DCHP server of VLAN doesn't work (2.0-BETA5 - build Jan 15)



  • I've created 2 vlans : publicwifi and privatewifi.  Until now everything went well, but i've upgraded today my pfsense 2.0 to the build of jan 15 and it's … broken :-)

    My Lan network's DHCP server works well!



  • It's not just that build, I don't think… I'm running the Jan 10 build and the DHCP is intermittent for VLANs on that one.  It seems to work for the first couple of hours, but after that it stops responding to DHCP requests from the VLANs.



  • Well, I take that back.  It seems to be a little more complex than that.  I get DHCP response for certain devices, but not others… maybe it has something to do with the syntax of the DHCP request?



  • The plot thickens. DHCP behavior is rather… intermittent.  It's not necessarily different devices as I was thinking before, I've now had the same device both function to get a DHCP address, and at a different time be completely unable to acquire one, with no other system changes.  Very odd.



  • If you can catch it at a point where it can't renew, capture the traffic, see what's happening.

    I'm running DHCP server on VLANs in multiple locations with no issues.



  • My problem is that the DHCP server don't work anymore.  So the solution have to be found there…



  • @krisken:

    My problem is that the DHCP server don't work anymore.  So the solution have to be found there…

    You still need to get a packet capture of the traffic, see if the request is getting to the firewall.



  • Extraction of the system log

    Jan 18 19:09:22 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Jan 18 19:09:22 dhcpd: /etc/dhcpd.conf line 23: expecting numeric value.
    Jan 18 19:09:22 dhcpd: /etc/dhcpd.conf line 23: expecting numeric value.
    Jan 18 19:09:22 dhcpd: subnet netmask
    Jan 18 19:09:22 dhcpd: subnet netmask
    Jan 18 19:09:22 dhcpd: ^
    Jan 18 19:09:22 dhcpd: ^
    Jan 18 19:09:22 dhcpd: /etc/dhcpd.conf line 32: expecting numeric value.
    Jan 18 19:09:22 dhcpd: /etc/dhcpd.conf line 32: expecting numeric value.
    Jan 18 19:09:22 dhcpd: subnet netmask
    Jan 18 19:09:22 dhcpd: subnet netmask
    Jan 18 19:09:22 dhcpd: ^
    Jan 18 19:09:22 dhcpd: ^
    Jan 18 19:09:22 dhcpd: Configuration file errors encountered – exiting
    Jan 18 19:09:22 dhcpd: Configuration file errors encountered -- exiting
    Jan 18 19:09:22 dhcpd:
    Jan 18 19:09:22 dhcpd:
    Jan 18 19:09:22 dhcpd: If you did not get this software from ftp.isc.org, please
    Jan 18 19:09:22 dhcpd: If you did not get this software from ftp.isc.org, please
    Jan 18 19:09:22 dhcpd: get the latest from ftp.isc.org and install that before
    Jan 18 19:09:22 dhcpd: get the latest from ftp.isc.org and install that before
    Jan 18 19:09:22 dhcpd: requesting help.
    Jan 18 19:09:22 dhcpd: requesting help.
    Jan 18 19:09:22 dhcpd:
    Jan 18 19:09:22 dhcpd:
    Jan 18 19:09:22 dhcpd: If you did get this software from ftp.isc.org and have not
    Jan 18 19:09:22 dhcpd: If you did get this software from ftp.isc.org and have not
    Jan 18 19:09:22 dhcpd: yet read the README, please read it before requesting help.
    Jan 18 19:09:22 dhcpd: yet read the README, please read it before requesting help.
    Jan 18 19:09:22 dhcpd: If you intend to request help from the dhcp-server@isc.org
    Jan 18 19:09:22 dhcpd: If you intend to request help from the dhcp-server@isc.org
    Jan 18 19:09:22 dhcpd: mailing list, please read the section on the README about
    Jan 18 19:09:22 dhcpd: mailing list, please read the section on the README about
    Jan 18 19:09:22 dhcpd: submitting bug reports and requests for help.
    Jan 18 19:09:22 dhcpd: submitting bug reports and requests for help.
    Jan 18 19:09:22 dhcpd:
    Jan 18 19:09:22 dhcpd:
    Jan 18 19:09:22 dhcpd: Please do not under any circumstances send requests for
    Jan 18 19:09:22 dhcpd: Please do not under any circumstances send requests for
    Jan 18 19:09:22 dhcpd: help directly to the authors of this software - please
    Jan 18 19:09:22 dhcpd: help directly to the authors of this software - please
    Jan 18 19:09:22 dhcpd: send them to the appropriate mailing list as described in
    Jan 18 19:09:22 dhcpd: send them to the appropriate mailing list as described in
    Jan 18 19:09:22 dhcpd: the README file.
    Jan 18 19:09:22 dhcpd: the README file.
    Jan 18 19:09:22 dhcpd:
    Jan 18 19:09:22 dhcpd:
    Jan 18 19:09:22 dhcpd: exiting.
    Jan 18 19:09:22 dhcpd: exiting.
    Jan 18 19:09:22 php: /services_dhcp.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf re0 re0_vlan100 re0_vlan200' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpd.conf line 23: expecting numeric value. subnet netmask ^ /etc/dhcpd.conf line 32: expecting numeric value. subnet netmask ^ Configuration file errors encountered -- exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not u

    But when i want to edit /etc/dhcpd.conf, i see that…that doesn't exists?



