Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP lease dubplicate errors.

    DHCP and DNS
    4
    24
    9.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Darkanyons
      last edited by

      Update: after observing several hours, i notice that a single android phone got 3 ip addresses
      error log:

      Jul 26 22:42:35   dhcpd: uid lease 172.16.31.125 for client 38:16:d1:d1:57:4e is duplicate on 172.16.24.0/21
      
      

      DHCP leases log:

      172.16.30.227  	38:16:d1:d1:57:4e  	GT-S5260  	2013/07/26 22:42:35  	2013/07/27 22:42:35  	offline  	active 
      172.16.31.125  	38:16:d1:d1:57:4e  	  	2013/07/26 22:42:35  	2013/07/26 22:42:35  	online  	expired
      172.16.27.33  	38:16:d1:d1:57:4e  	  	2013/07/26 22:42:35  	2013/07/26 22:42:35  	online  	expired 
      

      system log dhcp:

      Jul 26 22:42:35 	dhcpd: DHCPACK on 172.16.30.227 to 38:16:d1:d1:57:4e (GT-S5260) via em0
      Jul 26 22:42:35 	dhcpd: DHCPREQUEST for 172.16.30.227 (172.16.24.1) from 38:16:d1:d1:57:4e via em0
      Jul 26 22:42:35 	dhcpd: uid lease 172.16.31.125 for client 38:16:d1:d1:57:4e is duplicate on 172.16.24.0/21
      Jul 26 22:42:35 	dhcpd: DHCPNAK on 192.168.2.102 to 38:16:d1:d1:57:4e via em0
      Jul 26 22:42:35 	dhcpd: DHCPREQUEST for 192.168.2.102 (192.168.2.3) from 38:16:d1:d1:57:4e via em0: wrong network.
      Jul 26 22:42:35 	dhcpd: DHCPACK on 172.16.31.125 to 38:16:d1:d1:57:4e (GT-S5260) via em0
      Jul 26 22:42:35 	dhcpd: DHCPREQUEST for 172.16.31.125 (172.16.24.1) from 38:16:d1:d1:57:4e via em0
      Jul 26 22:42:35 	dhcpd: DHCPACK on 172.16.27.33 to 38:16:d1:d1:57:4e (GT-S5260) via em0
      Jul 26 22:42:35 	dhcpd: DHCPREQUEST for 172.16.27.33 (172.16.24.1) from 38:16:d1:d1:57:4e via em0
      Jul 26 22:42:35 	dhcpd: uid lease 172.16.31.125 for client 38:16:d1:d1:57:4e is duplicate on 172.16.24.0/21
      

      Whats causing this and how to prevent this?
      Anyone?

      1 Reply Last reply Reply Quote 0
      • D
        dpa
        last edited by

        I also have like that:

        Jul 27 13:37:38 kernel: arp: 192.168.1.236 moved from 74🇩🇪2b:22:38:a1 to 90:4c:e5:89:ed:25 on em1
        Jul 27 13:37:02 kernel: arp: 192.168.1.236 moved from 90:4c:e5:89:ed:25 to 74🇩🇪2b:22:38:a1 on em1
        Jul 27 13:36:48 kernel: arp: 192.168.1.236 moved from 74🇩🇪2b:22:38:a1 to 90:4c:e5:89:ed:25 on em1
        Jul 27 13:36:09 kernel: arp: 192.168.1.236 moved from 90:4c:e5:89:ed:25 to 74🇩🇪2b:22:38:a1 on em1
        Jul 27 13:35:58 kernel: arp: 192.168.1.236 moved from 74🇩🇪2b:22:38:a1 to 90:4c:e5:89:ed:25 on em1
        Jul 27 13:35:31 kernel: arp: 192.168.1.236 moved from 90:4c:e5:89:ed:25 to 74🇩🇪2b:22:38:a1 on em1
        Jul 27 13:35:27 kernel: arp: 192.168.1.236 moved from 74🇩🇪2b:22:38:a1 to 90:4c:e5:89:ed:25 on em1
        Jul 27 13:35:20 kernel: arp: 192.168.1.236 moved from 90:4c:e5:89:ed:25 to 74🇩🇪2b:22:38:a1 on em1
        Jul 27 13:26:39 kernel: arp: 192.168.1.134 moved from e0:b9:a5:68:5b:32 to a8:92:2c:d2:ac:cd on em1
        Jul 27 13:26:11 kernel: arp: 192.168.1.6 moved from d4:87:d8:9e:d7:a3 to 00:e0:b1:07:ac:da on em1

        :(

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          No problem with various Android devices… You did not post any information about your DHCP server configuration. Make sure the pool is large enough to to accommodate the number of devices and the lease time short enough.

          1 Reply Last reply Reply Quote 0
          • D
            Darkanyons
            last edited by

            Thanks for your reply.

            Here is the configuration of  the dcp:
            Subnet 172.16.24.0
            Subnet mask 255.255.248.0
            Range      172.16.26.1 to 172.16.31.254
            Default lease time 86400
            Maximum lease time      2592000

            The rest are on default settings.

