Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DHCP no free leases

    DHCP and DNS
    3
    26
    5359
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rovshango last edited by

      Hi,

      I got often this message:

      DHCPDISCOVER from c8:3d:97:4a:88:98 via 10.64.160.1 [More Information] : network 10.64.160.0 [More Information] /22: no free leases
      Is it OK/enough to free dhcp leases files?
      Thanks.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        What's the application?  How long are your lease timeouts?  How big is the pool?

        No, you should probably leave the leases file alone.

        1 Reply Last reply Reply Quote 0
        • R
          rovshango last edited by

          Hi,

          Thanks for reply.
          Please see attachment.


          1 Reply Last reply Reply Quote 0
          • chpalmer
            chpalmer last edited by

            Whats the application?

            Wifi cafe?  School?  Its hard to tell you if we don't know who or what your giving internet connectivity to.

            You might consider a /23 on your LAN and increase your DHCP pool by about 200 users and see if the problem continues.

            1 Reply Last reply Reply Quote 0
            • R
              rovshango last edited by

              We just provide free Wi-Fi in random places.
              Mostly people connect with their hand devices and can login by generated password (SMS sending).

              Before me other person cleared dhcp leases file and problem solved.

              We had /24 at the beginning, but now we need more. So I changed network range.

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                And it sounds like you need more yet again.

                You need to balance the need to keep the lease history so people get the same IP versus the network size.

                Is there captive portal involved?

                If you don't really need those reserved 100 addresses I'd add those to the pool like now - or at least as many as you can.

                1 Reply Last reply Reply Quote 0
                • R
                  rovshango last edited by

                  Yes CP is main part :)

                  10.64.160.0/22 (255.255.252.0) means there 1022 available address (10.64.160.0 - 10.64.163.255)
                  I can see in daily report that there are maximum 200 users.
                  And this error I got week ago and today.

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    You have a max DHCP lease timeout of 3660 seconds (61 minutes).

                    Regardless of the maximum on the CP at one time, how many devices are connecting to your Wi-Fi and getting an address in your busiest hour?  Note that they don't have to punch through the portal to chew up a DHCP lease.

                    How do you want your CP to behave?

                    1 Reply Last reply Reply Quote 0
                    • R
                      rovshango last edited by

                      I can say busies hour there will be 100-200 user same time.
                      Also in attachment you can find settings of CP.

                      As there 1022 (-100) available address, I want users to get IP addresses.


                      1 Reply Last reply Reply Quote 0
                      • Derelict
                        Derelict LAYER 8 Netgate last edited by

                        You are running out of leases, friend.  Something is chewing them up.

                        I say again, a user doesn't have to log in to the CP to consume a DHCP lease for an hour.  All they have to do is connect to the BSSID and get a lease.  Unfortunately, ISC dhcpd absolutely SUCKS when it comes to summarizing exactly what is going on with your lease pool.

                        Something like this: http://dhcpstatus.sourceforge.net/

                        might give you some additional insight as to exactly what is happening to your lease pool.

                        If you're not syslogging to a syslog server you probably want to do that too.  My dhcp log on pfSense rolls over about every 5 minutes.

                        900 leases with an hour expire seems like it ought to be enough.

                        1 Reply Last reply Reply Quote 0
                        • R
                          rovshango last edited by

                          Yeah, that part I understand, that user gets IP address first then CP starts to working,
                          I just want each IP address after 60 minutes to be freed :(

                          1 Reply Last reply Reply Quote 0
                          • Derelict
                            Derelict LAYER 8 Netgate last edited by

                            That's how you have it set.  That's how it should be working.

                            Note that those settings take effect when the lease is obtained so if you just changed it it will take some time to take effect.

                            Status > DHCP Leases shows you the current leases.  Do they not look right?

                            1 Reply Last reply Reply Quote 0
                            • R
                              rovshango last edited by

                              It shows 423 online&active and same time I am getting same alarm :(.

                              Well when before this topic I cleaned dhcpd.leases file but it got filled with old data again.

                              1 Reply Last reply Reply Quote 0
                              • Derelict
                                Derelict LAYER 8 Netgate last edited by

                                What shows 423 online and active?  The DHCP leases?

                                You have to account for the offline leases that haven't expired yet.  As far as I know, Status > DHCP Leases shows a lease as offline if there is no corresponding ARP entry, meaning the IP has dropped off the network.

                                Obviously you need a bigger lease pool.

                                1 Reply Last reply Reply Quote 0
                                • R
                                  rovshango last edited by

                                  Thanks for info.
                                  So I will change network range then.
                                  Let's see what will happen.

