Netgate SG-1000 microFirewall

Author Topic: One specific client has problem getting IP from DHCP (dhcpoffer is sent, but..)  (Read 202 times)

0 Members and 1 Guest are viewing this topic.

Offline rsaanon

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Hi folks,

I have a strange situation at hand with DHCP.  All wired/wireless clients, *except* for one wireless client (which actually used to work at some point),  are able to get DHCP IP assignment.  The fact that all other clients have no problem getting IP eliminates any networking/connectivity/routing/etc. issues.  This problem client is an iPhone7+ which worked until very recently.  No changes were made to networking etc. that I can think of.  Additionally, this problem client is able to successfully connect/get DHCP assigned IP to *other* WiFi networks.

So, the problem is specific to this iPhone7+ with this specific WLAN.

Below are the DHCP log entries of interest:
**********************************************************************************************
//This specific client is not getting IP from DHCP Server
//Client is either not receiving or not responding the DHCP Server's offer or is not able to send the DHCPREQUEST
//DHCP Negotiation stuck at DISCOVER->OFFER---->DISCOVER->OFFER
**********************************************************************************************
Code: [Select]
Dec 2 04:47:09 dhcpd DHCPOFFER on 172.24.24.160 to XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:47:09 dhcpd DHCPDISCOVER from XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:47:01 dhcpd DHCPOFFER on 172.24.24.160 to XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:47:01 dhcpd DHCPDISCOVER from XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:46:57 dhcpd DHCPOFFER on 172.24.24.160 to XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:46:57 dhcpd DHCPDISCOVER from XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:46:54 dhcpd DHCPOFFER on 172.24.24.160 to XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:46:54 dhcpd DHCPDISCOVER from XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:46:53 dhcpd DHCPOFFER on 172.24.24.160 to XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24
Dec 2 04:46:52 dhcpd DHCPDISCOVER from XX:XX:XX:XX:XX:1b (iPhone) via vmx1.24

**********************************************************************************************
//All other clients (one example below) has no problem getting the IP from DHCP
//Getting the standard DHCP protocol flow: DISCOVER->OFFER->REQUEST->ACK
**********************************************************************************************
Code: [Select]
Dec 2 04:46:41 dhcpd DHCPACK on 172.24.24.2 to XX:XX:XX:XX:XX:74 via vmx1.24
Dec 2 04:46:41 dhcpd DHCPREQUEST for 172.24.24.2 (172.24.24.250) from XX:XX:XX:XX:XX:74 via vmx1.24
Dec 2 04:46:41 dhcpd DHCPOFFER on 172.24.24.2 to XX:XX:XX:XX:XX:74 via vmx1.24
Dec 2 04:46:41 dhcpd DHCPDISCOVER from XX:XX:XX:XX:XX:74 via vmx1.24
**********************************************************************************************

Any insights/guidance would be greatly appreciated.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14407
  • Karma: +1334/-199
  • Not a pfSense employee, they cannot fire me...
    • View Profile
I would suggest you sniff to via what the offer contains exactly.  And if possible sniff at the client side to make sure its getting the offer, and if its sending the request and its just not getting to the dhcpd.

Since its an iphone 7 prob no way to sniff on the actual device - so what AP are you using?  If say a unifi AP or something running 3rd party firmware you should be able to actually sniff on the AP.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline V3lcr0

  • Full Member
  • ***
  • Posts: 183
  • Karma: +7/-0
    • View Profile
With some of the IOS updates Apple has added more granularity to WIFI settings, I have done the following with success:

1) Make sure your IOS is up-to-date
2) Go tp Settings -> Wifi -> then the "i" next to the SSID you are connected to then try click on "Renew Lease", Try "Forget This Network" and login again
3) Double check the "Configure IP" settings on your iPhone and "Configure DNS" settings
4) Nothing like a good restart on your iPhone

Hope that helps...

V

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Strange.
Using an iPhone 7 myself, during iOS 10.xx up until 11.2, didn't have any problems with it. Connects just fine using pFsense, the portal (AP, IPv4 only) or direct (secured Wifi - AP - IPv4 or IPv6).

Added to what @V3lcr0 proposes : Settings => General => Reinit => Reinit network settings (you will loose ALL registered Wifi passwords !)

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14407
  • Karma: +1334/-199
  • Not a pfSense employee, they cannot fire me...
    • View Profile
I have a iphone 7 as well, no issues.  Not on 11.2 yet, need ok from work to update it should come out this morning.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
I have a iphone 7 as well, no issues.  Not on 11.2 yet, need ok from work to update it should come out this morning.
Ask to update ? Mine just updated and informed me afterwards ...

Anyway : @V3lcr0 : I'm pretty sure you have an issue between the iPhone and pfSense, as it works ok for others.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14407
  • Karma: +1334/-199
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Oh phone is asking to update - but work doesn't "want" us updating until get the ok from DE.... Yeah its stupid, sometimes we see ok before update releases.  But with the email saying we can update there will also be a deadline, that if you do not update before date XYZ you will not be able to get your email, etc.. ;)
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline rsaanon

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Thanks everyone for taking time to respond.

A few more details:
- I have two iPhone-7+, one iPhone 6+  all w/ the latest iOS v11.2. 
- Only one of the 7+ has problems getting the IP from DHCP.  The other 7+ & 6+ get IP from DHCP w/o any problems.
- The problem seems specific to this particular 7+ AND a particular WLAN (ssid: data).  This 7+ is able to connect fine to another WLAN on the same AP.
- AP logs do show that this 7+ successfully connected/associated w/ the AP
---------------------------------
Some of the troubleshooting steps I've done:
- Forget network wifi network.  Re-establish connection.  No luck!
- Manually specify IP/subnet,DNS configuration:
    -- I do get a checkmark that shows the phone connected to the AP (wifi icon is visible), but at the bottom of SSID, I also see "No Internet Connection" in orange small text size.
    -- Able to ping loopback, but not the gateway.

Offline V3lcr0

  • Full Member
  • ***
  • Posts: 183
  • Karma: +7/-0
    • View Profile
I am on IOS 11.2....no issues here. Been working good...

I had an issue +/-30 days ago(a few times) when I restarted pfsense...strange but it only connected when a non Apple product went online first in my network(then worked going forward). Haven't seen this issue again...

I also had challenges when I was changing DNS settings in pfSense...

No recent issues on any Apple on my network, including iPad, AppleTV, iPhone(various models).

If it is working on other WLANs OK...I would look at: Do you have fixed IPs by WLAN? Aliases with this iPhone included? Rules with an alias? Did you try "renewing" lease on the iPhone?