Problems switching from Static IP block to DHCP on the WAN

NickJH

I have just given up my /29 static IP block and switched to DHCP on the WAN (for a single IP) and I am struggling.

I removed all the 1:1 NAT rules and then tried deleting all the Virtual IPs, but I can't delete the last one. If I try, I get the message:

The following input errors were detected:

    This entry cannot be deleted because it is required to reach Gateway: WANGW.

I have switched the WAN to DHCP and that is working (after a big fight but that is another story). but my routing table still references the old IPs:

Routing tables

Internet:
Destination        Gateway            Flags   Nhop#    Mtu      Netif Expire
default            62.30.63.89        UGS         5   1500       igc0
62.30.63.88/29     link#1             U           8   1500       igc0
62.30.63.93        link#6             UHS         3  16384        lo0
82.5.76.0/22       link#1             U           1   1500       igc0
aaa.bb.76.1          link#1             UHS         4   1500       igc0
aa.bb.79.245        link#6             UHS         3  16384        lo0
127.0.0.1          link#6             UH          2  16384        lo0
127.0.0.2          link#6             UH          7  16384        lo0
172.17.0.0/23      172.17.2.1         UGS        10   1500    bridge0
172.17.2.0/24      link#9             U           6   1500    bridge0
172.17.2.254       link#6             UHS         9  16384        lo0

There should be no references to any 62.30.63.88-95 addresses as they were my old IP block. My WAN IP is now aa.bb.79.245 and, I guess the gateway is aa.bb.76.1 and it should be the default.

Ifconfig gives:

igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN
        options=4e020bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 88:04:5b:51:6d:64
        inet aa.bb.79.245 netmask 0xfffffc00 broadcast aa.bb.79.255
        inet 62.30.63.93 netmask 0xfffffff8 broadcast 62.30.63.95
        inet6 fe80::8a04:5bff:fe51:6d64%igc0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect (2500Base-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

So it also references the old IP block.

How do I go about correcting all this? I am comfortable with the command line, if needed.

NickJH

I think I've found it. I've had to go System > Routing and set WAN_DHCP to be default. This allowed me to delete the 62.30.63.88/29 from there as well. Then I could remove the Virtual IP.

Question. Why was all this necessary? Shouldn't pfSense looked after it all for me when I change the WAN from Static to DHCP?

stephenw10

When you use DHCP the gateway is dynamic and passed by the upstream server. You probably still had the old gateway set from the static config and to access that it has to be inside a locally defined subnet. Since the last place that subnet was defined was the VIP it objected when you tried to remove it. Removing the old gateway before removing the VIPs would have avoided that.

NickJH

@stephenw10 OK, but to me, when you switch from Static to DHCP, all Static settings should be removed. Surely that is what the menu option 2 should be doing? There is nothing there to delete the static settings, only to change the interface. Changing it should remove the old settings rather than leave you in limbo, trying to clean up a mess left behind when the average user would not know where to look or what to look for. Nothing should have been left in the routing table, at a minimum.

stephenw10

It would be difficult to do that and be sure the gateway removed was correct and not in use. It's safer to allow the user to remove it manually.

NickJH

@stephenw10 I am afraid I disagree. If you are changing from Static to DHCP, as the gateway was set up in option 2 of the console, I'd also expect it to be removed when unsetting it. IMHO, it is a realistic expectation for the internet to be cut transiently when changing from one method to another.

Just about any commercial router will do the same.

At a very minimum, a warning should pop up telling you what you still need to do. It caused me a load of pain this morning.

stephenw10

What happens if there was no gateway on the interface but one was added later in the WAN subnet? Or if there was a gateway added on the WAN but it's still being used?

There are a lot of permutations here. Manually removing it is always safer.

NickJH

@stephenw10 A view not held by your average commercial router. Add routes automatically and remove them automatically.

Also don't leave your users in the lurch by not warning them.....

stephenw10

Open a bug report: https://redmine.pfsense.org/

NickJH

@stephenw10 Done - https://redmine.pfsense.org/issues/16144 - but failed with the text formatting of console output. I've put it down as a Configuration Backend issue but I was not sure which category to use. Feel free to change it.

tinfoilmatt

@NickJH said in Problems switching from Static IP block to DHCP on the WAN:

I removed all the 1:1 NAT rules and then tried deleting all the Virtual IPs, but I can't delete the last one. If I try, I get the message:

The following input errors were detected:

This entry cannot be deleted because it is required to reach Gateway: WANGW.

This was your at-a-very-minimum-thrown warning. Seems reasonable to me.

And what's a "domestic router" by the way? British, American, or other?

NickJH

@tinfoilmatt A domestic router, I guess, can be called a SOHO router that the average man in the street can but from their local computing shop - Linksys, TP-Link, D-Link, Draytek, Netgear etc or is supplied by your ISP. It excludes high end devices like some of the CIsco and Juniper devices and things like that.

The warning is not good. It does not even point the user to the correct screen or give him any instructions. It did help me eventually narrow it down, but I consider myself way more advanced than your average user - I used work for Clearcenter providing support for ClearOS (which also resets the routing table when changing the external WAN settings).