How to release/renew DHCP

JKnott

In Linux & Windows, it's easy to release the DHCP lease. In FreeBSD, the command dhclient -r is supposed to release the lease, but in pfSense, the -r option doesn't seem to exist. How is the lease released in the pfSense version of FreeBSD?

dotdash

It appears dhclient-script is used for this, not dhclient. Are you scripting something, and can't use the release and renew off the status/interfaces page?

JKnott

@dotdash

That doesn't appear to do a full release of the lease. All I capture is the request and ack. If I do a release/renew in Windows, the capture has all 4 DHCP steps of discovery, offer, request & ack.

I'll have to see if the dhclient-script rebind command will do the trick.

JKnott

@dotdash

According to the FreeBSD man pages, dhclient-script is called by dhclient. Calling it directly doesn't seem to do anything.

JKnott

@dotdash

On Linux:
dhclient <interface> causes a request & ack
dhclient -r <interface> causes a release
dhclient <interface> now causes discover, offer, request & ack.

On pfSense, -r option doesn't exist and just running dhclient returns a message that the client is already running. There doesn't seem to be a way to cleanly generate the full 4 step dhcp process.

JKnott

@JKnott

Doesn't anyone know how to do this? It seems strange that something that's trivial on Linux and Windows can't be done in pfSense.

dotdash

I think

service dhclient restart em0

works on stock FreeBSD (don't have a test box handy). but this errors on my test pfSense and says the interface is not set for dhcp. (it is)

service netif restart

Should work, but will restart all interfaces.
You could look at the code on the status_interfaces page to see what it is doing. It's not fair to say you can't release and renew easily on pfSense, as there is a button right on the status page. Maybe not easy to script?

JKnott

@dotdash

/root: service dhclient restart re0
're0' is not a DHCP-enabled interface
dhclient already running? (pid=76670).

As for "service netif restart", I had to reboot pfSense to get out of that one.

It's not fair to say you can't release and renew easily on pfSense, as there is a button right on the status page.

When I use that, even with Relinquish Lease selected, it does not go through the full 4 step DHCP process. As I mentioned above, I only capture the request and ack. The discover and offer are nowhere to be seen. So, yeah, it is fair to say that.

dotdash

I've never captured the traffic, but I haven't had a problem using the release and renew the handful of times I've needed it. Yours doesn't release/renew properly? Does it log an error?

JKnott

@dotdash

I haven't checked the logs, but use Packet Capture or Wireshark frequently. Clearly, Packet Capture is working, as it captures the request and ack. Also, on both Linux and Windows, just renewing, without doing a release provides the same result. On both, I have to specifically release to get all 4 steps.

JKnott

@dotdash

Why not try it and see what happens. Run Packet Capture to capture port 67, then release DHCP and see what's captured.

serbus

Hello!

I am not knowledgeable about dhcp, but I have been trying to learn more. I have been poking around and found a few things that might be useful...or useless....

Just kind of stream of consciousness....

There appears to be multiple versions of dhclient on pfsense. The one you get by just running "dhclient" points to /sbin/dhclient and is ancient(?) - no "-r" option.

There is another dhclient at /usr/local/sbin/dhclient. This is the one the gui uses for things like releasing the wan with "Relinquish lease" in Status -> Interfaces. This appears to be a more recent isc version of dhclient and does support the "-r" option.

The gui uses something like this to relinquish the lease :

/usr/local/sbin/dhclient -4 -d -r 
   -lf  /var/db/dhclient.leases.igb0 
   -cf  /var/etc/dhclient_wan.conf 
   -sf /usr/local/sbin/pfSense-dhclient-script

It looks like it would be pretty simple to roll together a short php script that would mimic the release/relinquish/renew functionality of the gui.

There is also a pre-rolled script that seems like it might do much the same thing :

/etc/rc.linkup stop igb0
/etc/rc.linkup start igb0

As far a forcing a dhcp rebind (bcast discover) as opposed to a renew (ip directed to previous server), I dont know. It seems like pfsense pretty strictly follows the dhcp renew/rebind approach. If the "relinquish lease" command above doesnt force a rebind, maybe you could nuke the /var/db/dhclient.leases.igb0 file before doing a renew. This might force a rebind.

John

JKnott

@serbus

I'll give that other client a try later. However, the commands to release and rebind should just work, as they do in Linux and Windows. It shouldn't be necessary to touch any files. I don't understand why it doesn't seem to work properly with pfSense out of the box. If the other client is what it takes, why isn't it used?

On this site, there are occasionally problems with connecting to the Internet. I often tell people to capture the full DHCP sequence, but that apparently won't work with the current DHCP client.

JKnott

@serbus

That other client seems to have done the trick. One curious thing though is I didn't see a release as I do with Linux and Windows.

This begs the question of why that client is not used, if the default one is so old.

serbus

@JKnott

Hello!

There seems to be a relationship between the release option and dhclient running in daemon mode. Pfsense is running dhclient as a daemon and windows/linux might not be.

I dont know anything about the dhclient packages or how/why they are ordered in the path.

John

JKnott

@serbus

I just did some more testing. It seems that if I release with that other client, I have to use the default client to renew, for it to show on the interface status.

This looks like something the developers should look into, as it can produce confusing situations, in addition to not being able to do a proper release with the default dhclient.

serbus

@JKnott

Hello!

It looks like the /sbin/dhclient is used to run/control the daemon, while the /usr/local/sbin/dhclient is just used to send the courtesy "relinquish" message to the dhcp server.

There appears to be many things that happen in pfsense when you release/renew dhcp leases on the wan, probably more than on a workstation client. I dont know what effect going straight at the dhclient interface could have on the rest of the system. It might be better to use the higher level apis that are provided to do the release/renew, if possible. YMMV.

John

JKnott

@serbus

I wanted a simple way to release/renew it for testing. It's easy enough with Linux & Windows, but not pfSense. Why should there be 2 versions of dhclient, which provide different results?

Many years ago, I worked on the team that developed standard desktops (OS/2, NT & W95) for IBM Canada. Part of my work involved testing to make sure things worked properly and consistently. Such a thing wouldn't have been tolerated.

jtm200

tl;dr to renew DHCP lease run /sbin/dhclient -c /var/etc/dhclient_wan.conf $INTERFACE

How I find that command

1. From the Admin Web UI, I clicked Release WAN
2. From a shell terminal,
   I "scraped" the command-line by first running as user root

   while true; do ps -A | grep dhclient; echo; done
   

3. from the Admin Web UI, I clicked Renew WAN
4. in the shell terminal, the particular renewal command was briefly listed

Command output

For me, I see

$ /sbin/dhclient -c /var/etc/dhclient_wan.conf em0
Cannot open or create pidfile: No such file or directory
dhclient 68253 - - PREINIT
DHCPREQUEST on em0 to 255.255.255.255 port 67
DHCPACK from 11.22.33.44
bound to 55.66.77.88 -- renewal in 91710 seconds.

(run as user root)

Thanks @serbus for sharing your research!

keyser

@jknott I wonder if this has been “cleaned up” and simplified with 23.01 as that is a wastly never OS release and has required netgate to refactor a lot of the UI and services tooling.