  • it's not running at all with that. go to Diagnostics>Command and run:

    cat /var/dhcpd/etc/dhcpd.conf

    and paste the output.



  • This is the output of cat /var/dhcpd/etc/dhcpd.conf

    $ cat /var/dhcpd/etc/dhcpd.conf

    option domain-name "office.it2go.eu";
    option ldap-server code 95 = text;
    option domain-search-list code 119 = text;

    default-lease-time 7200;
    max-lease-time 86400;
    log-facility local7;
    ddns-update-style none;
    one-lease-per-client true;
    deny duplicates;
    ping-check true;
    authoritative;
    subnet 10.0.0.0 netmask 255.255.255.0 {
    pool {
    range 10.0.0.100 10.0.0.245;
    }
    option routers 10.0.0.1;
    option domain-name-servers 10.0.0.1;
    option ntp-servers 193.110.251.50;

    }
    subnet  netmask 0.0.0.0 {
    pool {
    range 10.2.0.100 10.2.0.254;
    }
    option routers ;
    option domain-name-servers ;
    option ntp-servers 193.110.251.50;

    }
    subnet  netmask 0.0.0.0 {
    pool {
    range 10.1.0.100 10.1.0.254;
    }
    option routers ;
    option domain-name-servers ;
    option ntp-servers 193.110.251.50;

    }



  • I put a fix for this it should be in new snapshots.

    Do you have any interface that is configured as 'none' assigned?



  • If you mean that i have some unused nics : yes : i only use two of my 4nic pci card.



  • Can you show me an output of status interfaces and config.xml <interfaces></interfaces>part?



  • Belgacom Interface

    BELGACOM interface (pppoe0)
    Status up
    PPPoE up  
    Uptime 04:21:16
    MAC address 00:00:00:00:00:00
    IP address 91.182.220.8  
    Subnet mask 255.255.255.255
    Gateway 91.182.220.1
    ISP DNS servers 193.110.251.50
    94.23.53.69
    208.67.222.222
    In/out packets 75380/74429 (63.27 MB/5.46 MB)
    In/out packets (pass) 74429/60029 (62.80 MB/5.46 MB)
    In/out packets (block) 951/0 (482 KB/0 bytes)
    In/out errors 0/0
    Collisions 0

    Lan Interface

    LAN interface (re0)
    Status up
    MAC address 70:71:bc:08:b8:67
    IP address 10.0.0.1  
    Subnet mask 255.255.255.0
    Media 1000baseT <full-duplex>In/out packets 72755/72671 (8.22 MB/80.65 MB)
    In/out packets (pass) 72671/89265 (8.21 MB/80.65 MB)
    In/out packets (block) 84/0 (6 KB/0 bytes)
    In/out errors 0/0
    Collisions 0</full-duplex>

    Dommel Interface

    DOMMEL interface (pppoe1)
    Status up
    PPPoE up  
    Uptime 04:21:16
    MAC address 00:00:00:00:00:00
    IP address 83.101.6.45  
    Subnet mask 255.255.255.255
    Gateway 83.101.6.1
    In/out packets 44245/40297 (17.69 MB/3.74 MB)
    In/out packets (pass) 40297/40424 (17.08 MB/3.74 MB)
    In/out packets (block) 3948/0 (623 KB/0 bytes)
    In/out errors 0/0
    Collisions 0

    Publicwifi Interface

    PUBLICWIFI interface (re0_vlan100)
    Status down

    Privatewifi Interface

    PRIVATEWIFI interface (re0_vlan200)
    Status down

    Config.xml

    <interfaces><wan><enable><if>pppoe0</if>
    <media><mediaopt><spoofmac><ipaddr>pppoe</ipaddr></spoofmac></mediaopt></media></enable></wan>
    <lan><enable><if>re0</if>
    <ipaddr>10.0.0.1</ipaddr>
    <subnet>24</subnet>
    <media><mediaopt></mediaopt></media></enable></lan>
    <opt1><if>pppoe1</if>

    <enable><spoofmac><ipaddr>pppoe</ipaddr></spoofmac></enable></opt1>
    <opt2><if>re0_vlan100</if>
    <enable><spoofmac><ipaddr>10.2.0.1</ipaddr>
    <subnet>24</subnet></spoofmac></enable></opt2>
    <opt3><if>re0_vlan200</if>
    <enable><spoofmac><ipaddr>10.1.0.1</ipaddr>
    <subnet>24</subnet></spoofmac></enable></opt3></interfaces>



  • @ermal:

    I put a fix for this it should be in new snapshots.

    Do you have any interface that is configured as 'none' assigned?

    I got the snapshot of today (2.0-BETA5 (i386) built on Wed Jan 19 02:10:47 EST 2011) where it isn't fixed yet?

