Troubleshooting WAN DHCP
-
So I have a strange issue. First this PfSense 6100 I setup for a remote location is my first experience with PfSense so I'm feeling bit overwhelmed trying to sort out the problem. Ok so I setup a 6100 and it along with brand new switches, were setup approx. 7 months ago. We do have intermittent drops, we unfortunately use Spectrum as our ISP, so yesterday the site drops and has not came back online. So with no internet access I no longer can use VPN and troubleshoot. First thing I had s staff person do is connect their laptop into the back of the cable modem and they had internet access, however, I do have remote software on their laptop but was unable to remote in, just didn't work, and this has been tested and does work normally so I thought that weird.
I then had them plug the laptop into the switch and how spot with their phone, I was then able to remote into the laptop and gain access to the 6100. The WAN interface had no IP address, just showed an X and says autoselect, and under Gateway it said status was pending. How do I confirm that pfsense is working 100% and indeed the issue is the modem or on the ISP side, is there a way, cause management is blaming the pfsense since the laptop test showed it had an internet connection. I feel the modem is blocking our mac address and preventing the WAN from getting the IP, in the logs there something called pinger, and it was error 64, over and over.
I do need some expertise to guide me , thank you. I hope I'm making sense, I'm a home now cause its bothering me since I left work and sometimes in your heart you know the problem is external, you feel obligated to do something, since I'm responsible for keeping uptime.
-
If the modem locks to a MAC address I would not expect the laptop to have got internet through it since the 6100 WAN MAC would have been the last thing it saw there.
However if it lost power and released the MAC the laptop may have become the new registered MAC. Be sure to power cycle the modem again when re-connecting it to the 6100 WAN.
Do you see link LEDs on the 6100 and modem when they are connected? The red X on the WAN implies it is not linked.
It may have lost the default route. If you have more than one gateway defined (or even if you don't) go to System > Routing > Gateways and set the default iPv4 gateway to be WAN_DHCP rather than 'automatic'.
Steve
-
@stephenw10 Thank you Steve, I am going to be remoting in shortly and will have a look. What I am going to try is adding one of my Sophos MAC addresses to the interface, reboot and then have them power on the modem. I jsut want to see if this forces a new IP. We did power cycle the modem several times, during the laptop test. I will look at the default gateway setting you mentioned. Really appreciate your input.
-
@StormGate So I have tried a few things nothing has worked, the masq MAC addressing did nothing, adding our static IP information instead of DHCP did nothing, still getting "No Carrier" on the WAN interface status. I did speak with Spectrum, they could see their modem online but they could not see any device connected to the ethernet port of the modem, do we have a faulty Netgate 6100? I m going to ask someone to connect a new cable to make sure this isnt a cable issue. Interesting enough though the modem is showing the last device MAC and its not our 6100, I have a feeling it's the laptop we tested with that did get out to the internet. Another bit of info is we do have a static IP and I was never able to get that too work, but the support person said that requires Spectrums router to be setup on site which there is none. We do have a techinician coming today so hopefully they can get their equipment in order and we don't have a faulty 6100.
-
'No carrier' implies it;s not seeing link at all. Does it show link LEDs on both ends?
Check Status > Interfaces. Make sure the cable isn't accidentally in the wrong NIC which would then show as up there.
You can try reassigning WAN to one of the other NICs. So swap ix3 and ix2 in Interfaces > Assignment for example. Then move the cable and retest.
It's possible the default WAN NIC (ix3) was damaged somehow if it was working previously.You should also try a complete power cycle on the 6100, actually remove the power cable after shutting down, in case ix3 has somehow become stuck in an odd config.
Steve
-
@stephenw10 It is showing LEDS on both devcies where the network cable is connecting. As mentioned Spectrum I guess should be able to see a device connected to its ethernet and they could not see any devcies plugged in so I think that might be an issue.
-
Run at the command line:
ifconfig -vvvmaMake sure ix3 shows as linked, assuming that's still assigned as WAN.
Steve
-
@stephenw10 Where is that run Steve, on the 6100 itself? Sorry for my ignornace.
-
Yes, that is a CLI command so you could run it at the serial console or via SSH or, in this case, at Diag > Command Prompt in the gui.
-
@stephenw10 I have done that yet but I did have them plug into ix2 and the interface came up, does that mean this box is faulty?
-
I tried to reassign WAN to Ix2 and WAN2 to the non working ix3 and it wouldn't work. It kept both at ix3 once I rebooted . Had to restore a backup cause I was unable to get WAN2 back on ix2.
-
This is a basically the network setup I am now having to make work. Why ix3 all of sudden no longer connects is beyond me so I guess I'll have ot make ix2 my new WAN.
-
You should be able to re-assign the interfaces interfaces. You can just delete WAN2 as an assignment then ix2 becomes free. Then reassign WAN as ix2, ix3 becomes free.
However if it works as expected in ix2 and fails in ix3 you should open a ticket with us because that starts to look like a hardware issue:
https://www.netgate.com/tac-support-requestSteve
-
@stephenw10 Thank you Steve, I did just issue that ifconfig command and ix3 was listed. Yes I just emailed my manager telling him I need to purchase Support in order to contact Netgate because we have one month left of warranty. I also tried setting WAN2 to DHCP agianst this newly installed router and it only brought back 0.0.0.0 as the IP address. Not sure what static information it needs to create a connection.
-
You don't need to purchase support for a hardware issue like that. Just open a ticket.
If ix2 shows as linked but just cannot pull an IP that could be the MAC address lock on the modem. Be sure to reboot it.
-
@stephenw10 Thank you. So I attempted deleting ix2 or WAN2 assignment, went successful but again then trying to assign ix2 now to WAN form ix3, does nothing, hitting Save and no confirmation of change or anything. After sometime I go out and come back in ,its back to ix3 on WAN.
-
Hmm, odd. Any errors logged?
You could try reassigning the interfaces at the console using the menu option if you have access there. And you only have two interfaces in use.
-
S stephenw10 moved this topic from General pfSense Questions on
-
@stephenw10 I gave up trying to make the assignment, I simply setup WAN2 with the static information and got it running and assigned it as my default GW. Just making some IP updates on my end to facilatate VoIP and my VPN remote connection but all their system are up. I did send in a support ticket however because I do think something is not right with the hardware itself to out of the blue drop completely. Our ISP is spotty and we have noticed over the last few weeks more an d more drops so maybe it's a combination of ISP and hardware.
-
@StormGate Now although I have everything back and running there is one problem and it is because of double nating, no doubt. The VPN users are now exprriencing disconnects when attmepting to keep a VPN client logged in , is there a workaround to get past this issue with having pfsense now behind another router that the ISP says has to be place in order to have the static IP?
-
What VPN type are they using? Are they connecting to the same server/IP?