No internet
-
A few days ago I lost internet access. After doing some troubleshooting and testing, I found that I am getting internet to my cable modem, and indeed, if I use a non-pfsense router, everything works. So the problem lies with the pfsense router. I'm using the Netgate 1100.
In the pfsense "gateway status" screen, I see WAN_DHCP is "pending".
I tried releasing and renewing the WAN. This didn't help. I also tried various permutations of unplugging and rebooting the modem and the router, which also did not help.Finally I reset pfsense to factory defaults, erasing all custom configuration (I only had some custom DNS resolver entries and a couple other LAN settings). Even after factory reset, and going through the setup wizard fresh, same problem, no internet, gateway pending.
-
@beatgeek "release and renew", Did you have an IP on the WAN?
Do you have a cable modem or is it a gateway device? IOW, should pfSense be receiving a public IP?
Do you have "Block private networks and loopback addresses" selected? -
@jarhead
the network (simplified while troubleshooting) is:cable from wall -> cable modem -> netgate 1100 wan port -> lan port to laptop
block private networks is selected for wan. everything is at factory default right now.
i ran a packet capture. it didn't really show much, a lot of broadcast arps asking "who has... tell..." , some DHCP discovers, a few router solicitations, and ping requests (no response found)
-
also, following this:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/connectivity.htmlmy isp assigns me a dynamic address, not static, so most of the first steps to check there are irrelevant. the step that fails is "check that the default gateway shows online". instead it shows "pending". but i don't know how to fix this.
-
@beatgeek
Does pfSense get a WAN IP at all. Check Status > interfaces.Any special settings on the WAN interface?
Check the DHCP log for related entries.
You can also run a packet capture on WAN, set the port filter to "67|68" to get only DHCP related packets.
You should see a DHCP request and a response from the server. Post what you get, please. -
dpinger showing 'pending' like that usually means it has no gateway IP to try to ping yet. So usually the dhcp client hasn't completed on WAN.
-
No special WAN settings. This is all I see for the WAN status:
WAN Interface (wan, mvneta0.4090, switchports: 0t 3) Status up DHCP up MAC Address f0:ad:4e:20:75:5c IPv6 Link Local fe80::f2ad:4eff:fe20:755c%mvneta0.4090 MTU 1500 Media 1000baseT <full-duplex,master> In/out packets 20/15 (8 KiB/1 KiB) In/out packets (pass) 20/15 (8 KiB/1 KiB) In/out packets (block) 0/0 (0 B/0 B) In/out errors 0/0 Collisions 0Here are some DHCP logs:
Deleting old routes PREINIT DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 3 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 3 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 7 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 11 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 14 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 16 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 3 No DHCPOFFERS received. Trying recorded lease 216.15.18.38 TIMEOUT Starting add_new_address() ifconfig mvneta0.4090 inet 216.15.18.38 netmask 255.255.240.0 broadcast 255.255.255.255 New IP Address (mvneta0.4090): 216.15.18.38 New Subnet Mask (mvneta0.4090): 255.255.240.0 New Broadcast Address (mvneta0.4090): 255.255.255.255 New Routers (mvneta0.4090): 216.15.16.1 New Routers (mvneta0.4090): 216.15.16.1 Deleting old routes No working leases in persistent database - sleeping. FAIL DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 4 Cannot open or create pidfile: No such file or directory PREINIT EXPIRE Deleting old routes PREINIT DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 5 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 12 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 19 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 10 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 6 No DHCPOFFERS received. Trying recorded lease 216.15.18.38 TIMEOUT Starting add_new_address() ifconfig mvneta0.4090 inet 216.15.18.38 netmask 255.255.240.0 broadcast 255.255.255.255 New IP Address (mvneta0.4090): 216.15.18.38 New Subnet Mask (mvneta0.4090): 255.255.240.0 New Broadcast Address (mvneta0.4090): 255.255.255.255 New Routers (mvneta0.4090): 216.15.16.1 New Routers (mvneta0.4090): 216.15.16.1 Deleting old routes No working