Strange DHCP client problem - renewal fails until tcpdump



  • Hi,

    I got a problem with a DHCP WAN interface. After the lease time expires renewal fails:

    Mar  7 21:09:45 fw dhclient: EXPIRE
    Mar  7 21:09:45 fw dhclient: Deleting old routes
    Mar  7 21:09:45 fw dhclient: PREINIT
    Mar  7 21:09:54 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
    Mar  7 21:10:09 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
    Mar  7 21:10:24 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
    Mar  7 21:10:39 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
    Mar  7 21:10:46 fw dhclient: FAIL
    Mar  7 21:10:54 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
    Mar  7 21:11:09 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
    Mar  7 21:11:24 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
    Mar  7 21:11:39 fw kernel: arpresolve: can't allocate llinfo for 255.255.255.255
    Mar  7 21:11:48 fw dhclient: FAIL

    dhclient keeps failing for hours, but as soon as I start tcpdump on the interface it suddently works again:

    Mar  7 21:59:28 fw dhclient: FAIL
    Mar  7 21:59:28 fw kernel: vr1: promiscuous mode enabled
    Mar  7 21:59:28 fw kernel: vr1_vlan8: promiscuous mode enabled
    Mar  7 21:59:31 fw dhclient: ARPSEND
    Mar  7 21:59:33 fw dhclient: ARPCHECK
    Mar  7 21:59:33 fw dhclient: BOUND
    Mar  7 21:59:33 fw dhclient: Starting add_new_address()
    Mar  7 21:59:33 fw dhclient: ifconfig vr1_vlan8 inet X.X.23.69 netmask 255.255.192.0 broadcast X.X.63.255
    Mar  7 21:59:33 fw dhclient: New IP Address (vr1_vlan8): X.X.23.69
    Mar  7 21:59:33 fw dhclient: New Subnet Mask (vr1_vlan8): 255.255.192.0
    Mar  7 21:59:33 fw dhclient: New Broadcast Address (vr1_vlan8): X.X.63.255
    Mar  7 21:59:33 fw dhclient: New Routers (vr1_vlan8): 255.255.255.255

    Thanks for your help in advance.

    Christof



  • Try this fix manually https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/06d30ce7db3a859687efdadd0263f0dfab0b32a3
    or update to a snapshot that has that fix.

    I wonder why one would have a gateway of 255.255.255.255?



  • Thanks for your help. I tried it but it does not fix the problem. I did some more research and it seems that setting custom MAC addresses on VLAN interfaces is causing the problem (see below).

    The firewall is connected to a triple play VDSL line of Deutsche Telekom AG. Their setup requires the use of two tagged VLANs: one for internet access via PPPoE (VID 7 = WAN), one for IPTV with DHCP (VID 8 = IPTV). There is a specialty that the two VLAN interfaces must have different MAC addresses. As soon as the DHCP client acquires a lease in the IPTV VLAN, this MAC address is locked for internet access via PPPoE in the other VLAN.

    First I tried to set a custom mac address for the WAN interface (see screenshot), but it does not get applied even after a reboot:

    vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:20:fb:05
    inet6 fe80::20d:b9ff:fe20:fb05%vr1 prefixlen 64 scopeid 0x2
    nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active

    vr1_vlan7: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    ether 00:0d:b9:20:fb:05
    inet6 fe80::20d:b9ff:fe20:fb04%vr1_vlan7 prefixlen 64 scopeid 0x8
    nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    vlan: 7 parent interface: vr1</full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>

    Then I set a custom MAC address on the IPTV interface. This works, but then the strange DHCP client issue appears: dhclient fails until the interface is set to promiscous mode. It aquires a DHCP lease and works for 12 hours (expiry), then it happens again.

    @ermal:

    I wonder why one would have a gateway of 255.255.255.255?

    The IPTV interface uses 255.255.255.255 as gateway, but more specific routes for the IPTV services are sent via DHCP.

    Best Regards
    Christof




  • Oh than it is normal to require a promiscious mode interface. since there are no means that a network card can have to mac addresses at the same time.
    You can put a shellcmds on your config to do this for your vlans.

    I will try to find a generic solution to this in the meantime.





  • @cegner:

    The firewall is connected to a triple play VDSL line of Deutsche Telekom AG. Their setup requires the use of two tagged VLANs: one for internet access via PPPoE (VID 7 = WAN), one for IPTV with DHCP (VID 8 = IPTV). There is a specialty that the two VLAN interfaces must have different MAC addresses. As soon as the DHCP client acquires a lease in the IPTV VLAN, this MAC address is locked for internet access via PPPoE in the other VLAN.

    I presume the two VLANs share a single physical connection to the VDSL "modem".

    Do you have a VLAN capable switch? If so, you could use two physical interfaces with VLANs, one with VLAN 7 and one with VLAN 8 into the switch and switch port connecting to the VDSL is a member of both VLAN 7 and VLAN 8. Then each VLAN will have distinct MAC addresses because they children of distinct physical interfaces.



  • Thanks for your help and hints. I'll keep an eye on the ticket.

    @wallabybob:

    I presume the two VLANs share a single physical connection to the VDSL "modem".

    Yes, correct. I'll use your suggested workaround with a VLAN capable switch.

    Best Regards
    Christof


Log in to reply