DHCP no free leases

  • Hi,

    I got often this message:

    DHCPDISCOVER from c8:3d:97:4a:88:98 via [More Information] : network [More Information] /22: no free leases
    Is it OK/enough to free dhcp leases files?

  • Netgate

    What's the application?  How long are your lease timeouts?  How big is the pool?

    No, you should probably leave the leases file alone.

  • Hi,

    Thanks for reply.
    Please see attachment.

  • Whats the application?

    Wifi cafe?  School?  Its hard to tell you if we don't know who or what your giving internet connectivity to.

    You might consider a /23 on your LAN and increase your DHCP pool by about 200 users and see if the problem continues.

  • We just provide free Wi-Fi in random places.
    Mostly people connect with their hand devices and can login by generated password (SMS sending).

    Before me other person cleared dhcp leases file and problem solved.

    We had /24 at the beginning, but now we need more. So I changed network range.

  • Netgate

    And it sounds like you need more yet again.

    You need to balance the need to keep the lease history so people get the same IP versus the network size.

    Is there captive portal involved?

    If you don't really need those reserved 100 addresses I'd add those to the pool like now - or at least as many as you can.

  • Yes CP is main part :) ( means there 1022 available address ( -
    I can see in daily report that there are maximum 200 users.
    And this error I got week ago and today.

  • Netgate

    You have a max DHCP lease timeout of 3660 seconds (61 minutes).

    Regardless of the maximum on the CP at one time, how many devices are connecting to your Wi-Fi and getting an address in your busiest hour?  Note that they don't have to punch through the portal to chew up a DHCP lease.

    How do you want your CP to behave?

  • I can say busies hour there will be 100-200 user same time.
    Also in attachment you can find settings of CP.

    As there 1022 (-100) available address, I want users to get IP addresses.

  • Netgate

    You are running out of leases, friend.  Something is chewing them up.

    I say again, a user doesn't have to log in to the CP to consume a DHCP lease for an hour.  All they have to do is connect to the BSSID and get a lease.  Unfortunately, ISC dhcpd absolutely SUCKS when it comes to summarizing exactly what is going on with your lease pool.

    Something like this: http://dhcpstatus.sourceforge.net/

    might give you some additional insight as to exactly what is happening to your lease pool.

    If you're not syslogging to a syslog server you probably want to do that too.  My dhcp log on pfSense rolls over about every 5 minutes.

    900 leases with an hour expire seems like it ought to be enough.

  • Yeah, that part I understand, that user gets IP address first then CP starts to working,
    I just want each IP address after 60 minutes to be freed :(

  • Netgate

    That's how you have it set.  That's how it should be working.

    Note that those settings take effect when the lease is obtained so if you just changed it it will take some time to take effect.

    Status > DHCP Leases shows you the current leases.  Do they not look right?

  • It shows 423 online&active and same time I am getting same alarm :(.

    Well when before this topic I cleaned dhcpd.leases file but it got filled with old data again.

  • Netgate

    What shows 423 online and active?  The DHCP leases?

    You have to account for the offline leases that haven't expired yet.  As far as I know, Status > DHCP Leases shows a lease as offline if there is no corresponding ARP entry, meaning the IP has dropped off the network.

    Obviously you need a bigger lease pool.

  • Thanks for info.
    So I will change network range then.
    Let's see what will happen.

  • Hi all,

    Very strange - CP shows me only 40 active users.
    But I am getting same syslog again.

    Despite there are almost 1000 free IP addresses.

  • Netgate

    How do you know what addresses are free?

  • You mean, even though if CP will disconnect them, they will use IP address till lease time?

  • Netgate

    Of course.  CP has nothing to do with DHCP.  They have to play together nicely and be set up in a complementary fashion but one doesn't influence the other.  Look into those dhcp status scripts I posted earlier.

  • Well my CP set for 59 minutes, so I should set DHCP lease time also 59 minutes.
    Then I think lease/pool will be freed correctly.

    Yes I saw your post, I had difficulties installed in into pfSense, as there some library dependencies. I will try again :)

  • Netgate

    What CP is set for 59 minutes?  In these matters specifics count.

  • Netgate

    And FWIW I didn't hassle trying to get the DHCP status running on pfSense - screw with your router as little as possible.  I got it running on my Mac and scp'd the leases file over and ran it there occasionally until I was confident I had things right.  If you don't have a Unix host to run things like this, install Linux, FreeBSD, or even pfSense on something else and install stuff on that.

  • Hi,

    I changed DHCP lease time, you can see CP and DHCP configurations.
    Seem I do not get same log, but I am getting another one now :)
    See attachment syslog.jpg

  • Netgate

    Those happen.  They appear harmless.

    There is no use having an idle timeout of 59 with a hard timeout of 59.  Are you sure your idle timeout of 59 isn't good enough?  That means a user who is gone from your network for 59 minutes is logged out.

    What are your goals for your captive portal?

  • Well I think my answer to this question will help "me" :)

    I want user to login CP (with provided user/password), after 59 min user should disconnected. Also to release/free IP address which he took.
    So maybe he will not re login after disconnect (59).

    Thanks for help.

  • Netgate


    Well I think my answer to this question will help "me" :)

    I want user to login CP (with provided user/password), after 59 min user should disconnected.

    The hard timeout will do that.

    Also to release/free IP address which he took.

    Captive portal happens after a DHCP lease has happened.  Every device can get and keep a DHCP lease whether or not they even try to get on the internet or even look at the captive portal.

    So maybe he will not re login after disconnect (59).

    That is a function of whatever authentication backend you're using for captive portal.  Not DHCP.

    This is all assuming open, not WPA, Wi-Fi.