Auto DHCP on WAN not working when ISP WAN DCHP renews on PFsense 2.1



  • All,
      I kept having issues with PFsense 2.1 when my ISP would renew the DHCP WAN IP of the my cable modem. The only way I was finding to correct this was rebooting the Pfsense machine when this would happen weekly. I was exploring other options and came across the shell script in the following link (https://forum.pfsense.org/index.php?topic=51786.0). I implemented the script as described and uncommented the ping lines to see if the log file would generate when the crontabs packaged had it scheduled, but it seemed to not be running. Then I tried to trigger it from the command line and got the following error output.

    _sh -n -v /usr/local/bin/pingtest.sh
    #!/bin/sh

    #=====================================================================

    pingtest.sh, v1.0.1

    Created 2009 by Bennett Lee

    Released to public domain

    (1) Attempts to ping several hosts to test connectivity.  After

    #    first successful ping, script exits.

    (2) If all pings fail, resets interface and retries all pings.

    (3) If all pings fail again after reset, then reboots pfSense.

    History

    1.0.1  Added delay to ensure interface resets (thx ktims).

    1.0.0  Initial release.

    #=====================================================================

    #=====================================================================

    USER SETTINGS

    Set multiple ping targets separated by space.  Include numeric IPs

    (e.g., remote office, ISP gateway, etc.) for DNS issues which

    reboot will not correct.

    ALLDEST="google.com yahoo.com 24.93.40.36 24.93.40.37"

    Interface to reset, usually your WAN

    BOUNCE=em0

    Log file

    LOGFILE=/root/pingtest.log
    #=====================================================================

    COUNT=1
    while [ $COUNT -le 2 ]
    do

    for DEST in $ALLDEST
            do
    /usr/local/bin/pingtest.sh: 36: Syntax error: word unexpected_

    I do not understand why it is throwing this error based on the research I have done.

    When I run the same test with the OOB ping_host.sh shell script it executes fine as far as syntax with an exit code of 0. See below.  Any help or suggestion on how to fix this or what I may be doing wrong would be greatly appreciated.

    _sh -n -v /usr/local/bin/ping_hosts.sh
    #!/bin/sh

    pfSense ping helper

    written by Scott Ullrich

    (C)2006 Scott Ullrich

    All rights reserved.

    Format of file should be deliminted by |

    #  Field 1:  Source ip
    #  Field 2:  Destination ip
    #  Field 3:  Ping count
    #  Field 4:  Script to run when service is down
    #  Field 5:  Script to run once service is restored
    #  Field 6:  Ping time threshold
    #  Field 7:  Wan ping time threshold
    #  Field 8:  Address family

    Read in ipsec ping hosts and check the CARP status

    if [ -f /var/db/ipsecpinghosts ]; then
            IPSECHOSTS="/var/db/ipsecpinghosts"
            CURRENTIPSECHOSTS="/var/db/currentipsecpinghosts"
            IFVPNSTATE=ifconfig $IFVPN | grep "carp: BACKUP vhid" | wc -l
            if [ $IFVPNSTATE -gt 1 ]; then
                    echo -e "CARP interface in BACKUP (not pinging ipsec hosts)"
                    rm -f $CURRENTIPSECHOSTS
                    touch $CURRENTIPSECHOSTS
            else
                    echo -e "CARP interface is MASTER or non CARP (pinging ipsec hosts)"
                    cat < $IPSECHOSTS > $CURRENTIPSECHOSTS
            fi
    fi

    General file meant for user consumption

    if [ -f /var/db/hosts ]; then
            HOSTS="/var/db/hosts"
    fi

    Package specific ping requests

    if [ -f /var/db/pkgpinghosts ]; then
            PKGHOSTS="/var/db/pkgpinghosts"
    fi

    cat $PKGHOSTS $HOSTS $IPSECHOSTS >/tmp/tmpHOSTS

    if [ ! -d /var/db/pingstatus ]; then
            /bin/mkdir -p /var/db/pingstatus
    fi

    if [ ! -d /var/db/pingmsstatus ]; then
            /bin/mkdir -p /var/db/pingmsstatus
    fi

