pfSense Forum

pfSense English Support => DHCP and DNS => Topic started by: mcfly9 on November 09, 2017, 01:12:56 pm

Title: No WAN IP since 2.4
Post by: mcfly9 on November 09, 2017, 01:12:56 pm
Hello,

Ever since updating to 2.4.1, I am not getting a WAN IP after my cable modem reboots. Tried release/renew IP, rebooting pfSense but no luck.

Code: [Select]
Nov 9 19:56:42 dhclient 21222 hn1 link state up -> down
Nov 9 19:56:46 dhclient 21222 DHCPREQUEST on hn1 to 192.168.100.1 port 67
Nov 9 19:56:47 dhclient 21222 DHCPREQUEST on hn1 to 192.168.100.1 port 67
Nov 9 19:56:47 dhclient 21222 hn1 link state down -> up
Nov 9 19:56:47 dhclient 21222 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:56:47 dhclient 21222 DHCPNAK from 10.229.0.1
Nov 9 19:56:47 dhclient 21222 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 1
Nov 9 19:56:47 dhclient 21222 DHCPOFFER from 10.229.0.1
Nov 9 19:56:47 dhclient ARPSEND
Nov 9 19:56:49 dhclient ARPCHECK
Nov 9 19:56:49 dhclient 21222 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:56:51 dhclient 21222 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:56:56 dhclient 21222 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:56:56 dhclient 84434 connection closed
Nov 9 19:56:56 dhclient 84434 exiting.
Nov 9 19:56:59 dhclient 60445 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:57:01 dhclient 60445 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:57:05 dhclient 60445 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:57:09 dhclient 60445 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:57:15 dhclient 60445 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 2
Nov 9 19:57:17 dhclient 60445 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 2
Nov 9 19:57:19 dhclient 60445 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 5
Nov 9 19:57:24 dhclient 60445 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 8
Nov 9 19:57:28 dhclient 61193 connection closed
Nov 9 19:57:28 dhclient 61193 exiting.


The only way, I was able to get a WAN IP was to power off my cable modem and pfsense as well, power on the modem, wait for it to boot and then boot pfsense. If I reboot pfSense after this, I still get (the same WAN IP) and also release/renew works fine, even with relinquishing the IP.

I have no problems with the same configuration on 2.3.5.

Any ideas why this might be happening? My theory is that upon rebooting my modem, first it boots with a dhcpserver assigning an ip in range 192.168.100.x, before toggling the WAN link and assigning a valid WAN IP. Somehow pfSense doesn't like this and won't pick up the newly offered IP.
 
Title: Re: No WAN IP since 2.4
Post by: xrnd88 on November 17, 2017, 06:59:15 am
I'm having the exact same issue. Did you find any way to resolve this?
Title: Re: No WAN IP since 2.4
Post by: mcfly9 on November 17, 2017, 07:11:05 am
No, I am starting devices in the correct order to work it around. This makes it quite impossible to connect to the network remotely once it went into a bad state.
Title: Re: No WAN IP since 2.4
Post by: xrnd88 on November 17, 2017, 07:12:34 am
yeah it's a pain. My temporary solution is a script that reboots the pfsense box if the network has been down for 20 minutes.
Title: Re: No WAN IP since 2.4
Post by: mcfly9 on December 01, 2017, 09:19:15 am
Any changes in 2.4.1 / 2.4.2?
Title: Re: No WAN IP since 2.4
Post by: Birke on December 01, 2017, 09:26:07 am
you can try and set a static ip on your pf-wan-port.
according to your log your modem has the internal ip 192.168.100.1. set your pf-wan-port to static with 192.168.100.2 and gateway 192.168.100.1.

does that work?
Title: Re: No WAN IP since 2.4
Post by: mcfly9 on December 01, 2017, 09:28:19 am
you can try and set a static ip on your pf-wan-port.
according to your log your modem has the internal ip 192.168.100.1. set your pf-wan-port to static with 192.168.100.2 and gateway 192.168.100.1.

does that work?

It won't work. The modem only temporarily assigns the IP 192.168.100.x while it boots. After it has booted it brings down the WAN port for 5 secs and brings it online again.
With pfSense 2.3.x I have been able to obtain a public IP address after this. With 2.4.x I don't get any IP after the modem has booted (and cycled the wan port).
Title: Re: No WAN IP since 2.4
Post by: mcfly9 on December 01, 2017, 09:41:51 am
Created an issue: https://redmine.pfsense.org/issues/8152
Title: Re: No WAN IP since 2.4
Post by: Ulf-Ulf-Ulf on December 07, 2017, 01:32:21 pm
Hi there,

I have the same problem. As you can see in the logs my WAN connection suddenly just went down.
(https://www1.xup.in/exec/ximg.php?fid=65048191) (https://www.xup.in/dl,65048191/001-nointernet.png/)


As long as I keep my pfSense box unconnected it looks like this.
(https://www1.xup.in/exec/ximg.php?fid=90914080) (https://www.xup.in/dl,90914080/002-wannocable.png/)


When I connect it to the modem it looks like this.
(https://www1.xup.in/exec/ximg.php?fid=21218436) (https://www.xup.in/dl,21218436/003-wanwithcable.png/)

This is happening on two locations where I'm using pfSense firewall. For both locations the modem is in Bridgemode with a static IPv4 address. If I connect my notebook to the modem it works fine. I get a public IP assigned and I'm good to go. Connecting the pfSense firewall results in the shown behavior above.

