DHCP Server + Static ARP entries and/or Deny unknown clients FAILS
Hi, I've tested this with the latest snapshots for the past 3-4 days, 32-bit & 64.
What happens is, if you enable static ARP entries, and a switch connected to the LAN gets disconnected and reconnected, clients don't get anything after that, they can't ping, ssh or enter the webgui, I have to reboot pfsense for it to work again, sadly even if you don't power cycle switches it happens every couple of hours…
pinging LAN IP's directly from pfsense also timeout when the power cycle happens...
using "Deny unkown hosts" alone doesn't have this issue, but it doesn't do what it says, clients not in the list can still communicate with the firewall...
maybe this is the issue?:
[2.0-RC3][admin@pfSense.localdomain]/var/dhcpd(14): find / -name dhcpd.leases /var/dhcpd/var/db/dhcpd.leases [2.0-RC3][admin@pfSense.localdomain]/var/dhcpd(13): ps aux | grep dhcpd dhcpd 10130 0.0 1.6 13056 8048 ?? Ss 4:46PM 0:00.01 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf em1 root 17128 0.0 0.3 6996 1536 ?? Ss 4:40PM 0:00.02 /usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f /var/etc/syslog.conf [2.0-RC3][admin@pfSense.localdomain]/var/dhcpd(14): find / -name dhcpd.conf /var/dhcpd/etc/dhcpd.conf
more info is here: http://redmine.pfsense.org/issues/1572
cmb last edited by
that has no relation to that redmine ticket you linked. Check 'arp -an' after you disconnect and reconnect the LAN and see what it looks like, may need linkup process to re-add static ARP entries.
Thanks cmb, what do you mean by linkup process? is there a way to re-add static ARP entries automatically whenever a disconnect and reconnect happens? we get lots of power cuts on these LAN switches so its hard to do it by hand all the time…
Also would it be a problem if clients are using static IP instead of acquiring it via DHCP?
ok when a disconnect happens the command arp -an shows nothing, I tried restarting dhcpd service but still arp -an doesn't show all the info… it also happens if I use "deny unknown clients" instead of "Enable Static ARP entries" but through that I can still ping pfsense after the switches restart... it won't deny unknown clients though :/
so if restarting dhcpd isn't solving this, what command will bring back the allowed ARP list? maybe I can run it on cron every minute? please HALP :'(
BTW the issue is on RC2 builds too... not only RC3
I've added a ticket on redmine for the issue: http://redmine.pfsense.org/issues/1628
As mentioned on that ticket, I made a commit yesterday that seems to fix this.
Thanks for the fix jimp, clicking on the link in the ticket is giving 404, here's the working link: https://github.com/bsdperimeter/pfsense/commit/8ee623f3a98dca5681274d6a14450223236b4013