Randomly losing IPv4 WAN link....

Fffrank

My pfSense config has been rock solid for nearly 5 years. I'm running it on a Watchguard XTM 5 firewall that has been upgraded to a Core2Duo E8500 w/ 8gb of RAM.

In the last few weeks I've been losing my IPv4 WAN link periodically. The LAN side still functions, I can reach the admin interface, but the connection to my cable modem drops out. I'm not able to ping the cable modem or see it in any way (but my provider can see that the link is up and I'm still able to ping external IPv6 addresses.)

Rebooting pfSense brings the link back up.

Any ideas on how I can start to trouble-shoot this?

JKnott

@fffrank

You could try running Packet Capture to see if DHCP fails. You could also have your ISP check the device logs.

Fffrank

@jknott I don't see any DHCP failures in the logs -- but I'm also not able to release/renew and have the interface come back up. A reboot solves it. Any other ideas of what I can try to narrow the problem down?

Fffrank

Here's my dhcp log when I remove and replug in the cable (ipv4 link still doesn't come back up.)

Jul 21 16:25:03	dhclient	95545	em0 link state up -> down
Jul 21 16:25:04	dhclient	93206	connection closed
Jul 21 16:25:04	dhclient	93206	exiting.
Jul 21 16:25:05	dhcp6c	19268	Start address release
Jul 21 16:25:05	dhcp6c	19268	Sending Release
Jul 21 16:25:05	dhcp6c	19268	transmit failed: Network is down
Jul 21 16:25:05	dhcp6c	19268	remove an address ********************* on em0
Jul 21 16:25:05	dhcp6c	19268	Start address release
Jul 21 16:25:05	dhcp6c	19268	Sending Release
Jul 21 16:25:05	dhcp6c	19268	transmit failed: Network is down
Jul 21 16:25:05	dhcp6c	19268	remove an address *********************** on bridge0
Jul 21 16:25:06	dhcp6c	19268	Sending Release
Jul 21 16:25:06	dhcp6c	19268	transmit failed: Network is down
Jul 21 16:25:06	dhcp6c	19268	Sending Release
Jul 21 16:25:06	dhcp6c	19268	transmit failed: Network is down
Jul 21 16:25:09	dhcpd	12859	reuse_lease: lease age 907 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.120
Jul 21 16:25:09	dhcpd	12859	DHCPDISCOVER from 00:02:99:12:27:14 via bridge0
Jul 21 16:25:09	dhcpd	12859	DHCPOFFER on 192.168.1.120 to 00:02:99:12:27:14 via bridge0
Jul 21 16:25:09	dhcpd	12859	reuse_lease: lease age 907 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.120
Jul 21 16:25:09	dhcpd	12859	DHCPREQUEST for 192.168.1.120 (192.168.1.1) from 00:02:99:12:27:14 via bridge0
Jul 21 16:25:09	dhcpd	12859	DHCPACK on 192.168.1.120 to 00:02:99:12:27:14 via bridge0
Jul 21 16:25:11	dhclient	2540	Cannot open or create pidfile: No such file or directory
Jul 21 16:25:11	dhclient	2932	PREINIT
Jul 21 16:25:11	dhclient	2540	DHCPREQUEST on em0 to 255.255.255.255 port 67
Jul 21 16:25:11	dhclient	2540	ip length 354 disagrees with bytes received 388.
Jul 21 16:25:11	dhclient	2540	accepting packet with data after udp payload.
Jul 21 16:25:11	dhclient	2540	DHCPACK from 96.120.49.153
Jul 21 16:25:11	dhclient	3964	REBOOT
Jul 21 16:25:11	dhclient	4291	Starting add_new_address()
Jul 21 16:25:11	dhclient	4318	ifconfig em0 inet **.***.***.*** netmask 255.255.252.0 broadcast 255.255.255.255
Jul 21 16:25:11	dhclient	4663	New IP Address (em0): **.***.***.***
Jul 21 16:25:11	dhclient	4718	New Subnet Mask (em0): 255.255.252.0
Jul 21 16:25:11	dhclient	4868	New Broadcast Address (em0): 255.255.255.255
Jul 21 16:25:11	dhclient	4891	New Routers (em0): **.***.***.*
Jul 21 16:25:11	dhclient	5177	Adding new routes to interface: em0
Jul 21 16:25:11	dhclient	5309	Creating resolv.conf
Jul 21 16:25:11	dhclient	2540	bound to **.***.***.*** -- renewal in 3354 seconds.
Jul 21 16:25:12	dhcpleases	16372	Sending HUP signal to dns daemon(77478)
