Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No hostnames under diagnostics/arp

    DHCP and DNS
    3
    8
    513
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AlexS 0
      last edited by

      Hello,
      I honestly don't understand it, so I'm turning to you and hope you have some tips for me.

      I had pfsense 2.7.0 and have a lot of static MAC-IP mappings in the DHCP server. So far I could see all active devices under diagnostics/arp with IP and the hostname.

      Today I logged in again and ARP no longer shows hostnames. Not one, neither the ones that are permanently stored in the DHCP server, nor others that are “sent” via the devices themselves.

      To test, I imported an older config -> without success.

      I then updated the server to version 2.7.2. Unfortunately, I had to completely reinstall it, import my latest config and run “Reinstall Packages”. The hostnames are further away.
      Lastly, I activated the new DHCP server (KEA), because the old one will no longer be available in the future. After a reboot, there are still no hostnames.

      What am I missing? How can I solve the problem?

      Thanks and best wishes for 2024 :-)
      Alex

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @AlexS 0
        last edited by johnpoz

        @AlexS-0 well kea sure isn't going to help - it doesn't support registration of dhcp in to dns as of yet..

        if you do arp -a at cmd line do you see them... I just looked on my 23.09.1 and not seeing them in the gui either

        arpa.jpg

        But do see them when just running arp -a, so seems it something in the gui code.

        gui.jpg

        I thought there was patch a while back for something about this - maybe a regression in the latest? Let me look around redmine

        edit: Ok maybe It was the ndp table - i had even put in that redmine

        https://redmine.pfsense.org/issues/13318

        I just looked and ndp table showing - but yeah now just normal arp isn't.. Have to put in a redmine I guess, I don't see one.

        I opened up this redmine and pointed it to here

        https://redmine.pfsense.org/issues/15129

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        A 2 Replies Last reply Reply Quote 0
        • A
          AlexS 0 @johnpoz
          last edited by

          @johnpoz Thank you for your information and for analyzing the problem and filing a bug report.

          I was just really surprised that it was working just a few weeks ago and now suddenly it wasn't working anymore.

          I'm guessing that with the many changes I've made recently, I clicked on "update" and that's how the bug crept in.

          At least now I know I'm not the only one with the problem ;-)

          Wish you a happy new year ;-)

          1 Reply Last reply Reply Quote 0
          • A
            AlexS 0 @johnpoz
            last edited by

            @johnpoz ... they're back...

            ... although I don't know what solved the problem in the end.

            I previously reinstalled arpWatch under /status/services via the GUI and then made some changes to the DNS-resolver

            When I just checked /status/arp again, the hostnames were there again. Maybe reinstalling arpwatch brought about the change?

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @AlexS 0
              last edited by johnpoz

              @AlexS-0 well I seem to have a issue with arpwatch.. I tried just doing a reinstall

              >>> Upgrading pfSense-pkg-arpwatch... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: 
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
Fetching meta.conf: 
pfSense repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
	pfSense-pkg-arpwatch-0.2.1 [pfSense]

Number of packages to be reinstalled: 1

9 KiB to be downloaded.
[1/1] Fetching pfSense-pkg-arpwatch-0.2.1.pkg: . done
Checking integrity... done (0 conflicting)
[1/1] Reinstalling pfSense-pkg-arpwatch-0.2.1...
[1/1] Extracting pfSense-pkg-arpwatch-0.2.1: ......... done
Removing arpwatch components...
Menu items... done.
Services... done.
Loading package instructions...
Deinstall commands... done.
Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
0020E1E614400000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/sources/FreeBSD-src-plus-RELENG_23_09_1/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.
Executing custom_php_resync_config_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
00206134C41A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/sources/FreeBSD-src-plus-RELENG_23_09_1/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.
Menu items... done.
Services... done.
Writing configuration... done.
>>> Cleaning up cache... done.
Success

              Then tried doing a full uninstall and reinstall and run into this.

