SG-1100 duplicate WAN/OPT address on DHCP

mberezinski

Hello,

after upgreading pfsense from 2.4.5 to 22.1 on SG-1100 i lost connection to it via VPN.

Setup:
WAN -> connected to LTE modem
LAN -> connected to local network switch
OPT -> port is discontected from anything

When I logged via serial port I found out that it booted (which is not a given for SG-1100) but somehow both WAN and OPT got the same IP address assigned from DHCP. After setting OPT to static IP conection with internet got restored, but after switching OPT back to DHCP it once again got duplicated address with WAN.

Why? Why unconnected port is getting any IP from DHCP?

stephenw10

At the command line run: etherswitchcfg

The only way that could happen is it vlan 4092 is somehow being used on the wrong port. Even then it's hard to explain since the PVID on WAN means only one VLAN can have two way traffic there.
What is the WAN connected to?

Steve

mberezinski

WAN (named WAN_LTE) is connected to LTE modem. This modem is connected only to WAN and nothing else.
OPT (named WAN_WIRE) is disconnected and assigned static IP (if I change to DHCP then it gets assgined the same IP as WAN_LTE and internet connection is distrubted)

SG-1100 has this Interface/Switch something. Maby it's misconfigured but it worked fin with pfsense 2.4.5v.

etherswitchcfg result

etherswitch0: VLAN mode: DOT1Q
port0:
	pvid: 1
	state=8<FORWARDING>
	flags=1<CPUPORT>
	media: Ethernet 1000baseT <full-duplex>
	status: active
port1:
	pvid: 4092
	state=8<FORWARDING>
	flags=0<>
	media: Ethernet autoselect (none)
	status: no carrier
port2:
	pvid: 4091
	state=8<FORWARDING>
	flags=0<>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
port3:
	pvid: 4090
	state=8<FORWARDING>
	flags=0<>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vlangroup0:
	vlan: 1
	members 0
vlangroup1:
	vlan: 4090
	members 0t,3
vlangroup2:
	vlan: 4091
	members 0t,2
vlangroup3:
	vlan: 4092
	members 0t,1
vlangroup4:
	vlan: 10
	members 0t,2t
vlangroup5:
	vlan: 11
	members 0t,2t
vlangroup6:
	vlan: 12
	members 0t,2t
vlangroup7:
	vlan: 84
	members 0t,2t
vlangroup8:
	vlan: 90
	members 0t,2t
vlangroup9:
	vlan: 91
	members 0t,2t
vlangroup10:
	vlan: 13
	members 0t,2t
vlangroup11:
	vlan: 14
	members 0t,2t

stephenw10

Hmm, that all looks correct.

What do you see in the logs when you set it to dhcp? Is it actually pulling a new lease or just somehow adopting the existing lease?

Steve

mberezinski

In the Status / System Logs / DHCP? There are a lot of logs in pfsense and i'm not all that fluent in pfsense nor unix systems.

Can you direct me where to check?

EDIT:

