pfSense router does not receive IP adress from ISP

Schmeling

I have a Protectly router with pfSence installed. While everything seems to be working fine, when the power is cut to both my ISPs fiber box and the pfSence router and the power comes on, both boxes boot up. The ISPs fiber box is slower than the pfSense box, but both boxes boot up fine, except that the pfSence router does not receive an IP address and never does. If I unplug the WAN cable and re-insert it, the pfSense box immediately gets an IP address.

I'm assuming that the problem has something to do with the pfSence box booting up quicker and asking for an IP to the ISPs box, that is not yet ready, but still this doesn't quite make sense, when I look at the "DHCP Client Configuration" under WAN interface.I have made no advanced configurations, but according to the help file, timeout, retry, etc. are already defined, so the router should ask for a new IP after 5 minutes. But it doesn't.

Can anyone explain why, and what I may do to get the pfSence router to behave "correctly"?

johnpoz

@Schmeling are you saying it gets no IP address at all, or does it get say 192.168.100.x address, or some other rfc1918 address.

Pfsense that gets a lease, prob not going to try and get a new one until the lease expires.. You could set to reject getting a dhcp from the routers IP that is handing out the dhcp when it hasn't come online yet.

planedrop

yeah like @johnpoz mentioned I would first check to see if it's getting some other IP that isn't public or if it literally has no IP. I've had some issues similar to this but in the end it turned out to be an issue with the ISP DHCP server so not sure that's much help lol.

In my experience though pfSense doesn't really have issues with WAN DHCP addresses and it's usually something on the ISP side. I've had plenty of pfSense boxes get new leases from the ISP for the public IP and it always works flawlessly.

I know saying "mine doesn't do that" isn't much help but just giving my two cents lol.

Gertjan

@Schmeling said in pfSense router does not receive IP adress from ISP:

the ISPs box, that is not yet ready, but still this doesn't quite make sense, when I look at the "DHCP Client Configuration" under WAN interface.

Looking at the settings is one thing.
Looking and sharing the Status > System Logs > DHCP (all the lines with dhcpc, as this log is shared with the DHCP v4 and v6 server, and the dhcp6c if you use it).

Us ethe GU to see the logs,
or, more direct :

Connect to the console, and fire up your ISP router and pfSense.
As soon as you see the menu - pfSense has booted, go option 8 and then

tail -f /var/log/dhcpd.log

Now, see what happens.

@Schmeling said in pfSense router does not receive IP adress from ISP:

The ISPs fiber box is slower ...

The ISP box is probably harder to debug (seeing whats happening) but what you could notice :
As soon as the box boots, it will initialize its LAN interface, most often a couple of RJ45 connectors. The connector connected (to your pfSEnse WAN, or a PC) will shows some leds : the connection is UP.
This way, you could connect a PC directly to it, and use the GUI of the ISP box to, for example, set WAN identification parameters like user and password. So, LAN should works pretty soon, but WAN might take time establish.
pfSense (its dhcp client) will obtain a valid lease pretty quickly, although no 'Internet' connection is really possible at this moment, the ISP router's WAN is still in the 'building' phase).

What most routers do : as soon as the WAN comes up (a real WAN IP gets assigned to the ISP box by the ISP, a gateway etc), it will 'toggle' the LAN port(s) : it will take the LAN port shortly down, and then up again. This is an important event, and you can see it looking at the RJ45leds on both pfSense and the ISP router.
When the pfSense WAN (== ISP LAN port) goes down and up, pfSense will do what it always does : it will initiate (again) DHCP request, being pfSense the DHCP client, and the ISP router being the DHCP server.
By studying the DHCP log on pfSense, and the system log for the WAN interface for the WAN interface down and up events, you can follow the process.

pfSense will, when it got a DHCP lease from the upstream ISP router, renew the lease every (see lease info - see this file /var/db/dhclient.leases.YYY where YYY is the driver name of your interface like em0, ix3 or re0 - look at the last record)

If the WAN interface goes down and up again, dhcpc will request a new lease right away.