    PINGHOSTS=cat /tmp/tmpHOSTS

    PINGHOSTCOUNT=cat /tmp/tmpHOSTS | wc -l

    if [ "$PINGHOSTCOUNT" -lt "1" ]; then
            exit
    fi

    for TOPING in $PINGHOSTS ; do
            echo "PROCESSING $TOPING"
            SRCIP=echo $TOPING | cut -d"|" -f1
            DSTIP=echo $TOPING | cut -d"|" -f2
            COUNT=echo $TOPING | cut -d"|" -f3
            FAILURESCRIPT=echo $TOPING | cut -d"|" -f4
            SERVICERESTOREDSCRIPT=echo $TOPING | cut -d"|" -f5
            THRESHOLD=echo $TOPING | cut -d"|" -f6
            WANTHRESHOLD=echo $TOPING | cut -d"|" -f7
            AF=echo $TOPING | cut -d"|" -f8
            if [ "$AF" == "inet6" ]; then
                    PINGCMD=ping6
            else
                    PINGCMD=ping
            fi
            echo Processing $DSTIP
            # Look for a service being down
            $PINGCMD -c $COUNT -S $SRCIP $DSTIP
            if [ $? -eq 0 ]; then
                    # Host is up
                    # Read in previous status
                    PREVIOUSSTATUS=cat /var/db/pingstatus/$DSTIP
                    if [ "$PREVIOUSSTATUS" = "DOWN" ]; then
                            # Service restored
                            if [ "$SERVICERESTOREDSCRIPT" != "" ]; then
                                    echo "$DSTIP is UP, previous state was DOWN .. Running $SERVICERESTOREDSCRIPT"
                                    echo "$DSTIP is UP, previous state was DOWN .. Running $SERVICERESTOREDSCRIPT" | logger -p daemon.info -i -t PingMonitor
                                    echo "UP" > /var/db/pingstatus/$DSTIP
                                    sh -c $SERVICERESTOREDSCRIPT
                            fi
                    fi
            else
                    # Host is down
                    PREVIOUSSTATUS=cat /var/db/pingstatus/$DSTIP
                    if [ "$PREVIOUSSTATUS" = "UP" ]; then
                            # Service is down
                            if [ "$FAILURESCRIPT" != "" ]; then
                                    echo "$DSTIP is DOWN, previous state was UP ..  Running $FAILURESCRIPT"
                                    echo "$DSTIP is DOWN, previous state was UP ..  Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
                                    echo "DOWN" > /var/db/pingstatus/$DSTIP
                                    sh -c $FAILURESCRIPT
                            fi
                    fi
            fi
            echo "Checking ping time $DSTIP"
            # Look at ping values themselves
            PINGTIME=$PINGCMD -c 1 -S $SRCIP $DSTIP | awk '{ print $7 }' | grep time | cut -d "=" -f2
            echo "Ping returned $?"
            echo $PINGTIME > /var/db/pingmsstatus/$DSTIP
            if [ "$THRESHOLD" != "" ]; then
                    if [ "$PINGTIME" -gt "$THRESHOLD" ]; then
                            echo "$DSTIP has exceeded ping threshold $PINGTIME / $THRESHOLD .. Running $FAILURESCRIPT"
                            echo "$DSTIP has exceeded ping threshold $PINGTIME / $THRESHOLD .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
                            sh -c $FAILURESCRIPT
                    fi
            fi
            # Wan ping time threshold
            #WANTIME=rrdtool fetch /var/db/rrd/wan-quality.rrd AVERAGE -r 120 -s -1min -e -1min | grep ":" | cut -f3 -d" " | cut -d"e" -f1
            echo "Checking wan ping time $WANTIME"
            echo $WANTIME > /var/db/wanaverage
            if [ "$WANTHRESHOLD" != "" ]; then
                    if [ "$WANTIME" -gt "$WANTHRESHOLD" ]; then
                            echo "$DSTIP has exceeded wan ping threshold $WANTIME / $WANTHRESHOLD .. Running $FAILURESCRIPT"
                            echo "$DSTIP has exceeded wan ping threshold $WANTIME / $WANTHRESHOLD .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
                            sh -c $FAILURESCRIPT
                    fi
            fi
            sleep 1
    done

    exit 0_


  • Banned

    What issues? What are we supposed to do with the obviously incomplete script you created?



