DCHP server of VLAN doesn't work (2.0-BETA5 - build Jan 15)
-
I've created 2 vlans : publicwifi and privatewifi. Until now everything went well, but i've upgraded today my pfsense 2.0 to the build of jan 15 and it's … broken :-)
My Lan network's DHCP server works well!
-
It's not just that build, I don't think… I'm running the Jan 10 build and the DHCP is intermittent for VLANs on that one. It seems to work for the first couple of hours, but after that it stops responding to DHCP requests from the VLANs.
-
Well, I take that back. It seems to be a little more complex than that. I get DHCP response for certain devices, but not others… maybe it has something to do with the syntax of the DHCP request?
-
The plot thickens. DHCP behavior is rather… intermittent. It's not necessarily different devices as I was thinking before, I've now had the same device both function to get a DHCP address, and at a different time be completely unable to acquire one, with no other system changes. Very odd.
-
If you can catch it at a point where it can't renew, capture the traffic, see what's happening.
I'm running DHCP server on VLANs in multiple locations with no issues.
-
My problem is that the DHCP server don't work anymore. So the solution have to be found there…
-
My problem is that the DHCP server don't work anymore. So the solution have to be found there…
You still need to get a packet capture of the traffic, see if the request is getting to the firewall.
-
Extraction of the system log
Jan 18 19:09:22 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jan 18 19:09:22 dhcpd: /etc/dhcpd.conf line 23: expecting numeric value.
Jan 18 19:09:22 dhcpd: /etc/dhcpd.conf line 23: expecting numeric value.
Jan 18 19:09:22 dhcpd: subnet netmask
Jan 18 19:09:22 dhcpd: subnet netmask
Jan 18 19:09:22 dhcpd: ^
Jan 18 19:09:22 dhcpd: ^
Jan 18 19:09:22 dhcpd: /etc/dhcpd.conf line 32: expecting numeric value.
Jan 18 19:09:22 dhcpd: /etc/dhcpd.conf line 32: expecting numeric value.
Jan 18 19:09:22 dhcpd: subnet netmask
Jan 18 19:09:22 dhcpd: subnet netmask
Jan 18 19:09:22 dhcpd: ^
Jan 18 19:09:22 dhcpd: ^
Jan 18 19:09:22 dhcpd: Configuration file errors encountered – exiting
Jan 18 19:09:22 dhcpd: Configuration file errors encountered -- exiting
Jan 18 19:09:22 dhcpd:
Jan 18 19:09:22 dhcpd:
Jan 18 19:09:22 dhcpd: If you did not get this software from ftp.isc.org, please
Jan 18 19:09:22 dhcpd: If you did not get this software from ftp.isc.org, please
Jan 18 19:09:22 dhcpd: get the latest from ftp.isc.org and install that before
Jan 18 19:09:22 dhcpd: get the latest from ftp.isc.org and install that before
Jan 18 19:09:22 dhcpd: requesting help.
Jan 18 19:09:22 dhcpd: requesting help.
Jan 18 19:09:22 dhcpd:
Jan 18 19:09:22 dhcpd:
Jan 18 19:09:22 dhcpd: If you did get this software from ftp.isc.org and have not
Jan 18 19:09:22 dhcpd: If you did get this software from ftp.isc.org and have not
Jan 18 19:09:22 dhcpd: yet read the README, please read it before requesting help.
Jan 18 19:09:22 dhcpd: yet read the README, please read it before requesting help.
Jan 18 19:09:22 dhcpd: If you intend to request help from the dhcp-server@isc.org
Jan 18 19:09:22 dhcpd: If you intend to request help from the dhcp-server@isc.org
Jan 18 19:09:22 dhcpd: mailing list, please read the section on the README about
Jan 18 19:09:22 dhcpd: mailing list, please read the section on the README about
Jan 18 19:09:22 dhcpd: submitting bug reports and requests for help.
Jan 18 19:09:22 dhcpd: submitting bug reports and requests for help.
Jan 18 19:09:22 dhcpd:
Jan 18 19:09:22 dhcpd:
Jan 18 19:09:22 dhcpd: Please do not under any circumstances send requests for
Jan 18 19:09:22 dhcpd: Please do not under any circumstances send requests for
Jan 18 19:09:22 dhcpd: help directly to the authors of this software - please
Jan 18 19:09:22 dhcpd: help directly to the authors of this software - please
Jan 18 19:09:22 dhcpd: send them to the appropriate mailing list as described in
Jan 18 19:09:22 dhcpd: send them to the appropriate mailing list as described in
Jan 18 19:09:22 dhcpd: the README file.
Jan 18 19:09:22 dhcpd: the README file.
Jan 18 19:09:22 dhcpd:
Jan 18 19:09:22 dhcpd:
Jan 18 19:09:22 dhcpd: exiting.
