PfSense wakes my Synology NAS boxes from hibernation every 1 hour….



  • Hi, Guys

    Just setup my pfSense (2.2.2) with SNORT + pfBlockerNG installed for fun for home use, I'm a noob to pfSense, so far its running great except that it automatcally wakes up my 2 Synology NAS boxes every 1 hour, which is crazy.  I had 2 routers that both connected to the internet,  if the NAS connect to Netgear R7000 (DD-WRT), no auto wakes-up, but as long as plugged the NAS in pfSense router, my NAS boxes (both setup to has static Lan IP) will be waken up every 1 hour. I must missing some of the setup settings, but can't figure it out.  What I do notice from System logs/DHCP is that when every time there is:

    dhcpd: DHCPACK on <my nas="" lan="" ip="">to <my nas="" mac="" addr="">via em1
    dhcpd: DHCPREQUEST <my nas="" lan="" ip="">from <my nas="" mac="" addr="">via em1

    It wakes up my NAS server from hibernation.  so I need some helps to fix it, Thanks.</my></my></my></my>


  • Netgate

    Your NAS sending a DHCPREQUEST is probably a symptom of it waking up, not a cause.

    Me? I'd put the NAS on a mirror port on my switch, let it sleep, then run a packet capture until it's woken up and see what caused it.



  • @Derelict:

    I'd put the NAS on a mirror port on my switch, let it sleep, then run a packet capture until it's woken up and see what caused it.

    How to do these?  Please excuse my noob questions.



  • I'm actually in the process of doing this but in a rather complex way for different reasons.

    I got a MikroTik RB260GS 5-port switch to do the mirroring.  You can get one off of Amazon for about $40.  Tiny device but with lots of networking features for a very low cost.

    You'd connect your switch to the MikroTik on one port, and then your NAS on the other port.  Then on a third port you'd connect a computer that would do the packet capture.  You'd mirror the ingress and egress of either of the two ports (the one to your switch or NAS) to the third port with the packet capture computer (server).  This way it will inconspicuously capture all of the traffic and analyze it for you.

    In my particular case, I am building a Security Onion server to do the packet capture and analysis.  It's not for the faint of heart, but IMHO it's a power suite of tools that is worth learning about.  All open source, widely supported, and very good at what they do.  SO has some heavy requirements, but if you're using it for home the thing you'll be most concerned about is disk space.  More disk, more historical data before the system prunes it.

    Once you have everything set up, you can check the packet capture and logs (yes, SO will also function as a centralized logging server) to see of you can correlate the wake-up event to a trigger.

    That's one way to do it, and there are many more ways to do the same.  Just wanted to share my approach, which may be overkill for what you want to do.



  • @pfcode:


    my NAS boxes (both setup to has static Lan IP) will be waken up every 1 hour. I must missing some of the setup settings
    ...

    Services: DHCP server:

    NAS has a number outside the pool ?
    Created in Static Mappings ?



  • @hda:

    @pfcode:


    my NAS boxes (both setup to has static Lan IP) will be waken up every 1 hour. I must missing some of the setup settings
    ...

    Services: DHCP server:

    NAS has a number outside the pool ?
    Created in Static Mappings ?

    Yes. I setup them to have static Lan IP,  Static Mappings.



  • @hda:

    @pfcode:


    my NAS boxes (both setup to has static Lan IP) will be waken up every 1 hour. I must missing some of the setup settings
    ...

    NAS has a number outside the pool ?

    Here is what my DHCP Server settings is:

    Available range 192.168.1.1 - 192.168.1.254
    Range                 192.168.1.2 - 192.168.1.50

    My NAS static mappings is 192.168.1.107

    Am I doing some wrong here?  is it outside the pool?  Thanks.



  • I sent my nas hibernation debug logs to the Synology tech support, and here is what they replied:

    Based on the output you provided it appears that the router keeps trying to distribute DHCP addresses to the units, even though they already have an IP address.  A simple way to test this is to try unplugging the DiskStations from the network thereby isolating them from the router.  They should then stay in hibernation.

    Unfortunately if the router keeps trying to hand out an IP address, there's not much that can be done from the DiskStation side.  You can try setting a manual IP address, but it would be best to use one from outside of the router DHCP pool.

    Here is what my DHCP Server settings is:

    Available range    192.168.1.1 - 192.168.1.254
    Range                    192.168.1.2 - 192.168.1.50

    My NAS static mapping/lease is 192.168.1.107

    How should I do to fix it?



  • Avoid the NAS IP taken into the lease renewal.
    Your pool/range seems to be .2 to .50, so yes your .107 should be outside the pool.
    Did you create .107 with the mac in "Services: DHCP server" (bottom page)?

    [You should see the static in the list with "Status: DHCP leases"]

    I myself reserve low numbers for static entries and have a range/pool .101 to .200



  • @hda:

    Avoid the NAS IP taken into the lease renewal.
    Your pool/range seems to be .2 to .50, so yes your .107 should be outside the pool.
    Did you create .107 with the mac in "Services: DHCP server" (bottom page)?

