pfSense can not retrieve WAN IP address from direct connection to modem anymore
-
Really not sure where the issue is here but I have been working for the past three days to narrow it down and this is as close as I can get. Any help would be appreciated. My system configuration that has been working for months and now does not is as follows:
Cable Modem > Good, tested cable > Ethernet NIC 1 for the WAN in a Dell OptiPlex running pfSense 2.4.4 > Ethernet NIC 2 for the LAN > switch or direct to a laptop for testing. )PfSense system is NOT running any WiFi, strictly ethernet)
This has been working for months. After a recent need to reboot the pfSense box, I am no longer able to get the WAN IP address IF I have the pfSense box connected directly to the modem.
However, an old Apple Airport Extreme plugged into the modem is able to pull the IP address down and routes just fine. It routes properly the ethernet connection as well as WiFi working fine.
If I connect my pfSense box into the LAN ports for the Apple Airport Extreme, the pfSense box finds an IP address for the WAN just fine. It then routes and works ok, but is much slower and thus not as viable.
I have reformatted the drive and reinstalled pfSense several times, no difference.
I have tried swapping the connection / interfaces for WAN and LAN to the opposite cards, no difference.
I have tried installing Linux Mint and Kali Linux and run pfSense through VirtualBox (with that system directly connected to the modem and NOT the Airport Extreme). The Linux box layer is able to access the internet and browser works just fine. All networks cards are set to be sharable. If I use the bridged adaptor in virtualbox, the LAN side works fine, but again, the WAN side does not pickup an IP address. However, if I change the WAN network configuration in virtualbox to NAT, it picks up an IP address from the Linux layer fine and again, routes and works just fine (albeit slow).I have also tried each of these configurations on an identical Dell Optiplex with the same exact results. I have even tried a new modem and get the same results.
So here is the conclusion to the issue as I see it. There must be some sort of DCHP issue with pfSense and my ISP (Spectrum) that was not there before. Something about the Airport Extreme or even just a plain Linux box is able to connect to them, but the way a pfSense box tries to connect to Spectrum simply does not work anymore. I have no idea why since it was working in this exact configuration for months unless Spectrum changed something.
I am at a loss to understand what is happening here and how to remedy this. I do not want to have another router between my pfSense box and the modem, which defeats the reason I have the pfSense router in the first place. Does anyone know what is going on and how to fix this? Thanks.
MC
-
Perhaps you have a problem with the NIC. Do you have another you can try?
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Ethernet ports.I haven't lost my mind. It's around here...somewhere...
-
@kb8wfh said in pfSense can not retrieve WAN IP address from direct connection to modem anymore:
Something about the Airport Extreme or even just a plain Linux box is able to connect to them, but the way a pfSense box tries to connect to Spectrum simply does not work anymore. I have no idea why since it was working in this exact configuration for months unless Spectrum changed something.
I don't think there's any magic voodoo stuff that different vendors use with DHCP, but I'm not intimately familiar with all those different vendors and how they implement it.
The steps should be pretty simple - discovery, offer, request, and acknowledge. Basic networking stuff. I'm with @JKnott on this one, probably a bad network card.
What is your pfsense box hardware, by the way?
Jeff
-
@JKnott Yes, as mentioned above, I have two cards in the system. Both of them respond the same way. I have assigned the WAN to both NICs and get the same results. Also, the cards work fine when I connect to the LAN side or connect to the WAN through a router in between to assign an IP address. And also, I have an identical twin system with two cards of their own as well and they both do the same exact thing. It's got to be a different way pfSense does it compared to other systems and/or something about the way Spectrum works now with DCHP is different.
-
@kb8wfh It seems that you're having the issue with your pfSense box not waiting to receive DHCP IP from the cable modem...a known issue and here is the fix. Go to you WAN interface and scroll to DHCP Client Configuration, then select advance and place 900 (which is 15mins) in the timeout box, then save and reboot the pfSense...all should be good.
-
I will give that a try, but as it is, it hangs when booting on the WAN configuration for at least two minutes and still times out, goes by without an IP assignment. It didn't used to do that. What is happening?
It seems to me it should happen within 30 seconds, which it does if I connect the pfSense box to a router in between the pfSense box and the modem or I run pfSense inside a virtual machine and have the network configured as a NAT connection instead of Bridge mode.
Why all of a sudden is it different and is it known what is causing it?
Thanks.
MC
-
Maybe your WAN MAC address is banned in your ISP's DHCP server. Try changing it in your settings
-
@kb8wfh said in pfSense can not retrieve WAN IP address from direct connection to modem anymore:
Why all of a sudden is it different and is it known what is causing it?
That was my first question when it happened to me and like you came here. It has worked for me since without issue. The modem is slow to reply to DHCP request; so, pfsense decides WAN won't get an address and goes on attending to LAN, system, etc. pfSense checks again seconds later and the cycle goes on.
pfSense 2.5-dev on 2011 Apple Mac Mini Server 16GB RAM dual ZFS 128GB SSD and Akitio thunderbold2 PCI-dual Intel i350 NIC.
-
@vizi0n It wouldn't explain why the same machine is able to immediately connect to the ISP with an IP address if I load Linux on it and directly connect it to the modem. The MAC address the isp gets would be the same, wouldn't it?
-
@NollipfSense But would that be the case if I am able to immediately connect to the ISP with a received IP address when I load up Linux ion that same machine and connect it directly to the modem? It does. But when I run pfSense natively or in a VirtualBox in bridge mode, it does not pick up that IP address. pfSense will pick it up immediately if I use a router between the pfSense box and the modem OR I use it in a VirtualBox and use NAT. So it still seems to narrow it down to pfSense and how it requests or waits for an IP address.
Never the less, Im going to try you suggestion right now and see what it does. Thanks for the help. I greatly appreciate it.
-
@kb8wfh Didn't work. Tried it on both a virtualbox version and a direct install of pfSense. Just hangs for several minutes on WAN configure and never gets past it.
-
@kb8wfh Did you reboot pfSense after making the changes?
-
Did you reboot the modem?
