Strange DHCP client problem - renewal fails until tcpdump
-
Hi,
I got a problem with a DHCP WAN interface. After the lease time expires renewal fails:
Mar 7 21:09:45 fw dhclient: EXPIRE
Mar 7 21:09:45 fw dhclient: Deleting old routes
Mar 7 21:09:45 fw dhclient: PREINIT
Mar 7 21:09:54 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
Mar 7 21:10:09 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
Mar 7 21:10:24 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
Mar 7 21:10:39 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
Mar 7 21:10:46 fw dhclient: FAIL
Mar 7 21:10:54 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
Mar 7 21:11:09 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
Mar 7 21:11:24 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
Mar 7 21:11:39 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
Mar 7 21:11:48 fw dhclient: FAILdhclient keeps failing for hours, but as soon as I start tcpdump on the interface it suddently works again:
Mar 7 21:59:28 fw dhclient: FAIL
Mar 7 21:59:28 fw kernel: vr1: promiscuous mode enabled
Mar 7 21:59:28 fw kernel: vr1_vlan8: promiscuous mode enabled
Mar 7 21:59:31 fw dhclient: ARPSEND
Mar 7 21:59:33 fw dhclient: ARPCHECK
Mar 7 21:59:33 fw dhclient: BOUND
Mar 7 21:59:33 fw dhclient: Starting add_new_address()
Mar 7 21:59:33 fw dhclient: ifconfig vr1_vlan8 inet X.X.23.69 netmask 255.255.192.0 broadcast X.X.63.255
Mar 7 21:59:33 fw dhclient: New IP Address (vr1_vlan8): X.X.23.69
Mar 7 21:59:33 fw dhclient: New Subnet Mask (vr1_vlan8): 255.255.192.0
Mar 7 21:59:33 fw dhclient: New Broadcast Address (vr1_vlan8): X.X.63.255
Mar 7 21:59:33 fw dhclient: New Routers (vr1_vlan8): 255.255.255.255Thanks for your help in advance.
Christof
-
Try this fix manually https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/06d30ce7db3a859687efdadd0263f0dfab0b32a3
or update to a snapshot that has that fix.I wonder why one would have a gateway of 255.255.255.255?
-
Thanks for your help. I tried it but it does not fix the problem. I did some more research and it seems that setting custom MAC addresses on VLAN interfaces is causing the problem (see below).
The firewall is connected to a triple play VDSL line of Deutsche Telekom AG. Their setup requires the use of two tagged VLANs: one for internet access via PPPoE (VID 7 = WAN), one for IPTV with DHCP (VID 8 = IPTV). There is a specialty that the two VLAN interfaces must have different MAC addresses. As soon as the DHCP client acquires a lease in the IPTV VLAN, this MAC address is locked for internet access via PPPoE in the other VLAN.
First I tried to set a custom mac address for the WAN interface (see screenshot), but it does not get applied even after a reboot:
vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:20:fb:05
inet6 fe80::20d:b9ff:fe20:fb05%vr1 prefixlen 64 scopeid 0x2
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: activevr1_vlan7: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 00:0d:b9:20:fb:05
inet6 fe80::20d:b9ff:fe20:fb04%vr1_vlan7 prefixlen 64 scopeid 0x8
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 7 parent interface: vr1</full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>Then I set a custom MAC address on the IPTV interface. This works, but then the strange DHCP client issue appears: dhclient fails until the interface is set to promiscous mode. It aquires a DHCP lease and works for 12 hours (expiry), then it happens again.
@ermal:
I wonder why one would have a gateway of 255.255.255.255?
The IPTV interface uses 255.255.255.255 as gateway, but more specific routes for the IPTV services are sent via DHCP.
Best Regards
Christof
-
Oh than it is normal to require a promiscious mode interface. since there are no means that a network card can have to mac addresses at the same time.
You can put a shellcmds on your config to do this for your vlans.I will try to find a generic solution to this in the meantime.
-
You can follow it here http://redmine.pfsense.org/issues/1337
-
The firewall is connected to a triple play VDSL line of Deutsche Telekom AG. Their setup requires the use of two tagged VLANs: one for internet access via PPPoE (VID 7 = WAN), one for IPTV with DHCP (VID 8 = IPTV). There is a specialty that the two VLAN interfaces must have different MAC addresses. As soon as the DHCP client acquires a lease in the IPTV VLAN, this MAC address is locked for internet access via PPPoE in the other VLAN.
I presume the two VLANs share a single physical connection to the VDSL "modem".
Do you have a VLAN capable switch? If so, you could use two physical interfaces with VLANs, one with VLAN 7 and one with VLAN 8 into the switch and switch port connecting to the VDSL is a member of both VLAN 7 and VLAN 8. Then each VLAN will have distinct MAC addresses because they children of distinct physical interfaces.
-
Thanks for your help and hints. I'll keep an eye on the ticket.
I presume the two VLANs share a single physical connection to the VDSL "modem".
Yes, correct. I'll use your suggested workaround with a VLAN capable switch.
Best Regards
Christof