Jul 21 16:25:13	dhcp6c	28767	failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Jul 21 16:25:13	dhcp6c	28767	failed initialize control message authentication
Jul 21 16:25:13	dhcp6c	28767	skip opening control port
Jul 21 16:25:14	dhcp6c	28866	Sending Solicit
Jul 21 16:25:15	dhcp6c	28866	restarting
Jul 21 16:25:15	dhcp6c	28866	Sending Solicit
Jul 21 16:25:15	dhcpleases	51669	Sending HUP signal to dns daemon(77478)
Jul 21 16:25:15	dhcpleases	51669	Could not deliver signal HUP to process 77478: No such process.
Jul 21 16:25:16	dhcp6c	28866	Sending Request
Jul 21 16:25:16	dhcp6c	28866	dhcp6c Received REQUEST
Jul 21 16:25:16	dhcp6c	28866	add an address ********************************/64 on bridge0
Jul 21 16:25:16	dhcp6c	28866	add an address (********************************/128 on em0
Jul 21 16:25:17	dhcpleases	95328	Sending HUP signal to dns daemon(77478)
Jul 21 16:25:17	dhcpleases	95328	Could not deliver signal HUP to process 77478: No such process.
Jul 21 16:25:18	dhcpd	63602	Internet Systems Consortium DHCP Server 4.4.2-P1
Jul 21 16:25:18	dhcpd	63602	Copyright 2004-2021 Internet Systems Consortium.
Jul 21 16:25:18	dhcpd	63602	All rights reserved.
Jul 21 16:25:18	dhcpd	63602	For info, please visit https://www.isc.org/software/dhcp/
Jul 21 16:25:18	dhcpd	63602	Config file: /etc/dhcpd.conf
Jul 21 16:25:18	dhcpd	63602	Database file: /var/db/dhcpd.leases
Jul 21 16:25:18	dhcpd	63602	PID file: /var/run/dhcpd.pid
Jul 21 16:25:18	dhcpd	63602	Internet Systems Consortium DHCP Server 4.4.2-P1
Jul 21 16:25:18	dhcpd	63602	Copyright 2004-2021 Internet Systems Consortium.
Jul 21 16:25:18	dhcpd	63602	All rights reserved.
Jul 21 16:25:18	dhcpd	63602	For info, please visit https://www.isc.org/software/dhcp/
Jul 21 16:25:18	dhcpd	63602	Wrote 0 class decls to leases file.
Jul 21 16:25:18	dhcpd	63602	Wrote 0 deleted host decls to leases file.
Jul 21 16:25:18	dhcpd	63602	Wrote 0 new dynamic host decls to leases file.
Jul 21 16:25:18	dhcpd	63602	Wrote 100 leases to leases file.
Jul 21 16:25:18	dhcpd	63602	Listening on BPF/bridge0/02:e1:1a:d5:df:00/192.168.1.0/24
Jul 21 16:25:18	dhcpd	63602	Sending on BPF/bridge0/02:e1:1a:d5:df:00/192.168.1.0/24
Jul 21 16:25:18	dhcpd	63602	Sending on Socket/fallback/fallback-net
Jul 21 16:25:18	dhcpd	63602	Server starting service.
Jul 21 16:25:18	dhcpleases	95328	Sending HUP signal to dns daemon(24993)
Jul 21 16:25:18	dhcpleases	95328	Sending HUP signal to dns daemon(24993)
Jul 21 16:25:19	dhcpd	64105	Internet Systems Consortium DHCP Server 4.4.2-P1
Jul 21 16:25:19	dhcpd	64105	Copyright 2004-2021 Internet Systems Consortium.
Jul 21 16:25:19	dhcpd	64105	All rights reserved.
Jul 21 16:25:19	dhcpd	64105	For info, please visit https://www.isc.org/software/dhcp/
Jul 21 16:25:19	dhcpd	64105	Config file: /etc/dhcpdv6.conf
Jul 21 16:25:19	dhcpd	64105	Database file: /var/db/dhcpd6.leases
Jul 21 16:25:19	dhcpd	64105	PID file: /var/run/dhcpdv6.pid
Jul 21 16:25:19	dhcpd	64105	Internet Systems Consortium DHCP Server 4.4.2-P1
Jul 21 16:25:19	dhcpd	64105	Copyright 2004-2021 Internet Systems Consortium.
Jul 21 16:25:19	dhcpd	64105	All rights reserved.
Jul 21 16:25:19	dhcpd	64105	For info, please visit https://www.isc.org/software/dhcp/
Jul 21 16:25:19	dhcpd	64105	Wrote 4 NA, 0 TA, 0 PD leases to lease file.
Jul 21 16:25:19	dhcpd	64105	Bound to *:547
Jul 21 16:25:19	dhcpd	64105	Listening on Socket/6/bridge0/2601:447:cd7e:1afa::/64
Jul 21 16:25:19	dhcpd	64105	Sending on Socket/6/bridge0/2601:447:cd7e:1afa::/64
Jul 21 16:25:19	dhcpd	64105	Server starting service.
Jul 21 16:25:20	dhcpd	95461	Internet Systems Consortium DHCP Server 4.4.2-P1
Jul 21 16:25:20	dhcpd	95461	Copyright 2004-2021 Internet Systems Consortium.
Jul 21 16:25:20	dhcpd	95461	All rights reserved.
