No Internet from WIFI connection on Router from 2nd LAN subnet

marvosa

Do you have a laptop you can troubleshoot with? I think we need a little more insight as to what's happening on the client.

Also, can you post a network map so we have a little more insight as to your network design? Since I haven't heard anything about VLANs, my assumption is you have 3 NIC's in your PFsense box... 1 for WAN, 2 for LAN... and two different switches... one connected to each LAN interface. That's my assumption, but I'd like to get a more accurate picture from you.

For grins and giggles, disable the windows firewall on your server and try a few clients. If things miraculously start working, you'll have to add some exceptions in the firewall or leave it disabled.

marvosa

@techgeek055 After some research, it looks like what we need to do is go back into DHCP relay, hold ctrl and highlight the LAN interface so both LAN and DEVICES_LAN are highlighted and hit save.

@marvosa Sorry for the delay, had to go bed.

I do have a laptop I can use.

I can draw a network design shortly! I will post it here as soon as it's done. No VLANs are setup, I was trying to get VLANS up previously but failed (similar issues/ no dhcp ip) so I ditched VLANs for now.

I disabled the firewall on the dhcp server yesterday to no success :( I didn't try getting an IP from a laptop though, just my smart phone. I can try that today.

Okay, I will try highlighting both LAN interfaces in DHCP relay!

stephenw10

Been a while since I used dhcp relay but if that traffic is not passed by hidden system rules it will not be passed by the rules you have as the devices are not yet in 'LANnet' and are broadcasting. Check the firewall logs for blocked dhcp traffic when you try to obtain an IP.

Steve

@marvosa I hope this is clear for y'all

I also enabled DHCP relay on both LAN interfaces but no IP from wifi still.

@stephenw10 Hi Steve,

On pfSense DHCP logs, I see "3 bad IP checksums seen in 5 packets"

Jan 16 06:57:11 dhcrelay Listening on BPF/ix2/a0:36:9f:1a:4c:6c
Jan 16 06:57:11 dhcrelay Sending on BPF/ix2/a0:36:9f:1a:4c:6c
Jan 16 06:57:11 dhcrelay Listening on BPF/ix3/a0:36:9f:1a:4c:6e
Jan 16 06:57:11 dhcrelay Sending on BPF/ix3/a0:36:9f:1a:4c:6e
Jan 16 06:57:11 dhcrelay Sending on Socket/fallback
Jan 16 06:58:13 dhcrelay 3 bad IP checksums seen in 5 packets
Jan 16 06:58:51 dhcrelay 3 bad IP checksums seen in 5 packets
Jan 16 06:59:30 dhcrelay 3 bad IP checksums seen in 5 packets
Jan 16 07:00:09 dhcrelay 3 bad IP checksums seen in 5 packets
Jan 16 07:00:46 dhcrelay 3 bad IP checksums seen in 5 packets
Jan 16 07:01:24 dhcrelay 3 bad IP checksums seen in 5 packets
Jan 16 07:27:07 dhcrelay 3 bad IP checksums seen in 5 packets

I also tried connecting a laptop directly to the asus router and dhcp logs give same message as above.

Not sure what that means! I'll try googling it.

stephenw10

Try disabling 'Hardware Checksum Offloading' in System > Advanced > Networking. You may need to reboot to apply that change.

Nothing showing as blocked in the firewall log though?

Steve

@stephenw10 Okay, i'll try that right now!

Sorry, in my firewall logs I see:

stephenw10

You might have to filter that for only udp destination port 67 on the devices LAN. That only shows 12s of logs so you could easily miss connection attempts otherwise.

Steve

@stephenw10 I disabled "Hardware Checksum Offloading" and DHCP logs are no longer getting the "3 bad IP checksums seen in 5 packets" error. But no IP from DHCP still.

@stephenw10 I'm getting "No logs to display" or did I do the filter wrong? Not sure if/what I need to put in source and destination IP.

stephenw10

That looks correct, you should see blocked dhcp traffic there if was being blocked.

Check for port 67 states when the client is trying to connect in the state table. In Diag > States filter by :67, you will have to refresh that to see them.

Steve

Okay!

Please see below for Diag > States filtered by :67

10.1.10.8 is my DHCP server

stephenw10

Hmm, yet no state on DEVICES_LAN.... the client was definitely trying to connect at that point?

@stephenw10 Yeet! Sorry, I mis-understood.

Nothing was trying to connect at that moment I did the filter.

I re-did it when my phone was trying to connect to wifi:

@stephenw10 Here is one of my laptop, directly connected to the asus router with ethernet:

stephenw10

Hmm, that looks correct in terms of open states. But nothing going back to the client. Anything logged on the server?

Might have to pcap on LAN filtered by the server IP to see if the requests are actually going to it.