Schmeling

@johnpoz you are correct, the router doesn't get an IP at all. On the interface widget for WAN, it says: "WAN - Uparrow - 1000baseT <full-duplex> n/a. After a unplug/replug it gives the correct IP instead of n/a

From the documentation under "DHCP Client Configuration"/"Advanced options"/"Protocol timing" I would assume that either the timeout time (default 60sec) or the retry time (default 5 min), would be the amount of time, that should pass, before the router tries again, but nothing happens, the router never obtains an IP. An unplug/replug of the wan cable fixes the issue, but this is of course not feasible if I'm not at home all the time.

Gertjan

@Schmeling said in pfSense router does not receive IP adress from ISP:

you are correct, the router doesn't get an IP at all.

Router is pfSense, not your ISP router, right ?

@Schmeling said in pfSense router does not receive IP adress from ISP:

On the interface widget for WAN, it says: "WAN - Uparrow - 1000baseT <full-duplex> n/a. After a unplug/replug it gives the correct IP instead of n/a

So a network connection (cable) unplug then plug or interface down and then interface up event triggers (start) dhcpc, which obtains an IP (lease) immediately.

The same thing (should) happens when pfSense starts and activates its WAN interface. If the other side of the WAN cable is also active, the interface (WAN) is considered up, and dhcpc triggers.
You issue : at that moment, no body (the ISP router) answers ....
dhcpc, using default setting, will try and retry many time.
Again : see the pfSense dhcp(c) log.

Schmeling

@Gertjan said in pfSense router does not receive IP adress from ISP:

Router is pfSense, not your ISP router, right ?

Correct. My router is pfSense. My ISP fiberbox is an Icotera

This is what the interface widget looks like:
Screenshot 2023-08-01 142407.jpg

This is the DHCP log right after boot up, where the router fails at getting an IP:

Aug 1 14:17:05 dhcpd 53198 Internet Systems Consortium DHCP Server 4.4.2-P1
Aug 1 14:17:05 dhcpd 53198 Copyright 2004-2021 Internet Systems Consortium.
Aug 1 14:17:05 dhcpd 53198 All rights reserved.
Aug 1 14:17:05 dhcpd 53198 For info, please visit https://www.isc.org/software/dhcp/
Aug 1 14:17:05 dhcpd 53198 Config file: /etc/dhcpd.conf
Aug 1 14:17:05 dhcpd 53198 Database file: /var/db/dhcpd.leases
Aug 1 14:17:05 dhcpd 53198 Internet Systems Consortium DHCP Server 4.4.2-P1
Aug 1 14:17:05 dhcpd 53198 PID file: /var/run/dhcpd.pid
Aug 1 14:17:05 dhcpd 53198 Copyright 2004-2021 Internet Systems Consortium.
Aug 1 14:17:05 dhcpd 53198 All rights reserved.
Aug 1 14:17:05 dhcpd 53198 For info, please visit https://www.isc.org/software/dhcp/
Aug 1 14:17:05 dhcpd 53198 Wrote 0 class decls to leases file.
Aug 1 14:17:05 dhcpd 53198 Wrote 0 deleted host decls to leases file.
Aug 1 14:17:05 dhcpd 53198 Wrote 0 new dynamic host decls to leases file.
Aug 1 14:17:05 dhcpd 53198 Wrote 8 leases to leases file.
Aug 1 14:17:05 dhcpd 53198 Listening on BPF/igb1/64:62:66:21:23:e1/192.168.1.0/24
Aug 1 14:17:05 dhcpd 53198 Sending on BPF/igb1/64:62:66:21:23:e1/192.168.1.0/24
Aug 1 14:17:05 dhcpd 53198 Sending on Socket/fallback/fallback-net
Aug 1 14:17:05 dhcpd 53198 Server starting service.
Aug 1 14:17:12 dhcpd 53198 DHCPDISCOVER from 50:67:ae:f0:5d:71 via igb1
Aug 1 14:17:12 dhcpd 53198 DHCPOFFER on 192.168.1.5 to 50:67:ae:f0:5d:71 via igb1
Aug 1 14:17:12 dhcpd 53198 DHCPREQUEST for 192.168.1.5 (192.168.1.1) from 50:67:ae:f0:5d:71 via igb1
Aug 1 14:17:12 dhcpd 53198 DHCPACK on 192.168.1.5 to 50:67:ae:f0:5d:71 via igb1

The router never gets an IP unless I unplug/replug the WANcable.

johnpoz

@Schmeling that is not the dhcp client that is pfsense dhcp server.

