The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - mcfly9

Pages: [1]
1
DHCP and DNS / Re: No WAN IP since 2.4
« on: December 07, 2017, 04:53:14 pm »
Created an issue: https://redmine.pfsense.org/issues/8152

Issue has been closed. Looks like we need to collect more evidence that there is something wrong...

2
DHCP and DNS / Re: No WAN IP since 2.4
« on: December 01, 2017, 09:41:51 am »

3
DHCP and DNS / Re: No WAN IP since 2.4
« on: December 01, 2017, 09:28:19 am »
you can try and set a static ip on your pf-wan-port.
according to your log your modem has the internal ip 192.168.100.1. set your pf-wan-port to static with 192.168.100.2 and gateway 192.168.100.1.

does that work?

It won't work. The modem only temporarily assigns the IP 192.168.100.x while it boots. After it has booted it brings down the WAN port for 5 secs and brings it online again.
With pfSense 2.3.x I have been able to obtain a public IP address after this. With 2.4.x I don't get any IP after the modem has booted (and cycled the wan port).

4
DHCP and DNS / Re: No WAN IP since 2.4
« on: December 01, 2017, 09:19:15 am »
Any changes in 2.4.1 / 2.4.2?

5
DHCP and DNS / Re: No WAN IP since 2.4
« on: November 17, 2017, 07:11:05 am »
No, I am starting devices in the correct order to work it around. This makes it quite impossible to connect to the network remotely once it went into a bad state.

6
DHCP and DNS / No WAN IP since 2.4
« on: November 09, 2017, 01:12:56 pm »
Hello,

Ever since updating to 2.4.1, I am not getting a WAN IP after my cable modem reboots. Tried release/renew IP, rebooting pfSense but no luck.

Code: [Select]
Nov 9 19:56:42 dhclient 21222 hn1 link state up -> down
Nov 9 19:56:46 dhclient 21222 DHCPREQUEST on hn1 to 192.168.100.1 port 67
Nov 9 19:56:47 dhclient 21222 DHCPREQUEST on hn1 to 192.168.100.1 port 67
Nov 9 19:56:47 dhclient 21222 hn1 link state down -> up
Nov 9 19:56:47 dhclient 21222 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:56:47 dhclient 21222 DHCPNAK from 10.229.0.1
Nov 9 19:56:47 dhclient 21222 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 1
Nov 9 19:56:47 dhclient 21222 DHCPOFFER from 10.229.0.1
Nov 9 19:56:47 dhclient ARPSEND
Nov 9 19:56:49 dhclient ARPCHECK
Nov 9 19:56:49 dhclient 21222 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:56:51 dhclient 21222 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:56:56 dhclient 21222 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:56:56 dhclient 84434 connection closed
Nov 9 19:56:56 dhclient 84434 exiting.
Nov 9 19:56:59 dhclient 60445 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:57:01 dhclient 60445 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:57:05 dhclient 60445 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:57:09 dhclient 60445 DHCPREQUEST on hn1 to 255.255.255.255 port 67
Nov 9 19:57:15 dhclient 60445 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 2
Nov 9 19:57:17 dhclient 60445 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 2
Nov 9 19:57:19 dhclient 60445 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 5
Nov 9 19:57:24 dhclient 60445 DHCPDISCOVER on hn1 to 255.255.255.255 port 67 interval 8
Nov 9 19:57:28 dhclient 61193 connection closed
Nov 9 19:57:28 dhclient 61193 exiting.


The only way, I was able to get a WAN IP was to power off my cable modem and pfsense as well, power on the modem, wait for it to boot and then boot pfsense. If I reboot pfSense after this, I still get (the same WAN IP) and also release/renew works fine, even with relinquishing the IP.

I have no problems with the same configuration on 2.3.5.

Any ideas why this might be happening? My theory is that upon rebooting my modem, first it boots with a dhcpserver assigning an ip in range 192.168.100.x, before toggling the WAN link and assigning a valid WAN IP. Somehow pfSense doesn't like this and won't pick up the newly offered IP.
 

7
IPv6 / Re: Selective RA advertising?
« on: September 02, 2017, 02:48:27 pm »
Thanks everyone for your answers!

8
IPv6 / Re: Selective RA advertising?
« on: September 02, 2017, 10:00:17 am »
Yup, that's exactly what I am trying on a third site.

