ADSL Gateway in "Bridge" mode causes "rc:newwanip" every 10 minutes. ** UPDATED **
-
All
I did some searching through the General pfSense Questions and found some interesting information, but nothing seems to really answer my issue.
What happens is every 10 minutes an "rc.newwanip" is started. A series of "arpresolve: can't allocate llinfo for <ISP-Gateway> on igb1" events precede it.
I dug a little deeper and it appears that the ISP has fairly short lease expiration.
It shows "bound to <my ADSL Public IP> -- renewal in 300 seconds".The next time it asks for a renewal in 5 minues (i.e. 300 seconds) it receives it. But the next renewal request (DHCPREQUEST to 192.168.1.254 - Modem IP) is ignored by the ISP. So then it tries a DHCPREQUEST to 255.255.255.255 and is ignored until it results in an "EXPIRE" event. This in turn starts a "DHCPDISCOVER" on igb1 to 255.255.255.255. THEN 192.168.1.254 responds with an offer (DHCPOFFER) which is ARPCHECK-ed and then the offered IP is requested (DHCPREQUEST-ed from 255.255.255.255) and acknowledged (DHCPACK from 192.168.1.254). This of course then kicks off the "rc.newwanip" script. Hence the 10 minute interval.
I almost always get the same IP back.
Background
This ADSL Modem has what I like to call a "psuedo-bridge" mode. You can chose one of the attached devices (by MAC address) to be a "pinhole" which will act like it has the assigned public IP address. So this address shows up on the pfSense dashboard for the WAN on igb1.
The Modem address is at 192.168.1.254 and it is this address that responds to DHCPDISCOVER on igb1 with an offer.
Questions
Has anyone else had this issue and found a way to overcome it?
Any ideas would be appreciated!
Phizix
-
All,
This is a result of the DMZ+ mode of this modem (the psuedo-bridge mode).
I have decided to bypass the DHCP and use a static IP on that WAN. It hasn't changed in as long as I can remember.
I will later see if I can figure a way to overcome this.
The Modem itself gets the public IP from it's upstream server with a 24 hour lease and gives a short lease time to the DMZ+ client, but I suspect it is not a true lease, in that it will still respond on the DMZ+ using the gateway for the modem.
I figure that if for some reason the public IP address does change then since I am monitoring a public DNS server, it will mark the interface as down and I can look at the modem interface to find the new address and enter the information.
I will see if this works going forward. I have to wait until after a day plus an hour or so (i.e. past the modem's 24 hour lease time).
It is working for now.
Phizix
-
Hi,
If possible, stop the DHCP server running on your modem.
Or, use this :
so that the pfSense WAN DHCP client ignores the DHCPOFFERS from your modem.
Exclude 192.168.1.254. -
Thanks, but unfortunately that is not possible in the modem interface. Moreover, I think that is how their infrastructure works. I think in DMZ+ mode that you can only get DHCP offers from the local modem.
My solution is working very well so far with only one caveat -- You lose access to the modem interface from your network. You either have to use it's WiFi (which I turn off) or connect a device directly to one of it's remaining 3 switch ports.
It does have WiFi power settings, so I may chose a channel as far away from my channels as possible (on 2.4 GHz) and turn its power down as far as possible (i.e. have to be right beside it.
I don't think I will need to connect to it's interface very often, so I would rather have that than it going through the rc.newwanip script every bloody 10 minutes.
I am still waiting until over 24 hours have passed so I know that the modem itself (on a 24 hour lease) has renewed, to see if the connection works after the modem get it's new lease.
Phizix
P.S. Somewhere I read the reason they do the 5-10 minute lease to the DMZ+ device is so that IF the modem lease IP changes, the longest there would be a mismatch is 5-10 minutes. And it seems also sets up the wierd link to the local modem private IP.
-
@Phizix said in ADSL Gateway in "Bridge" mode causes "rc:newwanip" every 10 minutes. ** UPDATED **:
but unfortunately that is not possible in the modem interface
The image I showed above is a pfSense WAN DHCP client setting.
You can enforce that it will not accept a RFC 1918 type IP from your modem, if this modem is working in bridge mode.If you are using a DMZ facility of your Modem, then it's running as a router also, and pfSense obtains a RFC 1918 IP.
The 10 minute lease isn't really an issue, because the "renews" are going quiet fast, and most often do not take the WAN interface down. The lease is just 'extended'. -
Thank you for all the input!
As mentioned previously this is not a true bridge mode. It is what they are calling "DMZ+". You can force the pfSense router to "not accept offers" from the modem, but then you will never get an IP.
They are playing games with DCHP in the modem. If the modem would honor the renew request every time, it would be fine, but it does not. Instead it forces a rediscovery every other time which kicks off the rc.newwanip process. AND every time the rc.newwanip occurs it causes a VPN hiccup.
Therefore I think I will stick with the solution I came up with. It seems to be working fine, passing through a modem lease renewal from it's gateway somewhere in the last 36 hours without causing a hiccup.
I have notifications turned on and set to notify me by email over the other WAN if this one goes down. Then I can check (via the modem's WiFi directly) and set the new IP address for the modem's Public IP and it's Gateway IP.
I was able to regain access to the Modem management interface from within my LAN by setting the upstream gateway shown in the modem interface for that WAN gateway.
This solution is working very well indeed!!
Phizix
