SG-1100 drops clients, lease time issue?
-
Hi,
I recently bought and configured SG-1100 as an edge router. Today was the first working day when everyone was on the network. It was tough. Every hour or two someone yelled at me because their internet was down.Reading a little bit, it seems like the DHCP default lease time (2 hrs) might be an issue. I don't know enough about networking, so please excuse the ignorance reflected in my questions.
- Do the clients get dropped at the end of the DHCP lease time of 2 hours?
- Once dropped, do the clients not have a way to self recover their internet connection?
- This is my home setup. All the devices need to stay connected all the time. What's the best way for me to configure SG-1100? (I don't actually want to configure my client devices differently - I don't even know that I can).
If my issue has nothing to do with the DHCP lease time, would appreciate any other pointers.
thanks.
-
Hello!
Here is a basic primer on DHCP leases :
http://www.tcpipguide.com/free/t_DHCPLeaseRenewalandRebindingProcesses-2.htm
With a 2hr lease, devices might be renewing every hour. Depending on the packages you are running, how they are configured, and how you have your dns/dhcp setup, this could result in frequent and possibly slow unbound dns reloads, among other things.
https://forum.netgate.com/search?term=unbound%20register%20dhcp&in=titlesposts
https://forum.netgate.com/topic/115482/frequent-unbound-restarts/28?_=1596472420229Or, it could be a completely different problem...:)
John
-
Yup, it's unlikely this is anything to do with dhcp. 2hrs is the standard lease length. Most clients will renew their leases at 50% of that time.
Even if it does expire a client can just pull a new lease if required.Really you need to see what has actually failed at the client when it loses connectivity.
Does the client still have a valid IP address and subnet mask?
Can the client ping the local pfSense interface IP?
Can it ping 8.8.8.8?
Can it ping google.comSteve
-
Thank you @stephenw10.
Based on your comment, it does seem unlikely that the DHCP lease time by itself would cause the issue.
Even in my prior setup (Netgear) every client received a 24hr lease, and the router itself received a 24hr lease from my ISP. None of that broke the internet (except needing a router reboot every couple of months).
Whatever it is, some of my devices seem to handle it better than others. My Windows 10 desktop does fine (perhaps because it's on the whole time), but a Windows 10 laptop (that goes to sleep / hibernate every couple of hours) gets stuck. The iPhones (7 and 8) seem to have a problem when they leave the house and then come back after (say) an hour or so.
The most painful failure yesterday was the wireless AP (my old Netgear), because practically every client is on WiFi. When that happened, PFSense showed Netgear as "offline" with an "active" lease. The WiFi router's lights were all normal (it seemed to think that it was online and functioning fine). But when I tried to get into the device (using the last known IP that PFSense was showing me), I wasn't able to.
I've changed the Netgear to a static IP anyway.
Do any of the symptoms I described give you any additional ideas of what might be happening?
-
If it shows as off-line that means it's no longer in the ARP table. Packets from that device are not passing through pfSense for some reason.
The symptoms you are describing sound like you might have a rogue dhcp server on your network. When you find client that has hit this check it's IP info, is it actually using pfSense as it's gateway?
Does pfSense still list it in the dhcp status table? In the ARP table?A router running as an AP is a common suspect for that. Also a phone running hotspot mode can do it.
Steve
-
Sounds like a duplicate IP issue - some other device has the same IP as the LAN interface on your pfSense.
Once you have a client that went “offline” - as in no internet, try to ping the pfSense address from that client - it likely wont answer, but see if it answered the ARP request by running the command “Arp -a” in a windows elevated command shell.
Does the MAC-address for the gateway address actually match your pfsense MAC address, or is it some other devices Mac address? -
Thank you @stephenw10 and @keyser.
I'll keep looking but I don't see a rogue DHCP server.
My older router is indeed running as an AP. No phone hotspots though.I compared the DHCP leases on my pfSense with what Netgear (AP) was showing, and I did ARP -a on my windows. All 3 showed me a perfect match - MAC to IP.
Today actually went much better. No dropped connection complaints at all. At this point my 2 layperson hypotheses are
-
Maybe there was some caching happening somewhere, which made some devices look in a different place (e.g. maybe they were too used to a 24 hr lease, and didn't notice that the default is now 2 hrs).
-
I moved some devices to a static IP about 24 hrs ago. Maybe that covered any potential issues.
Is any of that even possible?
If I encounter dropped clients again, I'll try your suggestions. If not, I'll just count my blessings and move on.
-
-
So I had another dropped client issue today. Here's what I tried
From the client (Windows 10 PC)
- Ping pfSense (192.168.1.1). No response
- Ping WiFi access point (Netgear. 192.168.1.2). No response
- ipconfig. Shows the "correct" IP (192.168.1.22) and gateway (192.168.1.1)
- ARP -a. Does not list pfSense (192.168.1.1) but does list the WiFi AP (192.168.1.2)
Netgate / pfSense
- DHCP lease: Lists the client as "online" and lease as "active". Consistent IP and correct MAC
WiFi AP (Netgear)
- Lists the client as connected, with correct IP and MAC
Then I went back to the PC, disconnected the wifi and connected again. It got back online and worked fine.
Any thoughts on what might have happened?
-
I forgot to mention 2 things.
The ARP -a listed a bunch of correct IP / MAC combinations (just didn't have pfSense).
This client had a static IP. It was actually listed in pfSense has "online" and "static".
-
Am I correct in assuming it does not happen to all clients simultanously - as in some clients continue to have Internet Acccess while others are offline?
Since you seem pretty sure it’s not a duplicate IP problem, then I’m pretty sure it’s a Wifi issue.
Additional proof of that thesis is that you cannot ping the Wifi AP either when the problem is present. This is before traffic hits pfSense, so it’s not involved at that stage.Any chance you could try a different Wifi Access Point? Alternatively try and wire a bunch of the clients, and see if any of the wired clients exibit the same issue.
-
Thank you @Keyser
Yes that is right. It does not happen to all clients at the same time, only some.
I don't have many wired clients to test out the Wifi thesis, except that my Wifi AP is a wired connection to pfSense. One time the AP itself got offline (which was a major chaos).
I don't have another Wifi AP. I don't mind buying one (I kind of do), if I am sure that would completely resolve the issue. Actually I probably do have another old router sitting around somewhere. Maybe I'll try that one next.
-
Mmm, it sounds a lot like a rogue dhcp server or an IP conflict. If something else was using pfSenses LAN IP though it would be complaining about that in the system log.
Steve
-
I would definitly try a different AP because:
1: If some clients are accessing Internet while others are not, pfSense is at least passing traffic constantly (In fact online). When this is the case, the problem is usually IP conflict or rogue DHCP/arp poisoning - which you seem to have eliminated as explanations. With that the remaining “theoretical” explanations becomes pretty complicated/unlikely.
2: Since you loose the ability to ping the AP from suffering clients, then they are not even able to pass Wifi traffic to the AP/The AP does not handle that traffic correctly.
No pfSense involved in that problem unless pfSense is killing the link to the AP in the proces (and thus taking the AP’s IP interface offline). We know that’s not the case because other clients remain online.It has to be the Wifi....
-
Thank you @stephenw10 and @keyser.
@keyser, based on your comment I looked up my Netgear (R7000, I am using the router as a wifi AP). It seems like many people online complain about dropped connections. Based on online advice, I reverted it back to a previous firmware version.
If that works, I'll come back and post details so future readers in a similar situation can benefit. For now, fingers crossed.