  • The issue the script does not run when it is in a cron job, and when executing the shell script from the commnd line it fails with a "syntax error line 36" unexpected word. I did not develop the script I pulled it from another message thread where users were having the same issues, it seems they have been able to get it to work, but for some reason the same exact script  in a copy and paste fails to execute by cron or command line on my machine. The full script can be found at https://forum.pfsense.org/index.php/topic,51786.0.html . Thanks


  • Banned

    Let me state this again - the script snippet you posted is incomplete, broken and useless. If that's what you are trying to run via cron, so no, that will not ever work. Plus, the real question here was what issues are you having with DHCP WAN IP renewal.



  • This is the full script I am trying to run through CRON, it is the one the link went to, but here is it posted in its entirety. Thanks

    _#!/bin/sh

    #=====================================================================

    pingtest.sh, v1.0.2

    Created 2009 by Bennett Lee

    Released to public domain

    (1) Attempts to ping several hosts to test connectivity.  After

    #    first successful ping, script exits.

    (2) If all pings fail, resets interface and retries all pings.

    (3) If all pings fail again after reset, then reboots pfSense.

    History

    1.0.2  Added turn dhclient on for the interface. (Dice81)

    1.0.1  Added delay to ensure interface resets (thx ktims).

    1.0.0  Initial release.

    #=====================================================================

    #=====================================================================

    USER SETTINGS

    Set multiple ping targets separated by space.  Include numeric IPs

    (e.g., remote office, ISP gateway, etc.) for DNS issues which

    reboot will not correct.

    ALLDEST="google.com yahoo.com 24.93.40.36 24.93.40.37"

    Interface to reset, usually your WAN

    BOUNCE=rl0

    Log file

    LOGFILE=/root/pingtest.log
    #=====================================================================

    COUNT=1
    while [ $COUNT -le 2 ]
    do

    for DEST in $ALLDEST
    do
    #echo date +%Y%m%d.%H%M%S "Pinging $DEST" >> $LOGFILE
    ping -c1 $DEST >/dev/null 2>/dev/null
    if [ $? -eq 0 ]
    then
    #echo date +%Y%m%d.%H%M%S "Ping $DEST OK." >> $LOGFILE
    exit 0
    fi
    done

    if [ $COUNT -le 1 ]
    then
    echo date +%Y%m%d.%H%M%S "All pings failed. Resetting interface $BOUNCE." >> $LOGFILE
    /sbin/ifconfig $BOUNCE down

    Give interface time to reset before bringing back up

    sleep 10
    /sbin/ifconfig $BOUNCE up

    Give WAN time to establish connection

    sleep 20
    dhclient $BOUNCE
    sleep 20
    else
    echo date +%Y%m%d.%H%M%S "All pings failed twice. Rebooting…" >> $LOGFILE
    /sbin/shutdown -r now >> $LOGFILE
    exit 1
    fi

    COUNT=expr $COUNT + 1
    done_



  • The real issue I am trying to fix is that when my ISP renews the DHCP address on the WAN the Pfsense WAN DHCP client does not automatically renew and stays "stuck" causing connectivity to drop. I have tried cycling the WAN interface and this does not fix the problem, only a reboot seems to correct the problem. From the research I have done this seems to be a bug in PFsense 2.1., there for I am looking to use that script as a workaround. My setup is PFsense 2.1 running in an ESXi appliance  with two virtual interfaces (one for WAN and one for LAN) the WAN goes to an ISP cable modem, and the LAN goes to a wireless router. Hope this helps clarify. Thanks



  • @twp01:

    This is the full script I am trying to run through CRON, it is the one the link went to, but here is it posted in its entirety. Thanks

    _#!/bin/sh

    #=====================================================================

    pingtest.sh, v1.0.2

    Created 2009 by Bennett Lee

    Released to public domain

    (1) Attempts to ping several hosts to test connectivity.  After

    #    first successful ping, script exits.

    (2) If all pings fail, resets interface and retries all pings.

    (3) If all pings fail again after reset, then reboots pfSense.

    History

    1.0.2  Added turn dhclient on for the interface. (Dice81)

    1.0.1  Added delay to ensure interface resets (thx ktims).

    1.0.0  Initial release.

    #=====================================================================_

    The script is working but If it runs from pfsense Cron package, it needs the full path of the /sbin/ping executables as well, otherwise it reboots the pfsense every time.


Log in to reply