Let me know how I may help resolving this issue. I will do my best.

Thanks in advance. Cheers. Ulf
Title: Re: No WAN IP since 2.4
Post by: mcfly9 on December 07, 2017, 04:53:14 pm
Created an issue: https://redmine.pfsense.org/issues/8152

Issue has been closed. Looks like we need to collect more evidence that there is something wrong...
Title: Re: No WAN IP since 2.4
Post by: Ulf-Ulf-Ulf on December 08, 2017, 04:14:23 am
I'm at work right now. Here are the informations I gathered until now. I grabbed one of my Qotom boxes (although they are called Kettop on german amazon. However they look identical).

I installed a fresh 2.3.5 version on it. Configured WAN to use DHCP and thats about it. Since the issue seemingly startet with 2.4 I thought this would help. Surprisingly I didn't.

Fresh install. No Cable connected to the modem.
(https://preview.ibb.co/gExL2w/01_pfsense_Cable_Test1.png) (https://ibb.co/fgNnhw)

Cable connected. Issue looks the same as in 2.4.x
(https://preview.ibb.co/eAjdpb/02_pfsense_Cable_Test1.png) (https://ibb.co/bLyShw)

However I do get an IP via DHCP if I connect my notebook to the modem.
(http://image.ibb.co/iHNZCw/03_pfsense_Cable_Test1.png) (http://imgbb.com/)

Since I get a valid DHCP lease from the ISP on my notebook I thought I work arround the issue by setting a static config in pfsense. Sadly this did not work either
(http://preview.ibb.co/id1SXw/04_pfsense_Cable_Test1.png) (http://ibb.co/g5RuCw)

Given the fact that 2.3.5 and earlier versions worked without any hassle for months. And this issue occurred (at least for me) out of nothing (no update, no reboot, nothing), for now I'm not very confident this is a pfsense bug. Or at least not exclusive to pfsense. It would be very interesting to know if my cable ISP pushed some updates to the modem recently. I don't know though where to find such info. These things are blackboxes :(

Sorry no easy solution. But this might help others somehow.

Ulf

//edit: Fri 8-Dec-2017 02:53 P.M.

I did a bit more testing. I plugged in a Windows 7 machine.

At first windows was unable to get a dhcp lease from the modem.
(http://preview.ibb.co/fNRrQG/01_windowsnodhcp.png) (http://ibb.co/eqqJ5G)

But after a modem restart my Windows 7 machine got an IP lease.
(http://preview.ibb.co/eZjZeb/02_windowsdhcp.png) (http://ibb.co/ntYSzb)

The modem itself is running a status page on 192.168.100.1. From there it seems the latest firmware is from 2015.
(http://preview.ibb.co/ixWQkG/03_cablemodeminfo1.png) (http://ibb.co/cYSy5G)
(http://preview.ibb.co/dqQUCw/03_cablemodeminfo2.png) (http://ibb.co/j1ohXw)

While browsing this forum I came across multiple posts (https://forum.pfsense.org/index.php?topic=114566.msg636716;topicseen#msg636716) saying it could help to block leases from 192.168.100.1 on the WAN port. So I did that. Problem still there. :(
Title: Re: No WAN IP since 2.4
Post by: Ulf-Ulf-Ulf on December 11, 2017, 01:35:50 am
For now I disabled bridge mode. It don't know why but it seems the problems do not appear when there is NAT enabled. (at home as well at my workplace)  ???
I try to contact my ISP. We'll see how that goes...
Title: Re: No WAN IP since 2.4
Post by: Birke on December 11, 2017, 07:22:44 am
While browsing this forum I came across multiple posts (https://forum.pfsense.org/index.php?topic=114566.msg636716;topicseen#msg636716) saying it could help to block leases from 192.168.100.1 on the WAN port. So I did that. Problem still there. :(
hmm, since the modem has the 192.168.100.1 at boot time, maybe you could try: disable the "Block private networks and loopback addresses" option on the interface and dont block the leases from 192.168.100.1.

you could also try disabling "Gateway Monitoring" in the routing options (or set a specific ip as monitor ip, for example 8.8.8.8).
Title: Re: No WAN IP since 2.4
Post by: Ulf-Ulf-Ulf on December 14, 2017, 04:55:10 am
While browsing this forum I came across multiple posts (https://forum.pfsense.org/index.php?topic=114566.msg636716;topicseen#msg636716) saying it could help to block leases from 192.168.100.1 on the WAN port. So I did that. Problem still there. :(
hmm, since the modem has the 192.168.100.1 at boot time, maybe you could try: disable the "Block private networks and loopback addresses" option on the interface and dont block the leases from 192.168.100.1.

you could also try disabling "Gateway Monitoring" in the routing options (or set a specific ip as monitor ip, for example 8.8.8.8).

I tried that. No success. In the meantime my ISP decided to send me a new modem. I don't know how that would help, but hey. I would rather try than do nothing.
Title: Re: No WAN IP since 2.4
Post by: Derelict on December 14, 2017, 05:07:56 am
Someone should probably packet capture instead of looking at logs.

It is almost always beneficial to reject leases from 192.168.100.1 when you have cable modem service.