DHCP fails when lease expires on WAN interface



  • Using 2.0-RC1 on HP SFF hardware with Intel NIC's

    I have now lost connection several times to my ISP while running 2.0-RC1.
    What happens is that PFsense looses connection when the DHCP lease expires, and should be renewed.
    The only thing that helps, is to shut down the entire machine and wait several minutes and boot up again.

    With tcpdump I can see that the firewall asks for the last know DHCP address, and the before the ISP can
    answer the interface is shut down - and up a few moments later, and this continues forever….

    em1: link state changed to DOWN
    em1: link state changed to UP
    em1: link state changed to DOWN
    em1: link state changed to UP
    em1: link state changed to DOWN
    em1: link state changed to UP

    11:11:31.996985 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300
    11:11:32.051383 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300
    11:11:35.888569 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300
    11:11:39.695808 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300
    11:11:39.766881 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300
    11:11:43.538529 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300
    11:11:43.901234 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300
    11:11:49.413487 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300
    11:11:49.429890 IP 87.4x.xx.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0e:0c:b8:00:f0, length 300

    I'm really not sure why the system shuts down the interface, and then enables it again a few moments later.
    But it interrupts DHCP in working, and leaving my firewall in a non working situation.

    Best regards
    Gorm


  • Rebel Alliance Developer Netgate

    That wouldn't be pfSense resetting like that - it's indicating a loss of link, meaning it's acting as if it was unplugged.

    Perhaps it's your ISP Modem that is causing the issue?



  • I'm sure that it's not the ISP modem as I tried to put a switch in between and the dmesg says the same about DOWN/UP
    Furthermore it seems like the dhclient process might have somethign to do with it, as it seems to respawn when this happens.

    Hopefully someone can figure out what happens.

    /Gorm


  • Rebel Alliance Developer Netgate

    Have you tried swapping network cables? or cards?

    You seem to have cause and effect reversed. The dhclient process will restart when the link is lost and comes back, because it thinks you (or something) unplugged the interfaces, so dhclient starts again to obtain a new IP.



  • I actually tried to swap cards, as I thought it was the internal Broadcom card that failed, now using Intel.
    But I will try to change cables, and monitor the switch for link up/down issues.



  • Here an update to the problem..

    I installed a new switch on the WAN port, on new cable towards the ISP modem, and one towards the Pfsense box.
    When I plugged in the cable from the Pfsense box the link started to to the same again (UP/DOWN) every one second as it seems. So I'm pretty sure that Pfsense does someting wrong here.

    I changed the WAN interface config from DHCP to static, and then the link stayed up. And when changing it back to DHCP reverted the situation to the same (UP/DOWN)

    Best regards
    Gorm


  • Rebel Alliance Developer Netgate

    What does the interface config for that one look like? Are you cloning a MAC address on there?



  • Interface set to DHCP, and yes I'm cloning a MAC address.
    Nothing else configured.


  • Rebel Alliance Developer Netgate

    That may be it then, there are a couple other threads with issues when cloning a MAC address.



  • Ahh ok, it makes sense. :)


Log in to reply