DHCP on WAN doesn't refresh IP, only reboot helps

lutel · Jan 1, 2024, 10:18 AM

Hello Beautiful Community!

I have really strange problem. I have pfSense connected to ISP
ISP (modem/bridge mode) <---> (WAN - DHCP) pfSense (LAN) <---> LAN
The pfSense is on Proxmox, on box with I226 NICs. On the Proxmox, I've tried running the interface as a bridge (typical config) or NIC passthrough (currently) - but the behaviour is the same.

The problem is, that once the lease expires, the pfSense sends DISCOVER packet, but it doesn't get reply (or I can't see it), only reboot helps.

I've tried to enforce refresh, but it doesn't do anything, and renewal time is different than on /var/db/dhclient.leases.igc0 (53729 vs 62333)

/sbin/dhclient -c /var/etc/dhclient_wan.conf -l /var/db/dhclient.leases.igc0 igc0
Cannot open or create pidfile: No such file or directory
dhclient 51188 - - PREINIT
DHCPREQUEST on igc0 to 255.255.255.255 port 67
DHCPDISCOVER on igc0 to 255.255.255.255 port 67 interval 25
DHCPDISCOVER on igc0 to 255.255.255.255 port 67 interval 36
No DHCPOFFERS received.
Trying recorded lease 86.106.159.49
bound: renewal in 53729 seconds.

cat /var/db/dhclient.leases.igc0
lease {
  interface "igc0";
  fixed-address 83.106.159.49;
  next-server 52.179.2.165;
  option subnet-mask 255.255.252.0;
  option time-offset 3600;
  option routers 83.106.156.1;
  option domain-name-servers 52.179.1.60,52.179.1.61;
  option host-name "pfs";
  option domain-name "xxx.pl";
  option interface-mtu 576;
  option broadcast-address 255.255.255.255;
  option dhcp-lease-time 124667;
  option dhcp-message-type 5;
  option dhcp-server-identifier 83.106.12.1;
  option dhcp-renewal-time 62333;
  option dhcp-rebinding-time 109083;
  renew 2 2024/1/2 00:45:26;
  rebind 2 2024/1/2 13:44:34;
  expire 2 2024/1/2 18:04:20;
}

What is strange, when I run tcpdump to check the traffic, I never see offers from the server 83.106.12.1, but only lots of offers from private addresses, but somehow after reboot, the pfSense still manage to set proper public IP from DHCP (83.106.159.49).

tcpdump -n port 67 or port 68 -r dhcp-monitor-post-boot3.pcap
reading from file dhcp-monitor-post-boot3.pcap, link-type EN10MB (Ethernet), snapshot length 262144
07:34:28.283291 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:b8:e0:00:e3:ab, length 300
07:34:30.087121 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:31.813774 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:32.938587 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:37.567967 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:38.139626 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:38.228188 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:39.311015 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:41.450261 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:42.378439 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347
07:34:42.380025 IP 10.221.128.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 347

First two packets from above:

07:34:28.283291 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from a8:b8:e0:00:e3:ab, length 300, xid 0x7be49db8, secs 27, Flags [none] (0x0000)
          Client-Ethernet-Address a8:b8:e0:00:e3:ab
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message (53), length 1: Discover
            Requested-IP (50), length 4: 83.106.159.49
            Client-ID (61), length 7: ether a8:b8:e0:00:e3:ab
            Hostname (12), length 3: "pfs"
            Parameter-Request (55), length 10:
              Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
              Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
              Unknown (119), MTU (26)
            END (255), length 0
            PAD (0), length 0, occurs 24
07:34:30.087121 IP (tos 0x0, ttl 255, id 2525, offset 0, flags [none], proto UDP (17), length 375)
    10.221.128.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 347, xid 0x5b2da54, Flags [Broadcast] (0x8000)
          Your-IP 10.221.145.91
          Server-IP 172.25.117.181
          Gateway-IP 10.221.128.1
          Client-Ethernet-Address 00:d0:37:57:ef:c0
          file "d4a_thomson.cfg"
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message (53), length 1: Offer
            Server-ID (54), length 4: 52.179.2.133
            Lease-Time (51), length 4: 535147
            Subnet-Mask (1), length 4: 255.255.128.0
            Domain-Name-Server (6), length 8: 52.179.1.60,52.179.1.61
            Default-Gateway (3), length 4: 10.221.128.1
            Time-Zone (2), length 4: 3600
            Time-Server (4), length 8: 52.179.2.133,52.179.14.133
            LOG (7), length 8: 52.179.2.133,52.179.14.133
            RN (58), length 4: 267573
            RB (59), length 4: 468253
            END (255), length 0
            PAD (0), length 0, occurs 31

To summarise, the problem is that after expire time WAN lose IP address, and I couldn't find a way to refresh it manually (tried relinquish, ifconfig down,up, enforcing with dhclient, disabling filtering etc). Reboot of the pfSense somehow helps - after reboot I'm getting the public IP from DHCP. Whats really strange to me, I never see DHCP Offer packets from the public IP, and these from private, doesn't have the public IP in them anyway.

Do you have any idea what could be wrong? Maybe I should set interface in Bridge mode? Maybe some specific config of DHCLIENT (/var/etc/dhclient_wan.conf)? What could be the cause of this?