Jan 18 19:09:22 dhcpd: exiting.
Jan 18 19:09:22 php: /services_dhcp.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf re0 re0_vlan100 re0_vlan200' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpd.conf line 23: expecting numeric value. subnet netmask ^ /etc/dhcpd.conf line 32: expecting numeric value. subnet netmask ^ Configuration file errors encountered -- exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not uBut when i want to edit /etc/dhcpd.conf, i see that…that doesn't exists?
-
it's not running at all with that. go to Diagnostics>Command and run:
cat /var/dhcpd/etc/dhcpd.conf
and paste the output.
-
This is the output of cat /var/dhcpd/etc/dhcpd.conf
$ cat /var/dhcpd/etc/dhcpd.conf
option domain-name "office.it2go.eu";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
ddns-update-style none;
one-lease-per-client true;
deny duplicates;
ping-check true;
authoritative;
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
range 10.0.0.100 10.0.0.245;
}
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
option ntp-servers 193.110.251.50;}
subnet netmask 0.0.0.0 {
pool {
range 10.2.0.100 10.2.0.254;
}
option routers ;
option domain-name-servers ;
option ntp-servers 193.110.251.50;}
subnet netmask 0.0.0.0 {
pool {
range 10.1.0.100 10.1.0.254;
}
option routers ;
option domain-name-servers ;
option ntp-servers 193.110.251.50;}
-
I put a fix for this it should be in new snapshots.
Do you have any interface that is configured as 'none' assigned?
-
If you mean that i have some unused nics : yes : i only use two of my 4nic pci card.
-
Can you show me an output of status interfaces and config.xml <interfaces></interfaces>part?
-
Belgacom Interface
BELGACOM interface (pppoe0)
Status up
PPPoE up
Uptime 04:21:16
MAC address 00:00:00:00:00:00
IP address 91.182.220.8
Subnet mask 255.255.255.255
Gateway 91.182.220.1
ISP DNS servers 193.110.251.50
94.23.53.69
208.67.222.222
In/out packets 75380/74429 (63.27 MB/5.46 MB)
In/out packets (pass) 74429/60029 (62.80 MB/5.46 MB)
In/out packets (block) 951/0 (482 KB/0 bytes)
In/out errors 0/0
Collisions 0Lan Interface
LAN interface (re0)
Status up
MAC address 70:71:bc:08:b8:67
IP address 10.0.0.1
Subnet mask 255.255.255.0
Media 1000baseT <full-duplex>In/out packets 72755/72671 (8.22 MB/80.65 MB)
In/out packets (pass) 72671/89265 (8.21 MB/80.65 MB)
In/out packets (block) 84/0 (6 KB/0 bytes)
In/out errors 0/0
Collisions 0</full-duplex>Dommel Interface
DOMMEL interface (pppoe1)
Status up
PPPoE up
Uptime 04:21:16
MAC address 00:00:00:00:00:00
IP address 83.101.6.45
Subnet mask 255.255.255.255
Gateway 83.101.6.1
In/out packets 44245/40297 (17.69 MB/3.74 MB)
In/out packets (pass) 40297/40424 (17.08 MB/3.74 MB)
In/out packets (block) 3948/0 (623 KB/0 bytes)
In/out errors 0/0
Collisions 0Publicwifi Interface
PUBLICWIFI interface (re0_vlan100)
Status downPrivatewifi Interface
PRIVATEWIFI interface (re0_vlan200)
Status downConfig.xml
<interfaces><wan><enable><if>pppoe0</if>
<media><mediaopt><spoofmac><ipaddr>pppoe</ipaddr></spoofmac></mediaopt></media></enable></wan>
<lan><enable><if>re0</if>
<ipaddr>10.0.0.1</ipaddr>
<subnet>24</subnet>
<media><mediaopt></mediaopt></media></enable></lan>
<opt1><if>pppoe1</if><enable><spoofmac><ipaddr>pppoe</ipaddr></spoofmac></enable></opt1>
<opt2><if>re0_vlan100</if>
<enable><spoofmac><ipaddr>10.2.0.1</ipaddr>
<subnet>24</subnet></spoofmac></enable></opt2>
<opt3><if>re0_vlan200</if>
<enable><spoofmac><ipaddr>10.1.0.1</ipaddr>
<subnet>24</subnet></spoofmac></enable></opt3></interfaces> -
@ermal:
I put a fix for this it should be in new snapshots.
Do you have any interface that is configured as 'none' assigned?
I got the snapshot of today (2.0-BETA5 (i386) built on Wed Jan 19 02:10:47 EST 2011) where it isn't fixed yet?