    I myself reserve low numbers for static entries and have a range/pool .101 to .200

    Yes. I create .107 with the NAS mac address under the bottom of DHCP Server/Lan, and my NAS did get that lan ip address, How to avoid the NAS IP taken into the lease renewal? all were blank by default.



  • Suggestion recreate: manual input a new IP (say .101) on both sides: NAS-side & pfSense-side.



  • No. Didn't work, re-created it, but still wake up after 1 hour, but I only created it at pfSense side. would try to enter the manual IP, rather than auto DHCP, at the NAS side


  • Netgate

    Me? I'd put the NAS on a mirror port on my switch, let it sleep, then run a packet capture until it's woken up and see what caused it.

    Why guess at the problem?


  • Rebel Alliance Global Moderator

    Agreed take a sniff and see exactly what is causing a wake up.



  • @johnpoz:

    Agreed take a sniff and see exactly what is causing a wake up.

    As my NAS hibernation logs tells, also from Synology tech support:

    It appears that the router keeps trying to distribute DHCP addresses to the units, even though they already have an IP address.

    I'm not sure its the NAS problem or pfSense problem,  NAS is sending DHCPREQUEST command to pfSense every 1 hour, but if the lease time isn't expired, Shouldn't pfSense NOT distribute DHCP address to the unit?


  • Banned

    @pfcode:

    It appears that the router keeps trying to distribute DHCP addresses to the units, even though they already have an IP address.

    Yes, of course, the DHCP server keeps "distributing" IP address requested by your NAS, kindly cf.

    
    dhcpd: DHCPREQUEST <my nas="" lan="" ip="">from <my nas="" mac="" addr="">via em1</my></my> 
    

    Also, the DHCP leases expire and need to get renewed (after a configurable period. check the GUI). So yeah, this will happen "even though they already have an IP address", perhaps the Synology support could educate themselves a bit.

    Finally, if you do not want DHCP, then configure a static IP on your NAS and move on!



  • @pfcode:

    … but I only created it at pfSense side ...

    Before you jump in mirroring investigation, if you know-how. I am not sure if you are exact & correct. You really should test giving the NAS a new number manually (outside the range/pool) AND manually input it in pfSense too.
    This is to assure yourself the volatile memory about .107 is flushed on both sides… Maybe even reboot both hardware.


  • Netgate

    Yes.  It should not be a DHCP static mapping.  That still has to periodically renew.  It should be a static IP address directly configured on the NAS, outside the DHCP pool.


  • Rebel Alliance Global Moderator

    What dhcp server doesn't just out of the blue send out hey you want to renew your lease packets.. But if it gets a request then yeah it will send back something..

    Tell their their Tech Support to tell you how not to send a request.. What is the lease time to start with 2 hours?  Normally a dhcp client will request renewal of its lease at the 50% mark.  So if you want the nas not to request, then it should be long lease.  If the device is in standby/sleep why would it send out a dhcprequest is the question I would have.


  • Netgate

    True.  Should stop guessing and sniff.


  • Banned

    @johnpoz:

    If the device is in standby/sleep why would it send out a dhcprequest is the question I would have.

    This is not really any suspend-to-disk/ram hibernation. The only thing "hibernating" are the HDDs which are spun down. Now, look at this:

    
    # ps ax | grep dhclient
     4606 ?        Ss     0:00 /usr/sbin/dhclient -4 -d -q -lf /etc/dhclient/ipv4/dhcpv4.leases.eth0 -pf /etc/dhclient/ipv4/dhcpcd-eth0.pid eth0
     5551 ?        Ss     0:00 /usr/sbin/dhclient -6 -pf /tmp/dhclient6-eth0.pid -lf /etc/dhclient/ipv6/dhcpv6.lease.eth0 -cf /etc/dhclient/ipv6/dhcpv6.conf.eth0 -nw eth0
    
    

    Those dhcpv[46].lease.eth? files have stuff like this:

    
    lease {
      interface "eth0";
      fixed-address 192.168.1.10;
      option subnet-mask 255.255.255.0;
      option routers 192.168.1.1;
      option dhcp-lease-time 7200;
      option dhcp-message-type 5;
      option domain-name-servers 192.168.1.1;
      option dhcp-server-identifier 192.168.1.1;
      option host-name "DiskStation";
      option domain-name "example.com";
      renew 2 2015/05/19 19:46:58;
      rebind 2 2015/05/19 20:35:47;
      expire 2 2015/05/19 20:50:47;
    }
    
    

    This is just stupid. There's /tmp which is on tmpfs (ramdisk). Now, the lease file is on /etc instead, which is a HDD. Of course, when the lease is renewed, the HDD needs to spin up to write to the file.