Steve

:(

Here is packet capture that I did on pfSense when my phone was trying to connect to wifi:

09:29:42.457022 IP (tos 0x0, ttl 64, id 43572, offset 0, flags [none], proto UDP (17), length 328)
10.1.10.1.67 > 10.1.10.8.67: [udp sum ok] BOOTP/DHCP, Request from fe:3d:88:34:f1:48, length 300, hops 1, xid 0x14fd712, secs 5, Flags [none] (0x0000)
Gateway-IP 10.1.13.1
Client-Ethernet-Address fe:3d:88:34:f1:48
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fe:3d:88:34:f1:48
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-10"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
Agent-Information Option 82, length 5:
Circuit-ID SubOption 1, length 3: ix2
09:29:47.474145 IP (tos 0x0, ttl 64, id 11403, offset 0, flags [none], proto UDP (17), length 328)
10.1.10.1.67 > 10.1.10.8.67: [udp sum ok] BOOTP/DHCP, Request from fe:3d:88:34:f1:48, length 300, hops 1, xid 0x14fd712, secs 10, Flags [none] (0x0000)
Gateway-IP 10.1.13.1
Client-Ethernet-Address fe:3d:88:34:f1:48
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fe:3d:88:34:f1:48
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-10"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
Agent-Information Option 82, length 5:
Circuit-ID SubOption 1, length 3: ix2
09:29:47.635729 IP (tos 0x0, ttl 128, id 5587, offset 0, flags [none], proto UDP (17), length 82)
10.1.10.8.58751 > 10.1.10.1.53: [udp sum ok] 55300+ [1au] A? eus-oi-ods-b.cloudapp.net. ar: . OPT UDPsize=4000 (54)
09:29:47.650479 IP (tos 0x0, ttl 64, id 4119, offset 0, flags [none], proto UDP (17), length 98)
10.1.10.1.53 > 10.1.10.8.58751: [udp sum ok] 55300 q: A? eus-oi-ods-b.cloudapp.net. 1/0/1 eus-oi-ods-b.cloudapp.net. A 40.79.154.85 ar: . OPT UDPsize=4096 (70)
09:29:55.696010 IP (tos 0x0, ttl 64, id 26722, offset 0, flags [none], proto UDP (17), length 328)
10.1.10.1.67 > 10.1.10.8.67: [udp sum ok] BOOTP/DHCP, Request from fe:3d:88:34:f1:48, length 300, hops 1, xid 0x14fd712, secs 18, Flags [none] (0x0000)
Gateway-IP 10.1.13.1
Client-Ethernet-Address fe:3d:88:34:f1:48
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fe:3d:88:34:f1:48
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-10"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
Agent-Information Option 82, length 5:
Circuit-ID SubOption 1, length 3: ix2
09:30:12.750834 IP (tos 0x0, ttl 64, id 41397, offset 0, flags [none], proto UDP (17), length 328)
10.1.10.1.67 > 10.1.10.8.67: [udp sum ok] BOOTP/DHCP, Request from fe:3d:88:34:f1:48, length 300, hops 1, xid 0x14fd712, secs 35, Flags [none] (0x0000)
Gateway-IP 10.1.13.1
Client-Ethernet-Address fe:3d:88:34:f1:48
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fe:3d:88:34:f1:48
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-10"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
Agent-Information Option 82, length 5:
Circuit-ID SubOption 1, length 3: ix2
09:30:16.207646 IP (tos 0x0, ttl 64, id 38410, offset 0, flags [none], proto UDP (17), length 328)
10.1.10.1.67 > 10.1.10.8.67: [udp sum ok] BOOTP/DHCP, Request from fe:3d:88:34:f1:48, length 300, hops 1, xid 0xa26f2a53, Flags [none] (0x0000)
Gateway-IP 10.1.13.1
Client-Ethernet-Address fe:3d:88:34:f1:48
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fe:3d:88:34:f1:48
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-10"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
Agent-Information Option 82, length 5:
Circuit-ID SubOption 1, length 3: ix2
09:30:21.213556 IP (tos 0x0, ttl 64, id 60954, offset 0, flags [none], proto UDP (17), length 328)
10.1.10.1.67 > 10.1.10.8.67: [udp sum ok] BOOTP/DHCP, Request from fe:3d:88:34:f1:48, length 300, hops 1, xid 0xa26f2a53, secs 5, Flags [none] (0x0000)
Gateway-IP 10.1.13.1
Client-Ethernet-Address fe:3d:88:34:f1:48
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fe:3d:88:34:f1:48
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-10"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
Agent-Information Option 82, length 5:
Circuit-ID SubOption 1, length 3: ix2
09:30:25.183289 IP (tos 0x0, ttl 64, id 56349, offset 0, flags [none], proto UDP (17), length 328)
10.1.10.1.67 > 10.1.10.8.67: [udp sum ok] BOOTP/DHCP, Request from fe:3d:88:34:f1:48, length 300, hops 1, xid 0xa26f2a53, secs 8, Flags [none] (0x0000)
Gateway-IP 10.1.13.1
Client-Ethernet-Address fe:3d:88:34:f1:48
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fe:3d:88:34:f1:48
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-10"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
Agent-Information Option 82, length 5:
Circuit-ID SubOption 1, length 3: ix2
09:30:32.659175 IP (tos 0x0, ttl 64, id 38685, offset 0, flags [none], proto UDP (17), length 328)
10.1.10.1.67 > 10.1.10.8.67: [udp sum ok] BOOTP/DHCP, Request from fe:3d:88:34:f1:48, length 300, hops 1, xid 0xa26f2a53, secs 16, Flags [none] (0x0000)
Gateway-IP 10.1.13.1
Client-Ethernet-Address fe:3d:88:34:f1:48
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fe:3d:88:34:f1:48
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 15: "android-dhcp-10"
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
MTU, BR, Lease-Time, RN
RB, Vendor-Option
Agent-Information Option 82, length 5:
Circuit-ID SubOption 1, length 3: ix2

stephenw10

Ok so no replies from the DHCP server back to the client. Either the server is not able to respond or it's refusing to respond.

Steve

@stephenw10 Interesting, not sure what the issue is but I guess i'll have to do some digging..

Thank you for your help! I will update when/if I find anything.