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    rovshango last edited by

                                    Hi all,

                                    Very strange - CP shows me only 40 active users.
                                    But I am getting same syslog again.

                                    Despite there are almost 1000 free IP addresses.

                                    1 Reply Last reply Reply Quote 0
                                    • Derelict
                                      Derelict LAYER 8 Netgate last edited by

                                      How do you know what addresses are free?

                                      1 Reply Last reply Reply Quote 0
                                      • R
                                        rovshango last edited by

                                        You mean, even though if CP will disconnect them, they will use IP address till lease time?

                                        1 Reply Last reply Reply Quote 0
                                        • Derelict
                                          Derelict LAYER 8 Netgate last edited by

                                          Of course.  CP has nothing to do with DHCP.  They have to play together nicely and be set up in a complementary fashion but one doesn't influence the other.  Look into those dhcp status scripts I posted earlier.

                                          1 Reply Last reply Reply Quote 0
                                          • R
                                            rovshango last edited by

                                            Well my CP set for 59 minutes, so I should set DHCP lease time also 59 minutes.
                                            Then I think lease/pool will be freed correctly.

                                            Yes I saw your post, I had difficulties installed in into pfSense, as there some library dependencies. I will try again :)

                                            1 Reply Last reply Reply Quote 0
                                            • Derelict
                                              Derelict LAYER 8 Netgate last edited by

                                              What CP is set for 59 minutes?  In these matters specifics count.

                                              1 Reply Last reply Reply Quote 0
                                              • Derelict
                                                Derelict LAYER 8 Netgate last edited by

                                                And FWIW I didn't hassle trying to get the DHCP status running on pfSense - screw with your router as little as possible.  I got it running on my Mac and scp'd the leases file over and ran it there occasionally until I was confident I had things right.  If you don't have a Unix host to run things like this, install Linux, FreeBSD, or even pfSense on something else and install stuff on that.

                                                1 Reply Last reply Reply Quote 0
                                                • R
                                                  rovshango last edited by

                                                  Hi,

                                                  I changed DHCP lease time, you can see CP and DHCP configurations.
                                                  Seem I do not get same log, but I am getting another one now :)
                                                  See attachment syslog.jpg






                                                  1 Reply Last reply Reply Quote 0
                                                  • Derelict
                                                    Derelict LAYER 8 Netgate last edited by

                                                    Those happen.  They appear harmless.

                                                    There is no use having an idle timeout of 59 with a hard timeout of 59.  Are you sure your idle timeout of 59 isn't good enough?  That means a user who is gone from your network for 59 minutes is logged out.

                                                    What are your goals for your captive portal?

                                                    1 Reply Last reply Reply Quote 0
                                                    • R
                                                      rovshango last edited by

                                                      Well I think my answer to this question will help "me" :)

                                                      I want user to login CP (with provided user/password), after 59 min user should disconnected. Also to release/free IP address which he took.
                                                      So maybe he will not re login after disconnect (59).

                                                      Thanks for help.

                                                      1 Reply Last reply Reply Quote 0
                                                      • Derelict
                                                        Derelict LAYER 8 Netgate last edited by

                                                        @rovshango:

                                                        Well I think my answer to this question will help "me" :)

                                                        I want user to login CP (with provided user/password), after 59 min user should disconnected.

                                                        The hard timeout will do that.

                                                        Also to release/free IP address which he took.

                                                        Captive portal happens after a DHCP lease has happened.  Every device can get and keep a DHCP lease whether or not they even try to get on the internet or even look at the captive portal.

                                                        So maybe he will not re login after disconnect (59).

                                                        That is a function of whatever authentication backend you're using for captive portal.  Not DHCP.

                                                        This is all assuming open, not WPA, Wi-Fi.

                                                        1 Reply Last reply Reply Quote 0
                                                        • First post
                                                          Last post

                                                        Products

                                                        • Platform Overview
                                                        • TNSR
                                                        • pfSense Plus
                                                        • Appliances

                                                        Services

                                                        • Training
                                                        • Professional Services

                                                        Support

                                                        • Subscription Plans
                                                        • Contact Support
                                                        • Product Lifecycle
                                                        • Documentation

                                                        News

                                                        • Media Coverage
                                                        • Press
                                                        • Events

                                                        Resources

                                                        • Blog
                                                        • FAQ
                                                        • Find a Partner
                                                        • Resource Library
                                                        • Security Information

                                                        Company

                                                        • About Us
                                                        • Careers
                                                        • Partners
                                                        • Contact Us
                                                        • Legal
                                                        Our Mission

                                                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                        Subscribe to our Newsletter

                                                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                        © 2021 Rubicon Communications, LLC | Privacy Policy