0 isn't seeing any DHCP replies from the modem? At 3:16:21 below, I finally plugged pfSense back into the USB nic on the laptop bridge (prior to 3:15:30 there were many more of the same DHCP requests but the forum is flagging it as spam so trimmed it):

    03:15:30.044075 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:15:50.394618 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:16:04.014865 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:16:21.404300 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:16:21.405965 IP 192.168.100.1.67 > 192.168.100.10.68: BOOTP/DHCP, Reply, length 300
    03:16:23.520426 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:16:24.518302 IP 192.168.100.1.67 > 192.168.100.10.68: BOOTP/DHCP, Reply, length 300
    03:16:54.565626 IP 192.168.100.10.68 > 192.168.100.1.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:16:58.566699 IP 192.168.100.10.68 > 192.168.100.1.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:17:03.650710 IP 192.168.100.10.68 > 192.168.100.1.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:17:08.834715 IP 192.168.100.10.68 > 192.168.100.1.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:17:20.733699 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:17:23.093891 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:17:23.131032 IP 78.xxx.xxx.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    03:17:23.131773 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:17:23.443173 IP 113.xxx.xxx.1.67 > 131.xxx.xxx.xxx.68: BOOTP/DHCP, Reply, length 331
    03:17:25.136660 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:17:25.158066 IP 113.xxx.xxx.1.67 > 131.xxx.xxx.xxx.68: BOOTP/DHCP, Reply, length 331
    03:17:29.485745 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from xx:xx:xx:d0:be:ef, length 300
    03:17:29.523233 IP 78.xxx.xxx.1.67 > 131.xxx.xxx.xxx.68: BOOTP/DHCP, Reply, length 331
    


  • @Dave-R2 said in Why doesn't DHCP work consistently on my PFsense box?:

    Could be, but I still don't get why tcpdump on em0 isn't seeing any DHCP replies from the modem?

    Do you have a managed switch that you can set up for port mirroring? If so, you can use it to connect a computer running Wireshark, to see what's happening on the wire. Sometimes testing with the problem device doesn't always work well. I experienced this with a problem I had with my ISP last year. I used the managed switch and Wireshark to capture then entire sequence from boot up, which you just can't do with Packet Capture.


  • Netgate Administrator

    @Dave-R2 said in Why doesn't DHCP work consistently on my PFsense box?:

    There's an initial 192.168.1.x IP that always works fine

    If that's from the modem itself you can configure pfSense to reject it so it only pulls public IPs.
    See 'Reject Leases From' here: https://docs.netgate.com/pfsense/en/latest/book/interfaces/ipv4-wan-types.html#dhcp

    Steve



  • Wondered whether OP rebooted both pfSense and the modem after the instructions above!



  • Well, I think @jimp nailed it. I've never been a big fan of onboard NICs so purchased a couple 2x Intel NICs and a riser card (RSC-RR1U-E16 R3.6) a year or so ago. I found they don't fit my board/chassis though (ebay, so who knows) and put everything back in the box last time I went through all this. I decided to pull the box back out the other day and make the card fit somehow.

    Luckily, the add-on nic enumerated first and got moved to em0 automatically. I've rebooted the modem three or four times now and it's picking up a routable IP within a couple minutes.

    @stephenw10 thanks for the link. @NollipfSense I think I wore out the contacts in the power switches rebooting everything so many times.

    nic-0.pngnic-2.png)


Log in to reply