Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to request longer lease time on WAN (!) DHCP request

    Scheduled Pinned Locked Moved
    DHCP and DNS
    3
    8
    729
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j.koopmann
      last edited by

      Hi,

      my ISP told me to request a longer DHCP lease time (I am relatively positive that this is a bullshit request but anyhow). So I figured putting

      option dhcp-lease-time 86400

      in the send options of the WAN interface should do the trick. However the DHCP Request looks like this:

      12:05:32.616759 00:e0:97:1d:54:20 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:ff:97:1d:54:20, length 300, xid 0x23de6b30, Flags [none] (0x0000)
	  Client-Ethernet-Address 00:ff:97:1d:54:20
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Request
	    Requested-IP Option 50, length 4: -hidden-
	    Client-ID Option 61, length 7: ether 00:ff:97:1d:54:20
	    Hostname Option 12, length 12: "XXX"
	    Parameter-Request Option 55, length 10:
	      Subnet-Mask, BR, Time-Zone, Classless-Static-Route
	      Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
	      Option 119, MTU
	    END Option 255, length 0
	    PAD Option 0, length 0, occurs 15

      And of course all I get is the standard DHCP lease time from the ISP. What am I missing?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @j.koopmann
        last edited by

        @j-koopmann said in Trying to request longer lease time on WAN (!) DHCP request:

        option dhcp-lease-time 86400

        in the send options of the WAN interface should do the trick.

        And it does.
        That is, you are already aware that 'ISP phone support' doesn't know sh*t about their DHCP server settings.
        And that the server DHCP can take in account the lease duration, but imho, that's rare. It's probably a MIN and MAX settings, and the request from the client should be between these values. If not, it's clipped.

        My question : you changed what where and how ?

        d9ea39a5-d8bf-42a6-a5c1-b2b9a485e077-image.png

        You created your own config file I presume ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • J
          j.koopmann
          last edited by

          The underlying problem is that sometimes during the day the WAN IP address changes for no apparent reason which leads to killed sessions etc. I raised this with support and the obvious first answer was "maybe a problem with your WAN CAT cable". Yeah right.

          They then admitted that even if that cable had a problem a subsequent DHCP request should usually yield the same IP as before and the fact that it does not they wanted to look into. Now they called and answered "well the lease time is only 30 minutes so why don't you simply request a much longer one". I am aware that this is a bullshit answer but wanted to "please" their support process.

          0ce51a81-0b82-438b-8a46-8f385fb8e301-image.png

          I fail to see that the 86400 are even requested in the first place.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @j.koopmann
            last edited by

            @j-koopmann

            I've checked the generated dhcp client config file ( in /var/etc/ )

            interface "ix3" {

	supersede interface-mtu 0;
# DHCP Protocol Timing Values
timeout 60;
retry 15;
select-timeout 0;
initial-interval 1;

# DHCP Protocol Options
	send option dhcp-lease-time 2000;

	script "/usr/local/sbin/pfSense-dhclient-script";
}

            This are the details of the lease obtained : (in /var/db/)

            lease {
  interface "ix3";
  fixed-address 192.168.10.4;
  next-server 192.168.10.1;
  option subnet-mask 255.255.255.0;
  option routers 192.168.10.1;
  option domain-name-servers 192.168.10.1;
  option domain-name "home";
  option broadcast-address 192.168.10.255;
  option dhcp-lease-time 86400;
  option dhcp-message-type 5;
  option dhcp-server-identifier 192.168.10.1;
  option dhcp-renewal-time 43200;
  option dhcp-rebinding-time 75600;
  option option-125 0:0:d:e9:24:4:6:34:34:44:34:35:34:5:f:4c:4b:32:32:31:33:32:44:50:39:39:37:32:36:38:6:9:4c:69:76:65:62:6f:78:20:36;
  renew 5 2023/8/18 22:50:52;
  rebind 6 2023/8/19 07:50:52;
  expire 6 2023/8/19 10:50:52;
}

            As you can see, even my ISP router, the DHCP server I use, gave a "86400" even if I asked for a "2000".
            But : I didn't check the DHCP Request, thought.... no Wireshark available right now.

            The syntax of the config file seems correct to me.
            https://linux.die.net/man/5/dhclient.conf

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @Gertjan
              last edited by

              @Gertjan said in Trying to request longer lease time on WAN (!) DHCP request:

              gave a "86400" even if I asked for a "2000".

              Yeah.. doesn't matter if you ask for 5 minutes or 2 weeks. The dhcp server is most likely just going to send you what its setup to send you.