Logs
Jan 19 20:51:00 kernel: re0_vlan2: link state changed to UP
Jan 19 20:51:00 kernel: re0_vlan3: link state changed to UP
Jan 19 20:51:00 php: : ROUTING: change default route to 83.101.6.1
Jan 19 20:51:00 check_reload_status: reloading filter
Jan 19 20:51:00 apinger: Starting Alarm Pinger, apinger(42244)
Jan 19 20:51:01 php: : ROUTING: change default route to 83.101.6.1
Jan 19 20:51:01 check_reload_status: reloading filter
Jan 19 20:51:01 php: : The command '/sbin/ifconfig 're0_vlan100' -staticarp ' returned exit code '1', the output was 'ifconfig: interface re0_vlan100 does not exist'
Jan 19 20:51:01 php: : The command '/usr/sbin/arp -d -i 're0_vlan100' -a > /dev/null 2>&1 ' returned exit code '1', the output was ''
Jan 19 20:51:01 php: : The command '/sbin/ifconfig 're0_vlan200' -staticarp ' returned exit code '1', the output was 'ifconfig: interface re0_vlan200 does not exist'
Jan 19 20:51:04 php: : The command '/usr/sbin/arp -d -i 're0_vlan200' -a > /dev/null 2>&1 ' returned exit code '1', the output was ''
Jan 19 20:51:04 php: : Gateways status could not be determined, considering all as up/active.
Jan 19 20:51:04 php: : Gateways status could not be determined, considering all as up/active.
Jan 19 20:51:04 php: : Gateways status could not be determined, considering all as up/active.
Jan 19 20:51:04 dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Jan 19 20:51:04 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Jan 19 20:51:04 dhcpd: All rights reserved.
Jan 19 20:51:04 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jan 19 20:51:04 dnsmasq[63428]: started, version 2.55 cachesize 10000
Jan 19 20:51:04 dnsmasq[63428]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Jan 19 20:51:04 dnsmasq[63428]: reading /etc/resolv.conf
Jan 19 20:51:04 check_reload_status: updating all dyndns
Jan 19 20:51:04 dnsmasq[63428]: using nameserver 208.67.222.222#53
Jan 19 20:51:04 dnsmasq[63428]: using nameserver 94.23.53.69#53
Jan 19 20:51:04 dnsmasq[63428]: using nameserver 193.110.251.50#53
Jan 19 20:51:04 dnsmasq[63428]: read /etc/hosts - 2 addresses
Jan 19 20:51:05 php: : Gateways status could not be determined, considering all as up/active.
Jan 19 20:51:05 php: : Gateways status could not be determined, considering all as up/active.
Jan 19 20:51:05 php: : Gateways status could not be determined, considering all as up/active.
Jan 19 20:51:08 php: : Resyncing OpenVPN instances for interface BELGACOM.
Jan 19 20:51:08 php: : Resyncing OpenVPN instances for interface DOMMEL.
Jan 19 20:51:09 php: : Creating rrd update script
Jan 19 20:51:09 php: miniupnpd: Starting service on interface: lan
Jan 19 20:51:09 miniupnpd[43849]: HTTP listening on port 2189
Jan 19 20:51:09 miniupnpd[43849]: HTTP listening on port 2189
Jan 19 20:51:09 miniupnpd[43849]: Listening for NAT-PMP traffic on port 5351
Jan 19 20:51:09 miniupnpd[43849]: Listening for NAT-PMP traffic on port 5351
Jan 19 20:51:16 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
Jan 19 20:51:16 check_reload_status: syncing firewall
Jan 19 20:51:16 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
Jan 19 20:51:16 check_reload_status: syncing firewall
Jan 19 20:51:17 kernel: pid 62289 (php), uid 0: exited on signal 11
Jan 19 20:51:17 php: : Beginning package installation for RRD Summary.
Jan 19 20:51:18 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
Jan 19 20:51:18 check_reload_status: syncing firewall
Jan 19 20:51:18 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
Jan 19 20:51:19 check_reload_status: syncing firewall
Jan 19 20:51:19 php: : Resyncing configuration for all packages.
Jan 19 20:51:21 login: login on ttyv0 as root
Jan 19 20:51:21 sshlockout[4978]: sshlockout/webConfigurator v3.0 starting upStatus > Interfaces
PUBLICWIFI interface (re0_vlan100)
Status down
PRIVATEWIFI interface (re0_vlan200)
Status down -
Please disregard my earlier comments in this thread… my issue was unrelated, turned out to be a bad stacking cable on our switch stack.
-
Still down on the Thu Jan 20 05:02:05 EST 2011 version
-
Still down on the Thu Jan 20 05:02:05 EST 2011 version
Looks like that has nothing to do with the version, just that you broke your config. You have VLANs 100 and 200 assigned, but you apparently changed those to VLANs 2 and 3 without properly re-assigning or deleting the interfaces.