    Tell Synology to move their temporary dhcpv[46].lease.eth? shit to /tmp when people enable "hibernation" – and it won't wake up HDDs from hibernation.  ::)


  • Rebel Alliance Global Moderator

    the hdd are just spun down - ah yeah wouldn't call that sleep anything ;)

    If that lease file is from actual nas then looks to be only 2 hour lease..  That is not the default lease time in pfsense dhcp server is it?  Thought it was like 24, yup quick look on dhcp server tab "The default is 86400 seconds." So the nas is only requesting 2 hours by default?


  • Banned

    @johnpoz:

    If that lease file is from actual nas then looks to be only 2 hour lease..  That is not the default lease time in pfsense dhcp server is it?  Thought it was like 24, yup quick look on dhcp server tab "The default is 86400 seconds." So the nas is only requesting 2 hours by default?

    The default lease time is 7200 seconds on pfSense; the default maximum lease time is 86400 secs (one day).


  • Rebel Alliance Global Moderator

    you are correct as always dok

    Lease Obtained. . . . . . . . . . : Tuesday, May 19, 2015 3:23:15 PM
      Lease Expires . . . . . . . . . . : Tuesday, May 19, 2015 5:23:15 PM

    doh – helps if you actually read what your doing a copy of.  quick enough fix ;)

    Lease Obtained. . . . . . . . . . : Tuesday, May 19, 2015 3:23:15 PM
      Lease Expires . . . . . . . . . . : Wednesday, May 20, 2015 3:28:28 PM

    Now its 24 hours..


  • Netgate

    I might have read something somewhere about clients requesting renewal halfway through their lease.



  • Thanks All,  by assigning a manual IP in the NAS network configuration, solved the issue,  It was 'get network configuration automatically (DHCP)' before.  I will let the Synology tech guys to investigate further to why it is sending dhcprequest every 1 hour (3600 seconds) to the router.


  • Banned

    @pfcode:

    I will let the Synology tech guys to investigate further to why it is sending dhcprequest every 1 hour (3600 seconds) to the router.

    Well, because you did not configure any default lease time, so you get 2 hours by default, since Synology DSM does not supply any lease time in the DHCP request… That's not what wakes it up, there'd be no problem with that if they were not writing the lease file to the HDD instead of tmpfs.



  • @pfcode:

    @johnpoz:

    Agreed take a sniff and see exactly what is causing a wake up.

    As my NAS hibernation logs tells, also from Synology tech support:

    It appears that the router keeps trying to distribute DHCP addresses to the units, even though they already have an IP address.

    I'm not sure its the NAS problem or pfSense problem,  NAS is sending DHCPREQUEST command to pfSense every 1 hour, but if the lease time isn't expired, Shouldn't pfSense NOT distribute DHCP address to the unit?

    Dude or Dudette.  Whichever the case may be.  Why do you continue asking question with you've been given the answer?

    The definitive answer to your issue is in the sniff.  No one can tell you (without guessing) what is waking your NAS without visibility to what is on the wire.  Sniff it and report back with the capture.

    If you want to discuss DHCP protocol, I suggest the DHCP and DNS forum.



  • @doktornotor:

    @johnpoz:

    If the device is in standby/sleep why would it send out a dhcprequest is the question I would have.

    This is not really any suspend-to-disk/ram hibernation. The only thing "hibernating" are the HDDs which are spun down. Now, look at this:

    
    # ps ax | grep dhclient
     4606 ?        Ss     0:00 /usr/sbin/dhclient -4 -d -q -lf /etc/dhclient/ipv4/dhcpv4.leases.eth0 -pf /etc/dhclient/ipv4/dhcpcd-eth0.pid eth0
     5551 ?        Ss     0:00 /usr/sbin/dhclient -6 -pf /tmp/dhclient6-eth0.pid -lf /etc/dhclient/ipv6/dhcpv6.lease.eth0 -cf /etc/dhclient/ipv6/dhcpv6.conf.eth0 -nw eth0
    
    

    Those dhcpv[46].lease.eth? files have stuff like this:

    
    lease {
      interface "eth0";
      fixed-address 192.168.1.10;
      option subnet-mask 255.255.255.0;
      option routers 192.168.1.1;
      option dhcp-lease-time 7200;
      option dhcp-message-type 5;
      option domain-name-servers 192.168.1.1;
      option dhcp-server-identifier 192.168.1.1;
      option host-name "DiskStation";
      option domain-name "example.com";
      renew 2 2015/05/19 19:46:58;
      rebind 2 2015/05/19 20:35:47;
      expire 2 2015/05/19 20:50:47;
    }
    
    

    This is just stupid. There's /tmp which is on tmpfs (ramdisk). Now, the lease file is on /etc instead, which is a HDD. Of course, when the lease is renewed, the HDD needs to spin up to write to the file.

    Tell Synology to move their temporary dhcpv[46].lease.eth? shit to /tmp when people enable "hibernation" – and it won't wake up HDDs from hibernation.  ::)

    This is a good catch. Thanked.