Gertjan

@Schmeling

@Gertjan said in pfSense router does not receive IP adress from ISP:

(all the lines with dhcpc, as this log is shared with the DHCP v4 and v6 server, and the dhcp6c if you use it).

I was wrong / sorry : it's called dhclient

A copy from my logs :

<13>1 2023-07-31T07:27:41.491659+02:00 pfSense.bhf.net dhclient 71901 - - PREINIT
<30>1 2023-07-31T07:27:41.503620+02:00 pfSense.bhf.net dhclient 24464 - - DHCPREQUEST on ix3 to 255.255.255.255 port 67
<30>1 2023-07-31T07:27:41.508664+02:00 pfSense.bhf.net dhclient 24464 - - DHCPACK from 192.168.10.1
<27>1 2023-07-31T07:27:41.508950+02:00 pfSense.bhf.net dhclient 24464 - - unknown dhcp option value 0x7d
<13>1 2023-07-31T07:27:41.513156+02:00 pfSense.bhf.net dhclient 74114 - - REBOOT
<13>1 2023-07-31T07:27:41.517228+02:00 pfSense.bhf.net dhclient 74895 - - Starting add_new_address()
<13>1 2023-07-31T07:27:41.521867+02:00 pfSense.bhf.net dhclient 75591 - - ifconfig ix3 inet 192.168.10.4 netmask 255.255.255.0 broadcast 192.168.10.255 
<13>1 2023-07-31T07:27:41.532702+02:00 pfSense.bhf.net dhclient 77215 - - New IP Address (ix3): 192.168.10.4
<13>1 2023-07-31T07:27:41.534628+02:00 pfSense.bhf.net dhclient 77723 - - New Subnet Mask (ix3): 255.255.255.0
<13>1 2023-07-31T07:27:41.538606+02:00 pfSense.bhf.net dhclient 78566 - - New Broadcast Address (ix3): 192.168.10.255
<13>1 2023-07-31T07:27:41.542286+02:00 pfSense.bhf.net dhclient 79644 - - New Routers (ix3): 192.168.10.1
<13>1 2023-07-31T07:27:41.548085+02:00 pfSense.bhf.net dhclient 80306 - - Adding new routes to interface: ix3
<13>1 2023-07-31T07:27:41.568726+02:00 pfSense.bhf.net dhclient 83164 - - /sbin/route add -host 192.168.10.1 -iface ix3
<13>1 2023-07-31T07:27:41.572065+02:00 pfSense.bhf.net dhclient 83662 - - /sbin/route add default 192.168.10.1
<13>1 2023-07-31T07:27:41.574570+02:00 pfSense.bhf.net dhclient 84231 - - Creating resolv.conf
<30>1 2023-07-31T07:27:41.624504+02:00 pfSense.bhf.net dhclient 24464 - - bound to 192.168.10.4 -- renewal in 43200 seconds.

From start to end : less then 200 ms.

On line 7 the ix3 (my WAN interface) is configured with the obtained info.

Your LAN uses the default 192.168.1.1/24
Now I hope that you confirm that your ISP router doesn't also use 192.168.1.1/24 as that would introduction world's most common network failure : a router can't route between identical networks.

As you can see, my ISP router uses 192.168.10.1/24.
It was using 192.168.1.1/24 ** so I changed that before using it with pfSense.

** as nearly all routers use 192.168.1.1/24 as their default LAN network.
pfSense is 'just' a router as any other router out there.