9
IPv6 / Re: Selective RA advertising?
« on: September 02, 2017, 09:42:21 am »
Why do you have 2 routers?  You're making things difficult.  You could manually add routes to the devices on the LAN.  But RAs are not intended to do what you want.  They only advertise themselves.  If you had multiple routers, you could use a routing protocol, such as RIP or OSPF to advertise routes to other routers, but individual computers generally don't support that.  What is the other router?  Does it support VPNs?  Why not put it in bridge mode.

Thanks, this answers my original question.

The other router is a dumb ISP router. On a longer run I will migrate all routing to pfSense and eliminate the two routers. This will make the current issue obsolete.

10
IPv6 / Re: Selective RA advertising?
« on: September 02, 2017, 09:07:14 am »
Here's it in even clearer picture.

Code: [Select]
===================== LAN1 ==================
    I                  I                 I
    I                  I                 I
computers           pfSense            router --+----------------------------> IPv4 Internet
                       I                        +------ tunnelbroker.net ----> IPv6 Internet
                       I                                                           
                       I OpenVpn site-to-site                                 
                       I                                                           
                       I                                                           
computers           pfSense            router --+------ tunnelbroker.net ----> IPv6 Internet
    I                  I                 I      +----------------------------> IPv4 Internet
    I                  I                 I
===================== LAN2 ==================

11
IPv6 / Re: Selective RA advertising?
« on: September 02, 2017, 09:02:32 am »
The only reason for advertising a different route would be if there's another router on the LAN that could be used. Even then, that router would be expected to advertise itself.

If you read my post carefully and have a short peek on the diagram, you will see that this is exactly my case. pfSense is NOT my deafult router to the internet.

12
IPv6 / Re: Selective RA advertising?
« on: September 02, 2017, 08:49:39 am »
Yes, VPN is on pfSense. Routing tables in pfsense and router are set up to use the shortest routes. My question is how the routes can be influenced on the end-user computers.

I'll try to draw...

Code: [Select]
===================== LAN1 ==================
computers           pfSense            router --+------ IPv4 Internet
                       I                        +------ tunnelbroker.net ---- IPv6 Internet
                       I                                                           
                       I                                                           
                       I OpenVpn site-to-site (through v4 internet)                                 
                       I                                                           
                       I                                                           
computers           pfSense            router --+------ tunnelbroker.net ---- IPv6 Internet
                                                +------ IPv4 Internet
===================== LAN2 ==================

Option 1) If I turn on RA in pfsense, computers see two default routes:
- pfsense
- router

Option 2) If I turn off RA in pfsense, computers see one default route:
- router



In case of option1, my computers going to the v6 internet might use the pfsense->router->tunnelbroker->v6internet route which is one more hop than router->tunnelbroker->v6internet. Also, when going to LAN2, they might go through router->pfsense->openvpn->lan2 which is again one more hop than pfsense->openvpn->LAN2.

In case of option1, my computers going to the LAN2 will use the router->pfsense->openvpn->lan2 which is again one more hop than pfsense->openvpn->LAN2 would be.


I hope it's easier to see my dilemma now. I emphasize, I am able to do what I want using persistent routes on the computers but would want to have the v6 routes deployed to the computers in an automatic fashion if this is possible (I am using DHCP on v4).

13
IPv6 / Re: Selective RA advertising?
« on: September 02, 2017, 07:48:09 am »
I have two sites, each have a tunnelbroker link to the v6 internet with an average delay (~20-30ms). The two sites have the same ISP, so the v4-to-v4 link has much less delay (4ms). I have set up an OpenVPN tunnel between the two sites for v4 and v6 traffic as well and it is working well. pfSense does not act as a default router (yet) for the sites but is a second router on the network in the sites.

I am trying to "advertise" a route to the other site (available and working through pfsense's openvpn tunnel) to the computers on the network.

The problem is that if I turn on RA, it will generate a second default route on my clients which I would like to avoid (client -> pfsense -> router -> tunnelbroker -> v6 internet).

Is this even possible to do with RA?

I am using static routes on the clients to achieve this but it isn't a very scalable solution.

14
IPv6 / Re: Selective RA advertising?
« on: September 02, 2017, 07:19:07 am »
Anyone?

15
IPv6 / Selective RA advertising?
« on: August 13, 2017, 04:48:27 pm »
Hi,

I am not sure RA is the right thing to do this, so bear with me.

My pfsense is used to link two sites together. Both sites use ipv4 and ipv6.

When I turn RA on (router only), a default route is pushed to my clients with pfsense's IP. Is it possible to only push selected routes (remote site's subnet) through RA or RA will always push all routes found on pfsense?

Pages: [1]