            I've adjusted the the default lease time since the default value is too short and can cause a lot of errors since the dhcp server doesn't free up the expired IP addresses as i have observed.

            What do you recommend? what else should i try or adjust?

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Too short??? Geez, drop the insane lease time a whole lot. Absolutely zero need to provide 30 day leases to mobile phones!!!

              1 Reply Last reply Reply Quote 0
              • D
                Darkanyons
                last edited by

                The errors reported above was on default lease time settings.

                The reason why i adjusted the lease times recently because i have a lot of  duplicate lease errors. As i have stated earlier the DHCP server doesn't release or delete the expired IP address while at the same time issuing another new IP to the same MAC. This resulted in duplicate lease errors. As you can see on the error logs above, a single droid phone got 3 IP addresses.

                For several months the default lease time is what i used. Default lease time = 3600  maximum = 18000, and resulted in many duplicate lease errors. But adjusting the length of time, i got fewer duplicate errors. I know this just a temporary solution until i can find a way how PF's DHCP server can automatically delete or release expired IPs.

                For now i'm manually deleting duplicate expired leases.  :-[

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  You clearly are doing something special there. I'd suggest to disable the captive thing and see how it goes.

                  1 Reply Last reply Reply Quote 0
                  • D
                    Darkanyons
                    last edited by

                    Thanks for the suggestion.

                    However disabling the captive portal now is not an option since i have several clients that need authenticating on this network.

                    What do you mean that I'm doing something special?

                    I'm running PF with Captive portal and Squid (that's just ordinary). Can you point out whats your hypothesis as to what im doing wrong here, if that's what you meant?

                    if this info is relevant, im using this adapters:
                    Intel PRO 1000MT Dual Port server adapter

                    1 Reply Last reply Reply Quote 0
                    • K
                      kejianshi
                      last edited by

                      You don't have a machine that is inadvertantly connected to the network via a wired interface and wifi at same time do you?

                      74🇩🇪2b:22:38:a1    74DE2B    Liteon Technology Corporation    (probably wireless N knowing Liteon)

                      90:4c:e5:89:ed:25    904CE5    Hon Hai Precision Ind. Co.,Ltd.    (Probably wired maybe on a foxconn board)

                      Got something like that in your network?

                      1 Reply Last reply Reply Quote 0
                      • D
                        Darkanyons
                        last edited by

                        @kejianshi:

                        You don't have a machine that is inadvertantly connected to the network via a wired interface and wifi at same time do you?

                        74🇩🇪2b:22:38:a1     74DE2B     Liteon Technology Corporation    (probably wireless N knowing Liteon)

                        90:4c:e5:89:ed:25     904CE5     Hon Hai Precision Ind. Co.,Ltd.    (Probably wired maybe on a foxconn board)

                        Got something like that in your network?

                        Yes i do have 15 PCs and Access Points wired to the lan (no wireless at the same time though), all of them are entered on the Passthru-Mac of the Captive portal, all recently on static IP configuration with a subnet of /24, all are entered also in the DHCP Static Mappings on DHCP server. Is there wrong in this setup?

                        More info:
                        PF Gateway 172.16.24.1
                        Enabled DHCP server on LAN interface
                               Subnet 172.16.24.0
                               Subnet mask 255.255.248.0
                               Available range 172.16.24.1 - 172.16.31.254
                               Range                172.16.26.1 - 172.16.31.254 (for dynamic clients on hotspot/wifi)
                               Static clients      172.16.24.1 /24

                        All duplicate lease errors happens on the dynamic wifi clients.

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          @Darkanyons:

                          All duplicate lease errors happens on the dynamic wifi clients.

                          Hence why I told you to disable the captive thing. Seriously, I don't get why's this thing so popular. It's heavily broken, and especially with smartphones. Nothing works till you open a browser. Internet != web. Need authentication? Fine, use RADIUS or some other standard thing,

                          1 Reply Last reply Reply Quote 0
                          • K
                            kejianshi
                            last edited by

                            I understand why people would want something like captiveportal.  If they run a hotel or some public hotspot within easy access of a bunch of wifi hitch-hikers.  But if I ran it, it would have to be a matter of need like that.  Not a situation where I know the same 20 or 30 people / machines using it.
                            It would need to be a very chaotic coming and going of people and seldom the same guy twice scenario to make me want it.

                            "Range                172.16.26.1 - 172.16.31.254 (for dynamic clients on hotspot/wifi)"

                            Do you really have that many wireless clients? Why not a simple /24?
                            You seem to have allocated a pretty enormous space for all of this. 
                            And with this subnet - 172.16.24.0
                            and this mask 255.255.248.0
                            Might complicate things abit.
                            This can't be done simpler?

