Remove DHCP leases automatically

johnpoz · Oct 5, 2021, 2:12 PM

@mer yeah anything with a high number of clients that cycle on and off the network - short lease time is better, or much larger pool ;)

You got some guys phone that in the coffee shop on the wifi for 20 minutes.. He sure doesn't need a lease for 24 hours sucking up an IP in your pool, he might not be back for days, etc.

mer · Oct 5, 2021, 2:31 PM

@johnpoz I wonder if there is a way to get stats on "average time a lease is held" or figure out when it's no longer in use because that phone moved out of range.

johnpoz · Oct 5, 2021, 2:41 PM

@mer hmmm - that would be an interesting stat to have.. Off the top, might be difficult to compile such info..

Bunch of different places to pull info from and put together to have such info.

nicolas.pissard · Oct 6, 2021, 6:14 AM

Hello,

The duration of my leases is already one hour.
The range of IP address is already at the maximum and it cannot be extended (defined by our IT department ..).

I don't understand why the lease is not deleted when it is expired and no longer used ...

The button added in version 2.5 requires going there regularly to empty the lease table.

Maybe I missed a setting in the DHCP server?

How do I make this automatic?

Thanks

mer · Oct 6, 2021, 7:36 AM

@nicolas-pissard I don't know if there is a specific setting, but the button is running code to clear the leases, so perhaps a way would be to have a cron job that runs this code periodically would work.

Gertjan · Oct 6, 2021, 8:23 AM

@nicolas-pissard said in Remove DHCP leases automatically:

I don't understand why the lease is not deleted when it is expired and no longer used ...

You mean it stays in the dhcp.leases file after the lease expired ?

Example :
I've a captive portal network : 192.168.2.0 /24 - the pool size is from 192.168.2.8 to 192.168.2.254.
I'm using this captive portal network for a hotel.
At any time, for the last 30 years or so, I saw a maximum of 200 active leases.

The leases file is read by the dhcpd process when it starts.
Expired leases are just there so the dhcpd server can attribute the same IP to same device as it comes back (MAC matched).
If there are no free leases left == no free IPs left - the IP, the lease, is assigned to another device, the lease record is updated internally in the process, and this kicks of a dhcpleases file rewrite.

So, the fact that the file lists a lot of lease that are expired isn't really an issue.

edit : I would think twice before trying to look at the Status > DHCP Leases page, though. As every IP is tried to be reverse resolved ....

The only real issue is : no more free IP's left in the pool.

Btw : my file is about 77 Kbytes in size for env. 250 leases (the pool size).
I can imagine that this size can grow to a wopping 20+ Mbytes if you use a /16 network.
That's still not a big deal.

nicolas.pissard · Oct 6, 2021, 8:30 AM

Precisely the fact that the leases are not canceled, it no longer distributes IP addresses to new equipment.
To regain normal operation, I must empty the lease table and the DHCP server distributes IPs again ... Is this normal operation?

I used to use an ISC-DHCP server for another site and I did not encounter this problem.

Gertjan · Oct 6, 2021, 9:53 AM

@nicolas-pissard said in Remove DHCP leases automatically:

Precisely the fact that the leases are not canceled, it no longer distributes IP addresses to new equipment.
To regain normal operation, I must empty the lease table and the DHCP server distributes IPs again ... Is this normal operation?

Then it's time to show the details.

If the DHCP server can't allocate a new leases, it will (should !?) log the reason : what is that reason ?

Check with a device that can't obtain a lease.
Find the DHCPREQUEST or DHCPDISCOVER in the DHCP server log (look for the MAC).
What did the server answer ?

Right out of my head, I can only find one : pool empty.

@nicolas-pissard said in Remove DHCP leases automatically:

I used to use an ISC-DHCP server for another site and I did not encounter this problem.

You're still using the same isc-dhcpd server :

[2.5.2-RELEASE][admin@mybox .tld]/root: dhcpd --version
isc-dhcpd-4.4.2-P1

johnpoz · Oct 6, 2021, 12:15 PM

@nicolas-pissard said in Remove DHCP leases automatically:

The duration of my leases is already one hour.

You sure? It defaults to 2 hours, with a max of 24 hours. You sure your client is not getting the max lease?

If the lease is expired, dhcp server should assign those IPs to another device if there is no free IPs that have not been assigned..

I'm with @Gertjan lets see some actual details.. Could you please post up some examples in your lease table, where your seeing expired leases.. And then error in dhcp server saying whatever reason some client is not getting an IP?

example - here are some expired leases.. You can see that the lease was for 4 days..

So what your saying is you have loads of leases that are actually "expired" but dhcp pool is unable to hand out new IPs.. Then that error should be logged in the dhcp log..

Monitoring graphs for dhcp can be very useful here as well to see how many leases assigned, size of pool, etc. etc.

nicolas.pissard · Oct 6, 2021, 1:09 PM

I have expired leases that are not canceled ...

johnpoz · Oct 6, 2021, 1:09 PM

@nicolas-pissard again - those being expired doesn't mean that dhcpd can not hand them out.

Where is the error from client trying to get a lease and dhcpd saying something like no lease available or pool full or something..

Here I just duplicated having only expired leases in the pool, and still being able to get a lease..

So I changed the pool to only have those 2 IPs to assign.. The leases for .203 and .204 are still listed as expired. Then changed my client to be dhcp, it got one of those IPs. And you can now see it listed as active, and you can see from the dhcp log where it asked for IP and was given one.. Even though it was listed as expired as dhcp lease. And the pool had no other ips to hand out.

A expired lease being listed does not prevent the dhcpd from using it, if there are no other free IPs to in the pool available.. Once a lease is expired, it can be handed out by the dhcpd, even to a different mac address..

nicolas.pissard · Oct 6, 2021, 1:14 PM

thank you i understand much better now why i have active and expired leases for the same ip address.

We were having issues with distributing IP addresses and thought the DHCP server was causing concern.
Maybe I was wrong ...

johnpoz · Oct 6, 2021, 1:21 PM

@nicolas-pissard if your having problems with dhcp you need to make sure pfsense is actually seeing the dhcp discover or request.. And then it should offer, or provide some info to why it can not..

Maybe dhcpd has stop running? Maybe client is asking for IP it can't use on this network, and won't accept offer?

There are many things that could cause problems sure - but an expired lease should not prevent it from being offered up if there are no other free IPs from the pool to hand out.

dhcpd should use up all of its IPs first, and then once it has handed them all out. It will use those leases that have expired.. Where you run into problem is no expired leases, and no free IPs - then yeah nothing to hand out.

Maybe you have a client asking for specific IP back, and some other client has active lease for that IP.. And the client will not accept different offer of different IP?