Must apply changes to regain bridge0 connection
-
I am facing a weird situation. Hoping I can give enough details to get guided.
When my clients connect and renew their DHCP lease, they do not get an icmp_seq connection through ping. No internet connection - Just a timeout.
I have to go into my Bridge0 lan interface configuration , save it, then apply the changes.
As SOON as I apply the change, all clients stop getting a timeout. And they gain full access to Internet and the network.If a user requests to renew their DHCP Lease. Boom, they lose connection again and I have to do the "save and apply changes" routine manually all over again to gain back access.
Does this help to trouble shoot this?
We're on 2.4.5-Release-p1
Thanks!PS: users get random disconnections too every 40 or so minutes.
-
Hmm, that's odd.
If you;re running dhcp on a bridge interface you should always spoof the MAC address.
Otherwise the MAC is generated at random when the bridge is created and Windows clients will see it as a new network because the DHCP server has changed.
I suspect you're hitting something similar to this.You should upgrade from 2.4.5p1 too when you can. Though I doubt that's related to this issue.
Steve
-
@stephenw10 thanks for your reply!
We’re already on 2.4.5-Release-p1
The client is on Mac and also on iphone. Pretty much the same behaviour
1-could it be related to the hardware? How could I troubleshoot this?
2-would there be more info is some logs? Not sure where to search.
3-what do you mean by spoof?
I am not really advanced in pfsense. The system was brought up by an IT that os gone now. So, sorry if my responses are Low level. :/
-
@stephenw10 said in Must apply changes to regain bridge0 connection:
You should upgrade from 2.4.5p1
... to 2.5.2 preferably. That's the current version.
Check the dhcp logs in pfSense.
If they get a dhcp lease check they are getting the correct one. Check the gateway they are given is correct.
You might have a second dhcp server on your network handing out bad leases.
Because the bridge is a virtual interface it doesn't have a hardware MAC address so it is given a random one when it's created. The problem is it's different every time. So to prevent you need t spoof the bridge MAC address which means to set it to something manually. There's a field for it in the interface config.
https://docs.netgate.com/pfsense/en/latest/bridges/interfaces.html?highlight=spoof#assigned-bridge-mac-addresses-and-windowsSteve
-
@stephenw10 Thanks
I did add a random MAC to my bridge. But I am still facing the issue. After a while of being connected (10 minutes) The connection gets lost too.Now, maybe unrelated, but when I connect and disconnect from the open VPN (that was during a test). There was :
DHCPDISCOVER from xx:xx:xx:xx:xx via bridge0: network 192.168.2.0/24: no free leaseWould this be related?
-
Yes, no free leases is far more likely a problem.
What do you see in Status > DHCP leases?
What is your DHCP range set to?
Steve
-
@stephenw10 Thank you so much again
There are about 25 static DHCP Leases Ranging from .1 (my machine) until .94
Then 3 machines between .252 and .254My DHCP Server Lease Range is set to .100 -> .200
Where there is no static machines. -
@stephenw10
Some other SIDE notes that might help.When I connect with my OPEN VPN, I have access to all machines, EXCEPT my pfsense administration. This is really cumbersome. I'll need to check logs from remote sometimes. Any clue?
When I connect with my OPEN VPN, I also lose Internet access.
-
Ok so you have 100 available dynamic leases in the range. How many do you see listed in the status when it shows that error?
Access via OpenVPN requires the route to be pushed and firewall rules present to pass it.
Since you lose internet access when you connect you probably have 'force all traffic over the tunnel' set which routes everything. So check for firewall rules to allow it.
If you are passing all traffic over the tunnel intentionally you need rules to allow all destinations. You also need an outbound NAT rule to cover the tunnel subnet, that would be covered by automatic mode though.Steve
-
As shared on another thread: Here is a series of screenshots that might help you help me.
https://www.dropbox.com/sh/zbcxeaujmmfo4xf/AADDmYE3XDL2uZdbG62Ihayfa?dl=0This might help resolve also this situation when I LOOSE my connection over wifi after a while. :/