Not getting a DHCP WAN IP Address on netgate hardware.
-
In you can install the arping pkg you can try arping for the gateway:
[23.09-DEVELOPMENT][admin@4100-3.stevew.lan]/root: pkg install arping Updating pfSense-core repository catalogue... Fetching meta.conf: 0% pfSense-core repository is up to date. Updating pfSense repository catalogue... Fetching meta.conf: 0% pfSense repository is up to date. All repositories are up to date. The following 2 package(s) will be affected (of 0 checked): New packages to be INSTALLED: arping: 2.21_1 [pfSense] libnet: 1.2,1 [pfSense] Number of packages to be installed: 2 118 KiB to be downloaded. Proceed with this action? [y/N]: y [1/2] Fetching libnet-1.2,1.pkg: 100% 92 KiB 94.1kB/s 00:01 [2/2] Fetching arping-2.21_1.pkg: 100% 26 KiB 26.5kB/s 00:01 Checking integrity... done (0 conflicting) [1/2] Installing libnet-1.2,1... [1/2] Extracting libnet-1.2,1: 100% [2/2] Installing arping-2.21_1... [2/2] Extracting arping-2.21_1: 100% [23.09-DEVELOPMENT][admin@4100-3.stevew.lan]/root: rehashThen:
[23.09-DEVELOPMENT][admin@4100-3.stevew.lan]/root: arping -c 3 172.21.16.1 ARPING 172.21.16.1 60 bytes from 00:08:a2:0c:c9:91 (172.21.16.1): index=0 time=767.357 usec 60 bytes from 00:08:a2:0c:c9:91 (172.21.16.1): index=1 time=661.690 usec 60 bytes from 00:08:a2:0c:c9:91 (172.21.16.1): index=2 time=682.343 usec --- 172.21.16.1 statistics --- 3 packets transmitted, 3 packets received, 0% unanswered (0 extra) rtt min/avg/max/std-dev = 0.662/0.704/0.767/0.046 msIf the gateway doesn't respond even to arp there must be something low level disconnected somehow.
The ARP entry in the table will expired after ~15mins so it may appear to be there still even if it's not responding at all.
-
This post is deleted! -
What about the MTU settings? Does that matter with ONT modems? Also a duplex mismatch could occur Is the connection set to auto or full duplex on the WAN? I think it's a duplex mismatch as it corrects with a switch so the switch could be set to auto negotiation, and somehow the firewall is set to half of something.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/low-throughput.html
-
There appear to be two issues here, at least. Firstly the ONT seems to be set to 100M fixed which means the interfaces on the 4100 cannot link to it directly.
Secondly the ISP gateway stops responding after some time. That's unlikely to be an MTU issue because pings are tiny. As are the DHCP requests.
We have seen something similar to this previously. A misbehaving ISP gateway stopped responding when it's ARP entry expired instead of sending an ARP request to renew it. IIRC we worked around it by setting the pfSense ARP expiry time low so that it sends an ARP request before the gateway expires it's entry. By default it's 20mins:
[23.09-DEVELOPMENT][admin@4100-3.stevew.lan]/root: sysctl net.link.ether.inet.max_age net.link.ether.inet.max_age: 1200Try setting that to 5mins and see if that allows it to continue:
[23.09-DEVELOPMENT][admin@4100-3.stevew.lan]/root: sysctl net.link.ether.inet.max_age=300 net.link.ether.inet.max_age: 1200 -> 300If that works you can add it as a system tunable.
Running an arping against the gateway would probably also renew the remote ARP entry.
Both are hacks that shouldn't be required!
-
@stephenw10 Thank you for your time on this. I will not have physical access to the device until Friday or Saturday. I will try it again and let you know what happens asap.
-
@stephenw10 This was the result of ARPing the gateway's mac
-
I assume that's after it stops responding? Does that ARPing work initially?
Did you try setting a lower max_age value?
-
@stephenw10 ARPing does not work initially, neither did lowering the max age value.
-
Hmm, the gateway doesn't respond to ARPing even when you are still able to reach external hosts?
-
@stephenw10 Correct
-
Hmm, then maybe it's blocking something immediately but continues passing traffic until it's ARP entry expires.
Hard to think what that could be given you are no longer pinging it.... -
@stephenw10 Sorry for the late reply. Life got a bit crazy there for a moment. I have tried a different switch in-between the Pfsense box and the ONT. Unfortunately I got the same result. What be the next step for support at this time since we seem to have exhausted our abilities here? Should we look into purchasing support from negate on this, or do you think that there is nothing that can be done at this time?
-
Hmm, I'm not sure what more they could do here. They could re-run those tests to check the data. But what you did seems good.
Both the 1100 and 4100 have interfaces with quirks that could be causing issues here. If you can I would try connecting a very generic pfSense CE install to see if that also behaves the same. Some hardware with Intel NICs if you have it.
Reading back I was almost sure it was going to be that ARP timeout value You could try setting that to something very low like 60.
Steve
-
What about offboarding?????
-
The default settings on the 1100 and 4100 should be fine there. Hard to imagine that preventing ARP. But easy to test...
-
@stephenw10 I will try both of these things as soon as I am able, but that probably won't be until Sunday.
-
Thank you both for the suggestions. Unfortunately, I got the same result after trying both suggestions. I did notice that if I unplug, and then replug the cable the interface comes back online for a while, but eventually does go offline again. I do not have any other hardware to test with atm.
-
@stephenw10 said in Not getting a DHCP WAN IP Address on netgate hardware.:
The ISP gateway may not appear in a traceroute.
The gateway's address might not appear. However, if it doesn't the hop still does and is indicated by an "*".