    Logs

    Jan 19 20:51:00 kernel: re0_vlan2: link state changed to UP
    Jan 19 20:51:00 kernel: re0_vlan3: link state changed to UP
    Jan 19 20:51:00 php: : ROUTING: change default route to 83.101.6.1
    Jan 19 20:51:00 check_reload_status: reloading filter
    Jan 19 20:51:00 apinger: Starting Alarm Pinger, apinger(42244)
    Jan 19 20:51:01 php: : ROUTING: change default route to 83.101.6.1
    Jan 19 20:51:01 check_reload_status: reloading filter
    Jan 19 20:51:01 php: : The command '/sbin/ifconfig 're0_vlan100' -staticarp ' returned exit code '1', the output was 'ifconfig: interface re0_vlan100 does not exist'
    Jan 19 20:51:01 php: : The command '/usr/sbin/arp -d -i 're0_vlan100' -a > /dev/null 2>&1 ' returned exit code '1', the output was ''
    Jan 19 20:51:01 php: : The command '/sbin/ifconfig 're0_vlan200' -staticarp ' returned exit code '1', the output was 'ifconfig: interface re0_vlan200 does not exist'
    Jan 19 20:51:04 php: : The command '/usr/sbin/arp -d -i 're0_vlan200' -a > /dev/null 2>&1 ' returned exit code '1', the output was ''
    Jan 19 20:51:04 php: : Gateways status could not be determined, considering all as up/active.
    Jan 19 20:51:04 php: : Gateways status could not be determined, considering all as up/active.
    Jan 19 20:51:04 php: : Gateways status could not be determined, considering all as up/active.
    Jan 19 20:51:04 dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
    Jan 19 20:51:04 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
    Jan 19 20:51:04 dhcpd: All rights reserved.
    Jan 19 20:51:04 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Jan 19 20:51:04 dnsmasq[63428]: started, version 2.55 cachesize 10000
    Jan 19 20:51:04 dnsmasq[63428]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
    Jan 19 20:51:04 dnsmasq[63428]: reading /etc/resolv.conf
    Jan 19 20:51:04 check_reload_status: updating all dyndns
    Jan 19 20:51:04 dnsmasq[63428]: using nameserver 208.67.222.222#53
    Jan 19 20:51:04 dnsmasq[63428]: using nameserver 94.23.53.69#53
    Jan 19 20:51:04 dnsmasq[63428]: using nameserver 193.110.251.50#53
    Jan 19 20:51:04 dnsmasq[63428]: read /etc/hosts - 2 addresses
    Jan 19 20:51:05 php: : Gateways status could not be determined, considering all as up/active.
    Jan 19 20:51:05 php: : Gateways status could not be determined, considering all as up/active.
    Jan 19 20:51:05 php: : Gateways status could not be determined, considering all as up/active.
    Jan 19 20:51:08 php: : Resyncing OpenVPN instances for interface BELGACOM.
    Jan 19 20:51:08 php: : Resyncing OpenVPN instances for interface DOMMEL.
    Jan 19 20:51:09 php: : Creating rrd update script
    Jan 19 20:51:09 php: miniupnpd: Starting service on interface: lan
    Jan 19 20:51:09 miniupnpd[43849]: HTTP listening on port 2189
    Jan 19 20:51:09 miniupnpd[43849]: HTTP listening on port 2189
    Jan 19 20:51:09 miniupnpd[43849]: Listening for NAT-PMP traffic on port 5351
    Jan 19 20:51:09 miniupnpd[43849]: Listening for NAT-PMP traffic on port 5351
    Jan 19 20:51:16 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
    Jan 19 20:51:16 check_reload_status: syncing firewall
    Jan 19 20:51:16 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
    Jan 19 20:51:16 check_reload_status: syncing firewall
    Jan 19 20:51:17 kernel: pid 62289 (php), uid 0: exited on signal 11
    Jan 19 20:51:17 php: : Beginning package installation for RRD Summary.
    Jan 19 20:51:18 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
    Jan 19 20:51:18 check_reload_status: syncing firewall
    Jan 19 20:51:18 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
    Jan 19 20:51:19 check_reload_status: syncing firewall
    Jan 19 20:51:19 php: : Resyncing configuration for all packages.
    Jan 19 20:51:21 login: login on ttyv0 as root
    Jan 19 20:51:21 sshlockout[4978]: sshlockout/webConfigurator v3.0 starting up

    Status > Interfaces

    PUBLICWIFI interface (re0_vlan100)
    Status down
    PRIVATEWIFI interface (re0_vlan200)
    Status down



  • Please disregard my earlier comments in this thread… my issue was unrelated, turned out to be a bad stacking cable on our switch stack.



  • Still down on the Thu Jan 20 05:02:05 EST 2011 version



  • @krisken:

    Still down on the Thu Jan 20 05:02:05 EST 2011 version

    Looks like that has nothing to do with the version, just that you broke your config. You have VLANs 100 and 200 assigned, but you apparently changed those to VLANs 2 and 3 without properly re-assigning or deleting the interfaces.


Locked