Jun 14 16:15:02	dhcpd	70599	Server starting service.
Jun 14 16:35:58	dhclient	37058	Cannot open or create pidfile: No such file or directory
Jun 14 16:35:58	dhclient	37340	PREINIT
Jun 14 16:35:59	dhclient	37058	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:36:00	dhclient	37058	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:36:02	dhclient	37058	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:36:07	dhclient	37058	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:36:13	dhclient	37058	DHCPDISCOVER on mvneta0.4092 to 255.255.255.255 port 67 interval 1
Jun 14 16:36:14	dhclient	37058	DHCPDISCOVER on mvneta0.4092 to 255.255.255.255 port 67 interval 2
Jun 14 16:36:16	dhclient	37058	DHCPDISCOVER on mvneta0.4092 to 255.255.255.255 port 67 interval 4
Jun 14 16:36:20	dhclient	37058	DHCPDISCOVER on mvneta0.4092 to 255.255.255.255 port 67 interval 8
Jun 14 16:36:28	dhclient	37058	DHCPDISCOVER on mvneta0.4092 to 255.255.255.255 port 67 interval 9
Jun 14 16:36:37	dhclient	37058	DHCPDISCOVER on mvneta0.4092 to 255.255.255.255 port 67 interval 18
Jun 14 16:36:55	dhclient	37058	DHCPDISCOVER on mvneta0.4092 to 255.255.255.255 port 67 interval 11
Jun 14 16:37:06	dhclient	37058	DHCPDISCOVER on mvneta0.4092 to 255.255.255.255 port 67 interval 8
Jun 14 16:37:15	dhclient	37058	No DHCPOFFERS received.
Jun 14 16:37:15	dhclient	37058	Trying recorded lease 192.168.206.2
Jun 14 16:37:15	dhclient	22858	TIMEOUT
Jun 14 16:37:15	dhclient	22973	Starting add_new_address()
Jun 14 16:37:15	dhclient	23104	ifconfig mvneta0.4092 inet 192.168.206.2 netmask 255.255.255.0 broadcast 192.168.206.255
Jun 14 16:37:15	dhclient	23642	New IP Address (mvneta0.4092): 192.168.206.2
Jun 14 16:37:15	dhclient	23955	New Subnet Mask (mvneta0.4092): 255.255.255.0
Jun 14 16:37:15	dhclient	24128	New Broadcast Address (mvneta0.4092): 192.168.206.255
Jun 14 16:37:15	dhclient	24314	New Routers (mvneta0.4092): 192.168.206.254
Jun 14 16:37:16	dhclient	37677	New Routers (mvneta0.4092): 192.168.206.254
Jun 14 16:37:16	dhclient	37965	Adding new routes to interface: mvneta0.4092
Jun 14 16:37:16	dhclient	38261	Creating resolv.conf
Jun 14 16:37:16	dhclient	37058	bound: immediate renewal.
Jun 14 16:37:16	dhclient	37058	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:37:16	dhclient	39471	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:37:18	dhclient	39471	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:37:21	dhclient	39471	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:37:21	dhcpd	2471	Internet Systems Consortium DHCP Server 4.4.2-P1
Jun 14 16:37:21	dhcpd	2471	Copyright 2004-2021 Internet Systems Consortium.
Jun 14 16:37:21	dhcpd	2471	All rights reserved.
Jun 14 16:37:21	dhcpd	2471	For info, please visit https://www.isc.org/software/dhcp/
Jun 14 16:37:21	dhcpd	2471	Config file: /etc/dhcpd.conf
Jun 14 16:37:21	dhcpd	2471	Database file: /var/db/dhcpd.leases
Jun 14 16:37:21	dhcpd	2471	PID file: /var/run/dhcpd.pid
Jun 14 16:37:21	dhcpd	2471	Internet Systems Consortium DHCP Server 4.4.2-P1
Jun 14 16:37:21	dhcpd	2471	Copyright 2004-2021 Internet Systems Consortium.
Jun 14 16:37:21	dhcpd	2471	All rights reserved.
Jun 14 16:37:21	dhcpd	2471	For info, please visit https://www.isc.org/software/dhcp/
Jun 14 16:37:21	dhcpd	2471	Wrote 0 class decls to leases file.
Jun 14 16:37:21	dhcpd	2471	Wrote 0 deleted host decls to leases file.
Jun 14 16:37:21	dhcpd	2471	Wrote 0 new dynamic host decls to leases file.
Jun 14 16:37:21	dhcpd	2471	Wrote 51 leases to leases file.
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.14/f0:ad:4e:10:1e:b1/10.6.14.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.14/f0:ad:4e:10:1e:b1/10.6.14.0/24
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.13/f0:ad:4e:10:1e:b1/10.6.13.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.13/f0:ad:4e:10:1e:b1/10.6.13.0/24
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.12/f0:ad:4e:10:1e:b1/10.6.12.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.12/f0:ad:4e:10:1e:b1/10.6.12.0/24
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.91/f0:ad:4e:10:1e:b1/10.6.91.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.91/f0:ad:4e:10:1e:b1/10.6.91.0/24
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.90/f0:ad:4e:10:1e:b1/10.6.90.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.90/f0:ad:4e:10:1e:b1/10.6.90.0/24
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.84/f0:ad:4e:10:1e:b1/10.6.84.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.84/f0:ad:4e:10:1e:b1/10.6.84.0/24
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.11/f0:ad:4e:10:1e:b1/10.6.11.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.11/f0:ad:4e:10:1e:b1/10.6.11.0/24
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.10/f0:ad:4e:10:1e:b1/10.6.10.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.10/f0:ad:4e:10:1e:b1/10.6.10.0/24
Jun 14 16:37:21	dhcpd	2471	Listening on BPF/mvneta0.4091/f0:ad:4e:10:1e:b1/10.6.1.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on BPF/mvneta0.4091/f0:ad:4e:10:1e:b1/10.6.1.0/24
Jun 14 16:37:21	dhcpd	2471	Sending on Socket/fallback/fallback-net
Jun 14 16:37:21	dhcpd	2471	Server starting service.
Jun 14 16:37:25	dhclient	39471	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:37:36	dhclient	39471	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:37:50	dhclient	39471	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67
Jun 14 16:38:07	dhclient	39471	DHCPREQUEST on mvneta0.4092 to 255.255.255.255 port 67

And the result is that OPT IP is duplicated from WAN:

Looks like it's using the last know lease since it cannot connect to DHCP. Is this normal behavior?

Why OPT and WAN have the same MAC address? LTE modem is assigning the same IP lease for both ports. Thats the root of the problem.

stephenw10

Yup, it's trying to use the last known good lease. I assume you had the LTE router connected to OPT at some point?
It uses the same MAC address because it's inherited from the VLAN parent interface mvneta0 which applies to both.

Set it back to static then remove the lease file: /var/db/dhclient.leases.mvneta0.4092

Steve

mberezinski

Yes, remote office staff connected modem to WAN then to OPT and WAN again because they were panicking and doing random stuff. All to be expected.

The problem is I have a metric ton of SG-1100 on remote locations. This time I was able to connect via serial but this will not always be easy.

So how do I prevent it from happening next time? Can I block lease saving so it cannot revert to last know?

Isn't this a bug anyway? Shoudn't this be fixed?

stephenw10

Yes, it does seem like that should not be able to happen.

To prevent it happening you can set the dhcp client on OPT to refuse leases from 192.168.206.254 so it can never add that to the file even if it's incorrectly connected.

Steve

stephenw10

https://redmine.pfsense.org/issues/13273