Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why does my iPad get stuck making ARP requests?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      ryan87
      last edited by

      Hi,

      I have an iPad that stops communicating with my network every once in a while.  It happens very rarely (~once per month) and I can't reproduce it, so it's been difficult to figure out what's going on.  It just happened and I was able to run tcpdump, so I'm wondering if anyone has ever seen anything similar or is able to offer any hints about what might be happening.

      I have pfSense configured as an AP with the LAN and wireless bridged together.  I managed to capture the following traffic:

      tcpdump -i bridge0 -n "host 192.168.32.200"
      
      15:02:21.418164 ARP, Request who-has 192.168.32.254 tell 192.168.32.200, length 28
      15:02:21.418201 ARP, Reply 192.168.32.254 is-at 02:d5:7c:xx:xx:xx, length 28
      15:02:33.446982 ARP, Request who-has 192.168.32.254 tell 192.168.32.200, length 28
      15:02:33.447017 ARP, Reply 192.168.32.254 is-at 02:d5:7c:xx:xx:xx, length 28
      15:02:40.578003 ARP, Request who-has 192.168.32.254 tell 192.168.32.200, length 28
      15:02:40.578043 ARP, Reply 192.168.32.254 is-at 02:d5:7c:xx:xx:xx, length 28
      15:02:44.596063 ARP, Request who-has 192.168.32.254 tell 192.168.32.200, length 28
      15:02:44.596110 ARP, Reply 192.168.32.254 is-at 02:d5:7c:xx:xx:xx, length 28
      15:02:51.581573 IP 192.168.32.200.63694 > 192.168.32.254.53: 44567+ A? 25-courier.push.apple.com. (43)
      15:02:52.341906 IP 192.168.32.254.53 > 192.168.32.200.63694: 44567 10/0/0 CNAME 25.courier-push-apple.com.akadns.net., CNAME us-courier.push-apple.com.akadns.net., A 17.143.162.87, A 17.143.162.80, A 17.143.161.20, A 17.143.161.165, A 17.143.160.226, A 17.143.163.227, A 17.143.162.220, A 17.143.161.220 (257)
      15:02:53.617521 IP 192.168.32.200.63694 > 192.168.32.254.53: 44567+ A? 25-courier.push.apple.com. (43)
      15:02:53.618261 IP 192.168.32.254.53 > 192.168.32.200.63694: 44567 10/0/0 CNAME 25.courier-push-apple.com.akadns.net., CNAME us-courier.push-apple.com.akadns.net., A 17.143.162.87, A 17.143.162.80, A 17.143.161.20, A 17.143.161.165, A 17.143.160.226, A 17.143.163.227, A 17.143.162.220, A 17.143.161.220 (257)
      15:02:59.012678 ARP, Request who-has 192.168.32.254 tell 192.168.32.200, length 28
      15:02:59.012720 ARP, Reply 192.168.32.254 is-at 02:d5:7c:xx:xx:xx, length 28
      15:03:08.487106 ARP, Request who-has 192.168.32.254 tell 192.168.32.200, length 28
      15:03:08.487156 ARP, Reply 192.168.32.254 is-at 02:d5:7c:xx:xx:xx, length 28
      15:03:09.491732 ARP, Request who-has 192.168.32.254 tell 192.168.32.200, length 28
      15:03:09.491786 ARP, Reply 192.168.32.254 is-at 02:d5:7c:xx:xx:xx, length 28
      15:03:21.527089 ARP, Request who-has 192.168.32.254 tell 192.168.32.200, length 28
      15:03:21.527123 ARP, Reply 192.168.32.254 is-at 02:d5:7c:xx:xx:xx, length 28
      

      I have no connectivity on the iPad and it'll stay that way until I disable and re-enable the iPad's WiFi.  All my iPad does is make ARP requests except that DNS query right in the middle.  How is that possible?  How can the iPad make a successful DNS query to 192.168.32.254 when it's acting like it doesn't have an ARP entry for the same IP?

      I also noticed that many apps think they're offline, even though I'm still associated to the AP.  Has anyone ever noticed anything similar with pfSense and / or iOS devices?

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        Odd looking. Is it just that one iPad? Other wireless devices fine?

        It appears the ARP replies are being sent, but not all received on the iPad. What does it look like if you capture on the ath0_wlanX or whatever your WLAN interface is? That'll narrow it down a bit more to see whether it's making it from bridge0 to the wireless interface. Granted, I guess it'll be a while until it happens again.

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          Well clearly it must of gotten the arp that was being sent atleast long enough to send the query, and looks like got sent an answer as well.  I agree unless it know the mac, I do not see how it would of been able to send the dns query.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            Yeah it got at least one of those replies, but not likely all given it kept retrying the ARP request.

            1 Reply Last reply Reply Quote 0
            • R Offline
              ryan87
              last edited by

              @cmb:

              Odd looking. Is it just that one iPad? Other wireless devices fine?

              I think it's just the one device, but I'm not positive.  In this case my Windows 10 laptop had issues at the same time, but it recovered very quickly (~30s).  I was connected to another machine on my LAN via RDP and saw a lot of latency.  Ex: Each key press would take 500-1000ms to show up on the other end.

              I should have been clear, I don't necessarily think it's an issue with pfSense.  It's most likely an edge case where something doesn't recover correctly from a wireless error.  Since it happens so infrequently I might not ever track it down.

              I'll definitely try capturing on the wlan interface the next time it happens.  I wish I would have thought of that yesterday.  Thanks for the suggestion.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.