              >>> Installing pfSense-pkg-arpwatch... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: 
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
Fetching meta.conf: 
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	arpwatch: 3.3 [pfSense]
	libpcap: 1.10.4 [pfSense]
	pfSense-pkg-arpwatch: 0.2.1 [pfSense]

Number of packages to be installed: 3

The process will require 1 MiB more space.
[1/3] Installing libpcap-1.10.4...
[1/3] Extracting libpcap-1.10.4: .......... done
[2/3] Installing arpwatch-3.3...
[2/3] Extracting arpwatch-3.3: .......... done
[3/3] Installing pfSense-pkg-arpwatch-0.2.1...
[3/3] Extracting pfSense-pkg-arpwatch-0.2.1: ......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
002041C748220000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/sources/FreeBSD-src-plus-RELENG_23_09_1/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.
Executing custom_php_resync_config_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
002001B235370000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/sources/FreeBSD-src-plus-RELENG_23_09_1/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.
Menu items... done.
Services... done.
Writing configuration... done.
=====
Message from arpwatch-3.3:

--
You can create an ethercodes.dat file by running this script:

    /usr/local/arpwatch/update-ethercodes

Here's a example crontab entry to update it every night:

    00 0 * * * root sleep `jot -r 1 0 600` ; /usr/local/arpwatch/update-ethercodes

The -m flag is deprecated. If you are using the -m watcher flag,
please switch to -w.
>>> Cleaning up cache... done.
Success

              I looked at the arp table gui when not installed, same no hostnames. But see them if just do arp -a from cmd line

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.03 | Lab VMs 2.7.2, 24.03

              1 Reply Last reply Reply Quote 0
              • S
                serbus
                last edited by

                Hello!

                Maybe related to DNS issues in ...

                https://forum.netgate.com/topic/185224/automatic-configuration-backup-no-longer-works/7

                https://redmine.pfsense.org/issues/15127

                John

                Lex parsimoniae

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @serbus
                  last edited by johnpoz

                  @serbus I don't think so - but I applied it.. it did fix my acb issue, I wasn't running it.. Tried turning it on and ran into that problem.. Applied the patch and acb now working..

                  Then tried aprwatch reinstall and same error as before - something related to validating pulling the oui looks like

                  Custom commands...
Executing custom_php_install_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
0020E120433F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/sources/FreeBSD-src-plus-RELENG_23_09_1/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.
Executing custom_php_resync_config_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
0020214F4D540000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/sources/FreeBSD-src-plus-RELENG_23_09_1/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.

                  But what do you know.. My arp table is listing hostnames now

                  arptable.jpg

                  So I take it that patch fixes the arp table problem as well - but now I have this arpwatch thing still not working..

                  edit: its odd that it pulls fqdn for some stuff but not others.. That i9-win entry for example.. arp -a shows it as fqnd, if I do reverse for that IP it comes back as fully qualified.. But arp table gui only showing i9-win vs i9-win.home.arpa

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    AlexS 0 @johnpoz
                    last edited by

                    @johnpoz Unfortunately I have far too little knowledge of the whole system and at the moment I don't have any time at all to familiarize myself with the matter.

                    I have reinstalled arpwatch again and observed the protocol. It runs cleanly for me. But maybe it has something to do with the fact that I recently installed pfSense 2.7.2 and the missing/incorrect certificates are therefore correct?

                    >>> Upgrading pfSense-pkg-arpwatch... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: 
Fetching packagesite.pkg: 
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
Fetching meta.conf: 
Fetching packagesite.pkg: 
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
	pfSense-pkg-arpwatch-0.2.1 [pfSense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pfSense-pkg-arpwatch-0.2.1...
[1/1] Extracting pfSense-pkg-arpwatch-0.2.1: ......... done
Removing arpwatch components...
Menu items... done.
Services... done.
Loading package instructions...
Deinstall commands... done.
Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.
>>> Cleaning up cache... done.
Success
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post