              That its sending you 30 minute lease is kind of BS.. I get huge lease from my isp, and I sure am not asking for that by default.

                option dhcp-lease-time 410311;
  option dhcp-message-type 5;
  option dhcp-server-identifier 207.181.192.241;
  renew 0 2023/8/20 21:00:13;
  rebind 2 2023/8/22 15:44:34;
  expire 3 2023/8/23 05:59:29;

              I just released and renewed trying to catch the dhcp traffic, but forget that would have to setup a span port on switch I run the wan connection through to catch it.. Before it was 7 day lease. The weird 410311 time came that was what was left on lease when I released it and then renewed.

              The thing is shouldn't matter what you ask for - or get, it should renew at the 50% of your lease and there really shouldn't be a IP change. If your ISP is forcing an IP change, and only have a 30 minute lease is shitty setup if you ask me.

              What I would do is what they ask, and set the lease request time... Capture the actual dhcp exchange and send them the pcap.. etc..

              If you look in your /var/db/dhclient.leases.interface file you should have some details of what they are sending you and that its not renewing when it should, etc. And most likely going all the way to end of lease and then sending out new discover vs just a request.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              J 1 Reply Last reply Reply Quote 0
              • J
                j.koopmann @johnpoz
                last edited by

                @johnpoz said in Trying to request longer lease time on WAN (!) DHCP request:

                What I would do is what they ask, and set the lease request time... Capture the actual dhcp exchange and send them the pcap.. etc..

                My thoughts exactly and exactly what I plan on doing. I am 100% positive that the dhcp WAN client setup has zero impact on the actual error. But to please them I would like to show it to them.

                My dhclient.conf looks like this:

                interface "igc0.132" {

        supersede interface-mtu 0;
# DHCP Protocol Timing Values
timeout 60;
retry 15;
select-timeout 0;
initial-interval 1;

# DHCP Protocol Options
        send option dhcp-lease-time 86400;

        script "/usr/local/sbin/pfSense-dhclient-script";
}

                But in the pcap I fail to see that the 86400 are requested.

                17:55:55.182175 00:e0:97:1d:54:20 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:ff:97:1d:54:20, length 300, xid 0xf941506, Flags [none] (0x0000)
	  Client-Ethernet-Address 00:ff:97:1d:54:20
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Request
	    Requested-IP Option 50, length 4: -hidden-
	    Client-ID Option 61, length 7: ether 00:ff:97:1d:54:20
	    Hostname Option 12, length 12: "pfSenseHills"
	    Parameter-Request Option 55, length 10:
	      Subnet-Mask, BR, Time-Zone, Classless-Static-Route
	      Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
	      Option 119, MTU
	    END Option 255, length 0
	    PAD Option 0, length 0, occurs 15

                I would expect tcpdump to show the requested/sent dhcp lease time option but it is not showing in either. That is what is troubling me since I cannot show them that I did what they requested.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @j.koopmann
                  last edited by johnpoz

                  @j-koopmann Can you post the full pcap.. You can always obfuscate details of your actual wan IP in the pcap.

                  It's a bit of pain to capture my actual pfsense wan dhcp.. But here for example is a local dhcp discover, offer, request and ack

                  So I edited client of mine dhclient.conf to send the lease time of 3600

                  conf.jpg

                  Here is details of the capture (did a packet capture on pfsense)

                  dhcp.jpg

                  And you can see the previous lease a full day (24 hours), which is what I have pfsense set too for default lease time..

                  lease.jpg

                  And the new lease was what my client requested of 1 hour..

                  here is the pcap if you want to look at it in wireshark, to compare to what you are capturing.. Your going to have way better details, opening the pcap in say wireshark then how your looking at it? The option your wanting to look at is option 51

                  dhcp.pcap

                  edit: just noticed you have option in there, you shouldn't need that, so remove that from your advanced settings.

                  removethis.jpg

                  edit2: So for example here obfuscated pcap... bittwist is one tool, haven't used that in long time - but used tracewrangler for this, replaced my 192.168.2.12 IP and and pfsense IP with 1.2.3.4 and 1.2.3.254, etc..

                  dhcp_anon.pcapng

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 1
                  • J
                    j.koopmann
                    last edited by

                    Thanks for sharing this. The trick was to put

                    dhcp-lease-time 86400

                    in the option field instead of

                    option dhcp-lease-time 86400

                    64168062-9ae6-4e5a-a4b6-558a9e02a890-image.png

                    This worked and I can see the 51 request now in my DHCP request which of course is being ignored. So next round with the ISP.

                    Regards
                    JP

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post