Jul 21 16:25:20	dhcpd	95461	For info, please visit https://www.isc.org/software/dhcp/
Jul 21 16:25:20	dhcpd	95461	Config file: /etc/dhcpdv6.conf
Jul 21 16:25:20	dhcpd	95461	Database file: /var/db/dhcpd6.leases
Jul 21 16:25:20	dhcpd	95461	PID file: /var/run/dhcpdv6.pid
Jul 21 16:25:20	dhcpd	95461	Internet Systems Consortium DHCP Server 4.4.2-P1
Jul 21 16:25:20	dhcpd	95461	Copyright 2004-2021 Internet Systems Consortium.
Jul 21 16:25:20	dhcpd	95461	All rights reserved.
Jul 21 16:25:20	dhcpd	95461	For info, please visit https://www.isc.org/software/dhcp/
Jul 21 16:25:20	dhcpd	95461	Wrote 4 NA, 0 TA, 0 PD leases to lease file.
Jul 21 16:25:20	dhcpd	95461	Bound to *:547
Jul 21 16:25:20	dhcpd	95461	Listening on Socket/6/bridge0/2601:447:cd7e:1afa::/64
Jul 21 16:25:20	dhcpd	95461	Sending on Socket/6/bridge0/2601:447:cd7e:1afa::/64
Jul 21 16:25:20	dhcpd	95461	Server starting service.
Jul 21 16:25:36	dhcpd	95461	Renew message from fe80::1860:4f5c:701f:19ae port 546, transaction ID 0xDF902500
Jul 21 16:25:36	dhcpd	95461	Reply NA: address 2601:447:cd7e:1afa::13e5 to client with duid 00:03:00:01:4a:23:ae:14:ef:54 iaid = 0 valid for 7200 seconds
Jul 21 16:25:36	dhcpd	95461	Sending Reply to fe80::1860:4f5c:701f:19ae port 546
Jul 21 16:25:44	dhcpd	63602	reuse_lease: lease age 942 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.120
Jul 21 16:25:44	dhcpd	63602	DHCPDISCOVER from 00:02:99:12:27:14 via bridge0
Jul 21 16:25:44	dhcpd	63602	DHCPOFFER on 192.168.1.120 to 00:02:99:12:27:14 via bridge0
Jul 21 16:25:45	dhcpd	63602	reuse_lease: lease age 943 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.120
Jul 21 16:25:45	dhcpd	63602	DHCPREQUEST for 192.168.1.120 (192.168.1.1) from 00:02:99:12:27:14 via bridge0
Jul 21 16:25:45	dhcpd	63602	DHCPACK on 192.168.1.120 to 00:02:99:12:27:14 via bridge0
Jul 21 16:26:22	dhcpd	63602	reuse_lease: lease age 980 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.120
Jul 21 16:26:22	dhcpd	63602	DHCPDISCOVER from 00:02:99:12:27:14 via bridge0
Jul 21 16:26:22	dhcpd	63602	DHCPOFFER on 192.168.1.120 to 00:02:99:12:27:14 via bridge0
Jul 21 16:26:22	dhcpd	63602	reuse_lease: lease age 980 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.120
Jul 21 16:26:22	dhcpd	63602	DHCPREQUEST for 192.168.1.120 (192.168.1.1) from 00:02:99:12:27:14 via bridge0
Jul 21 16:26:22	dhcpd	63602	DHCPACK on 192.168.1.120 to 00:02:99:12:27:14 via bridge0
Jul 21 16:26:57	dhcpd	63602	reuse_lease: lease age 1015 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.120
Jul 21 16:26:57	dhcpd	63602	DHCPDISCOVER from 00:02:99:12:27:14 via bridge0
Jul 21 16:26:57	dhcpd	63602	DHCPOFFER on 192.168.1.120 to 00:02:99:12:27:14 via bridge0
Jul 21 16:26:58	dhcpd	63602	reuse_lease: lease age 1016 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.120
Jul 21 16:26:58	dhcpd	63602	DHCPREQUEST for 192.168.1.120 (192.168.1.1) from 00:02:99:12:27:14 via bridge0
Jul 21 16:26:58	dhcpd	63602	DHCPACK on 192.168.1.120 to 00:02:99:12:27:14 via bridge0

Fffrank

I keep going back and forth between thinking I have a PFSense problem or a modem/provider problem.

Today I wasn't able to get a connection at all -- plugged my laptop directly into the modem and it works just fine. So my problem does seem to be PFSense. Pulling my hair out.

JKnott

@fffrank

How's the hardware? A while ago, my system started acting up, before it failed entirely. Prior to that and since, pfSense has been rock solid for me.

Also, if you're randomly losing the connection, plugging in the laptop doesn't prove much.

stephenw10

I assume the modem MAC disappears from the ARP table too?

If you run a pcap on em0 when it fails do you see any incoming traffic at all?