                            3 ports, 1 for WAN, 1 for LAN 1 for OPT1 wireless  (With LAN and OPT1 on seperate subnets each getting a simple /24)
                            Then use captive portal on LAN and OPT1.  (If you absolutely must have it)
                            I might even add another OPT2 so that I have "LAN" interface unmolested by captiveportal for myself.  Call it an isolate admin subnet.

                            I'm simple minded.  I like simple networks with clear simple divisions to the extent that its not too expensive or hardware intensive.

                            1 Reply Last reply Reply Quote 0
                            • D
                              Darkanyons
                              last edited by

                              @doktornotor:

                              @Darkanyons:

                              All duplicate lease errors happens on the dynamic wifi clients.

                              Hence why I told you to disable the captive thing. Seriously, I don't get why's this thing so popular. It's heavily broken, and especially with smartphones. Nothing works till you open a browser. Internet != web. Need authentication? Fine, use RADIUS or some other standard thing,

                              Thanks for the suggestion.

                              I did consider the radius server at one time, but i decide on Captive portal because of its simplicity in connecting clients. No need to encode client accounts on the radius server, and handling vouchers were viewed as a more simplified approach on customers that are transient, and can be easy sold off the shelf.The Access Points are located at the park with several Colleges nearby, the other on the terminal, i have other 2 of these in a busy neighboorhood.

                              However i may view the radius server as a good option if this can generate codes as well, without a need to track every transient clients details.

                              1 Reply Last reply Reply Quote 0
                              • D
                                Darkanyons
                                last edited by

                                @ kejianshi,

                                Thank you for your kind reply.

                                The Access points are indeed located on a quite busy locations, and therefore will require a large range of IP addresses.

                                I also adore the elegance of simplicity.

                                Since im using 2 dual intel server nics, i segregated the lan clients and the wifi users before. the setup you described was quite identical to my setup before.

                                however, since my wifi controller is on the lan side of pf and i wish to manage the Access Points and other lan devices, I've decided to integrate both lan and wireless users. This enabled me to monitor my entire network on a single management pc. Im using Ubiquiti Unifi APs and several Airmax wireless bridges. This also able me to add APs on the same network as desired.

                                Just recently i decided to put all APs on static IPs and yesterday i only have 2 lease errors. looks like im doing something right here. will update you guys if this will do the trick. i still have some wireless bridges on the network to configure on static mode.

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kejianshi
                                  last edited by

                                  Ahhhhh - Yes.  Its hard to control things with people coming and going.  Where is this located?  (just wondering)

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    Darkanyons
                                    last edited by

                                    After configuring all my wireless bridges to static ips and mapping them on PF, i still have few duplicate lease errors.
                                    I'm pulling my hair off!  >:(  and im running out of options.
                                    In addition, today another seemingly alarming log shows:

                                    Aug 2 17:24:26 	kernel: arp: 172.16.26.20 moved from 34:6b:d3:4c:d0:26 to 94:db:c9:0e:23:82 on em0
                                    Aug 2 17:24:26 	kernel: arp: 172.16.26.20 moved from 94:db:c9:0e:23:82 to 34:6b:d3:4c:d0:26 on em0
                                    Aug 2 16:00:43 	kernel: arp: 172.16.31.14 moved from 34:6b:d3:4c:d0:26 to 8c:a9:82:ac:fc:50 on em0
                                    Aug 2 16:00:43 	kernel: arp: 172.16.31.14 moved from 8c:a9:82:ac:fc:50 to 34:6b:d3:4c:d0:26 on em0
                                    

                                    Is someone mac spoofing the captive portal? Could this be the culprit of the duplicate errors? ???

                                    1 Reply Last reply Reply Quote 0
                                    • K
                                      kejianshi
                                      last edited by

                                      If you are allowing access per MAC, then yes.  MACs can easily be spoofed or even duplicated an many sites to get onto your network.

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        Darkanyons
                                        last edited by

                                        Agree. I think the captive portal associates the voucher codes with the clients mac address. Once they're paired after authentication that MAC address is granted a pass thru to access the internet. If someone knows a mac that is already authenticated and clone that to his device, he may be able to have a free connection.

                                        Is this what it looks like in the logs? is my speculation not far fetch? are there any scenarios less suspicious?

                                        1 Reply Last reply Reply Quote 0
                                        • K
                                          kejianshi
                                          last edited by

                                          Or the IPs are being handed out VIA DHCP so each time a previously known MACs IP is changed for some reason, you will see that also.
                                          If you see the same MAC used simultaneously and switching back and forth alot its probably been spoofed.  This is an unsercure, unencryped wifi?

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            Darkanyons
                                            last edited by

                                            @kejianshi:

                                            Or the IPs are being handed out VIA DHCP so each time a previously known MACs IP is changed for some reason, you will see that also.

                                            Thank you.
                                            Can this scenario result in duplicate lease errors?

                                            @kejianshi:

                                            If you see the same MAC used simultaneously and switching back and forth alot its probably been spoofed.  This is an unsercure, unencryped wifi?

                                            On the logs the mac-changing-errors occurred on the same time. Yes this is unsecured and unencrypted wifi.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.