leases in persistent database - sleeping. FAIL connection closed exiting. Cannot open or create pidfile: No such file or directory PREINIT EXPIRE Deleting old routes PREINIT DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 5 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 10 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 11 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 12 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 7 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 11 No DHCPOFFERS received. Trying recorded lease 216.15.18.38 TIMEOUT Starting add_new_address() ifconfig mvneta0.4090 inet 216.15.18.38 netmask 255.255.240.0 broadcast 255.255.255.255 New IP Address (mvneta0.4090): 216.15.18.38 New Subnet Mask (mvneta0.4090): 255.255.240.0 New Broadcast Address (mvneta0.4090): 255.255.255.255 New Routers (mvneta0.4090): 216.15.16.1 New Routers (mvneta0.4090): 216.15.16.1 Deleting old routes No working leases in persistent database - sleeping. FAIL DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 3 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 4 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 4 DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 11 logfile turned over due to size>500K logfile turned over due to size>500K DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 8 Internet Systems Consortium DHCP Server 4.4.2-P1 Copyright 2004-2021 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpd.conf Database file: /var/db/dhcpd.leases Internet Systems Consortium DHCP Server 4.4.2-P1 PID file: /var/run/dhcpd.pid Copyright 2004-2021 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 0 class decls to leases file. Wrote 12 leases to leases file. Listening on BPF/mvneta0.4091/f0:ad:4e:20:75:5c/192.168.1.0/24 Sending on BPF/mvneta0.4091/f0:ad:4e:20:75:5c/192.168.1.0/24 Sending on Socket/fallback/fallback-net Server starting service. DHCPDISCOVER on mvneta0.4090 to 255.255.255.255 port 67 interval 14 TIMEOUTHere's a sample of the packet capture for port 67|68:
02:57:15.897310 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:57:17.905077 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:57:19.966338 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:57:21.998077 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:57:22.085843 IP 10.17.160.1.67 > 255.255.255.255.68: UDP, length 394 02:57:24.122624 IP 10.17.160.1.67 > 255.255.255.255.68: UDP, length 394 02:57:26.207230 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:57:36.949075 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:57:42.406159 IP 10.17.160.1.67 > 255.255.255.255.68: UDP, length 347 02:57:42.461459 IP 10.17.160.1.67 > 255.255.255.255.68: UDP, length 347 02:57:47.949284 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300In Wireshark it describes most of those as "DHCP Discover"
-
@beatgeek
As seen in the log, pfSense is sending a lot of DHCPDISCOVER, but gets no DHCPOFFER.That it works with another router let me suspect that the pfSense MAC is banned by the ISP for whatever reason.
So I would find out the WAN side MAC of the other router and spoof it on pfSense to circumvent this. -
@beatgeek said in No internet:
No special WAN settings. This is all I see for the WAN status:
WAN Interface (wan, mvneta0.4090, switchports: 0t 3)
Status
up
DHCP
up
MAC Address
f0:ad:4e:20:75:5c
IPv6 Link Local
fe80::f2ad:4eff:fe20:755c%mvneta0.4090
MTU
1500
Media
1000baseT <full-duplex,master>
In/out packets
20/15 (8 KiB/1 KiB)
In/out packets (pass)
20/15 (8 KiB/1 KiB)
In/out packets (block)
0/0 (0 B/0 B)
In/out errors
0/0
Collisions
0Did you copy/paste this? There's no IPv4 entry.
Post a pic of your WAN settings.
Any chance you have IPv4 settings to "none"? -
After booting pfsense back up again, it's mysteriously working now, with no settings changes. WAN status is up, internet works. I guess rebooting pfsense 13 times wasn't enough, it needed a 14th reboot to start working.
-
@beatgeek said in No internet:
After booting pfsense back up again, it's mysteriously working now, with no settings changes. WAN status is up, internet works. I guess rebooting pfsense 13 times wasn't enough, it needed a 14th reboot to start working.
Or you had IPv4 set to none.
-
@jarhead said in No internet:
Or you had IPv4 set to none.
I don't expect that pfSense was sending out DHCPDISCOVER on WAN in this case.
-
Mmm, it was set as DHCP and just never received a response so the status page shows no IPv4 address.
Steve
