How to release/renew DHCP
In Linux & Windows, it's easy to release the DHCP lease. In FreeBSD, the command dhclient -r is supposed to release the lease, but in pfSense, the -r option doesn't seem to exist. How is the lease released in the pfSense version of FreeBSD?
It appears dhclient-script is used for this, not dhclient. Are you scripting something, and can't use the release and renew off the status/interfaces page?
That doesn't appear to do a full release of the lease. All I capture is the request and ack. If I do a release/renew in Windows, the capture has all 4 DHCP steps of discovery, offer, request & ack.
I'll have to see if the dhclient-script rebind command will do the trick.
According to the FreeBSD man pages, dhclient-script is called by dhclient. Calling it directly doesn't seem to do anything.
dhclient <interface> causes a request & ack
dhclient -r <interface> causes a release
dhclient <interface> now causes discover, offer, request & ack.
On pfSense, -r option doesn't exist and just running dhclient returns a message that the client is already running. There doesn't seem to be a way to cleanly generate the full 4 step dhcp process.
Doesn't anyone know how to do this? It seems strange that something that's trivial on Linux and Windows can't be done in pfSense.
service dhclient restart em0
works on stock FreeBSD (don't have a test box handy). but this errors on my test pfSense and says the interface is not set for dhcp. (it is)
service netif restart
Should work, but will restart all interfaces.
You could look at the code on the status_interfaces page to see what it is doing. It's not fair to say you can't release and renew easily on pfSense, as there is a button right on the status page. Maybe not easy to script?
/root: service dhclient restart re0
're0' is not a DHCP-enabled interface
dhclient already running? (pid=76670).
As for "service netif restart", I had to reboot pfSense to get out of that one.
It's not fair to say you can't release and renew easily on pfSense, as there is a button right on the status page.
When I use that, even with Relinquish Lease selected, it does not go through the full 4 step DHCP process. As I mentioned above, I only capture the request and ack. The discover and offer are nowhere to be seen. So, yeah, it is fair to say that.
I've never captured the traffic, but I haven't had a problem using the release and renew the handful of times I've needed it. Yours doesn't release/renew properly? Does it log an error?
I haven't checked the logs, but use Packet Capture or Wireshark frequently. Clearly, Packet Capture is working, as it captures the request and ack. Also, on both Linux and Windows, just renewing, without doing a release provides the same result. On both, I have to specifically release to get all 4 steps.
Why not try it and see what happens. Run Packet Capture to capture port 67, then release DHCP and see what's captured.
I am not knowledgeable about dhcp, but I have been trying to learn more. I have been poking around and found a few things that might be useful...or useless....
Just kind of stream of consciousness....
There appears to be multiple versions of dhclient on pfsense. The one you get by just running "dhclient" points to /sbin/dhclient and is ancient(?) - no "-r" option.
There is another dhclient at /usr/local/sbin/dhclient. This is the one the gui uses for things like releasing the wan with "Relinquish lease" in Status -> Interfaces. This appears to be a more recent isc version of dhclient and does support the "-r" option.
The gui uses something like this to relinquish the lease :
/usr/local/sbin/dhclient -4 -d -r -lf /var/db/dhclient.leases.igb0 -cf /var/etc/dhclient_wan.conf -sf /usr/local/sbin/pfSense-dhclient-script
It looks like it would be pretty simple to roll together a short php script that would mimic the release/relinquish/renew functionality of the gui.
There is also a pre-rolled script that seems like it might do much the same thing :
/etc/rc.linkup stop igb0 /etc/rc.linkup start igb0
As far a forcing a dhcp rebind (bcast discover) as opposed to a renew (ip directed to previous server), I dont know. It seems like pfsense pretty strictly follows the dhcp renew/rebind approach. If the "relinquish lease" command above doesnt force a rebind, maybe you could nuke the /var/db/dhclient.leases.igb0 file before doing a renew. This might force a rebind.
I'll give that other client a try later. However, the commands to release and rebind should just work, as they do in Linux and Windows. It shouldn't be necessary to touch any files. I don't understand why it doesn't seem to work properly with pfSense out of the box. If the other client is what it takes, why isn't it used?
On this site, there are occasionally problems with connecting to the Internet. I often tell people to capture the full DHCP sequence, but that apparently won't work with the current DHCP client.
That other client seems to have done the trick. One curious thing though is I didn't see a release as I do with Linux and Windows.
This begs the question of why that client is not used, if the default one is so old.
There seems to be a relationship between the release option and dhclient running in daemon mode. Pfsense is running dhclient as a daemon and windows/linux might not be.
I dont know anything about the dhclient packages or how/why they are ordered in the path.
I just did some more testing. It seems that if I release with that other client, I have to use the default client to renew, for it to show on the interface status.
This looks like something the developers should look into, as it can produce confusing situations, in addition to not being able to do a proper release with the default dhclient.
It looks like the /sbin/dhclient is used to run/control the daemon, while the /usr/local/sbin/dhclient is just used to send the courtesy "relinquish" message to the dhcp server.
There appears to be many things that happen in pfsense when you release/renew dhcp leases on the wan, probably more than on a workstation client. I dont know what effect going straight at the dhclient interface could have on the rest of the system. It might be better to use the higher level apis that are provided to do the release/renew, if possible. YMMV.
I wanted a simple way to release/renew it for testing. It's easy enough with Linux & Windows, but not pfSense. Why should there be 2 versions of dhclient, which provide different results?
Many years ago, I worked on the team that developed standard desktops (OS/2, NT & W95) for IBM Canada. Part of my work involved testing to make sure things worked properly and consistently. Such a thing wouldn't have been tolerated.