Schmeling

Sorry about posting the wrong log. I do not seem to be able to find a log section marked dhclient, but searching for "dhclient" in the log I find the following lines in the timeframe for the bootup:

Aug 1 14:16:21 php 432 rc.bootup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf igb0 > /tmp/igb0_output 2> /tmp/igb0_error_output' returned exit code '1', the output was ''
and
Aug 1 14:16:09 dhclient 8495 Cannot open or create pidfile: No such file or directory

These are the only lines, I can find around that time. The WAN and LAN IP ranges are completely different LAN 192... WAN 80...

johnpoz

@Schmeling this seems to be same problem

https://forum.netgate.com/topic/142695/dhclient-doesn-t-work-after-boot-up-for-wan-conected-to-modem

From the last post it seems just updating the timeout in the advanced section fixed it for them.

Schmeling

@johnpoz said in pfSense router does not receive IP adress from ISP:

Schmeling this seems to be same problem

https://forum.netgate.com/topic/142695/dhclient-doesn-t-work-after-boot-up-for-wan-conected-to-modem

Setting Timeout = 900 as pr. the other post does nothing. Behavior is exactly the same.

The aprox. boot up time for the ISP fiber modem is only 90 seconds.

stephenw10

It's a timing issue. If the modem brings down the link during it's boot process pfSense will not start the dhclient on it. Normally the client would start as soon as the link comes back up but if that is while pfSense is still booting it will ignore the link-up event.

Edit /boot/loader.conf and set autoboot_delay to something larger so that the modem has brought the link up by the time pfSense tries to start the dhclient.
If that works create the loader entry in /boot/loader.conf.local so it never gets overwritten.

Steve

Gertjan

@stephenw10 said in pfSense router does not receive IP adress from ISP:

If the modem brings down the link during it's boot process pfSense will not start the dhclient on it

I presume that pfSEnse is up and running at that moment.
A down event doesn't produce any dhclient activity, that's ... understandable.
If the ISP router brings down (de activates) it's LAN interface, - presuming its booting or at the end of the boot prcoess, then this will be followed by an activation == UP event. As pfSense is still on hold, and has activated the (WAN) link on his side, this will be detected and a dhclient exchange will (should) happen.

@stephenw10 said in pfSense router does not receive IP adress from ISP:

Normally the client would start as soon as the link comes back up but if that is while pfSense is still booting it will ignore the link-up event.

In this case, I presume the ISP router is up and ready, and has its LAN interface activated.
pfSense boots, activates the WAN, and if the link is up, this will (should) fire up a dhclient event right away.
This is exactly what happens when we reboot pfSense - while the ISP router is 'untouched'.

stephenw10

But when both are rebooted simultaneously, like if there's a power outage, then you can hit this issue.

Schmeling

@stephenw10 said in pfSense router does not receive IP adress from ISP:

But when both are rebooted simultaneously, like if there's a power outage, then you can hit this issue.

This is exactly my problem. Power outages are not uncommon where I live, which is exactly why this is a problem for me. I have a public IP, with ports open and if the power goes, and the router cant get an IP address, I'm screwed.

I'm assuming, that I just connect with ssh/Putty chose shell in the menu and use VI to edit the file, and as far as I can see right now, the autoboot_delay =3 is that in seconds? Second I do not seem to be able to find the file loader.conf.local in the boot directory. Am I looking in the wrong place?

stephenw10

Yes, or you can edit the file in gui in Diag > Edit File. Or use the easy editor (ee) in the gui if you're not familiar with vi.

Yes the default delay is 3 seconds. I'd try 30 seconds and see if that fixes it.
You will see in the boot logs if it doesn't, it reports /rc.linkup: Ignoring link event during boot sequence.

Yes, you need to create /boot/loader.conf.local

Steve

viragomann

@Schmeling
Yes, the delay time is in seconds.

The /boot/loader.conf.local doesn't exist out of the box. You have to create it.
Just enter in the shell

echo "autoboot_delay=\"30\"" >> /boot/loader.conf.local

to create it and enter the option for 30 s delay.

Schmeling

I just tested with autoboot_delay=80 and cut the power. The bootup actually worked, but when I open loader.conf with vim, the delay is back at 3. Is this expected behaviour and was the value of 80 even used?

When trying: echo "autoboot_delay="30"" >> /boot/loader.conf.local I get: Unmatched '"'.

johnpoz

@Schmeling you would have to create the loader.conf.local file

You need the \ in there to escape those " etc..