[SOLVED] not getting IP via DHCP on WAN

[hardwarechaos]

Hi there,

after my ISP finally made it possible to use own chosen routers (by changing their route to a brigde) I am eager to switch to opnsense.
But for some "weird" reason I don't get a IP4 address on the WAN interface (and therefore 6rd won't work either).
If I use the same hardware (just changing the USB Stick) with OpenWRT I instantly get my addresses (IP4 and 6).
And if plugging in a Fritzbox I get addresses too.

Tried changing "Block private" and "Block bogon" already, although should not have an effect, because the WAN IP I should be getting is 100.64.74.29/16.
Changed firewall to allow any incoming traffic too.

Any ideas highly appreciated.

THX
   Chaos

[Zeitkind]

Normally you have to give your ISP the MAC of the new DHCP-client aka router. Sometimes via web, sometimes even via good ole telephone. Did you do this and/or try to clone the MAC of your old router?

[hardwarechaos]

Hi,
Not necessary with my isp.
And the MAC is the same as with Openwrt. The same machine, just a different OS and no spoofing involved.

THX
Chaos

[echappatte]

Hello,

Really strange, as the default behavior of WAN is to take in IP via DHCP, no other thing to do to achieve it.
In the WAN you should keep the "block bogon network", and if you have a real brige modem you can also keep "block private network" (but for testing it safe to remove it before the problem is solved, good idea).

But for now perhaps the problem is with the speed and duplex ? Are you in autoselect ?
With your ISP do you have to set an hostname ?

If you plug your WAN in another network with a DHCP, OPNsense gets an IP ?

[hardwarechaos]

Hi,

it is strange indeed.
Thanks for the good ideas.

Tried to set a hostname yesterday already, but no difference.

Speed and duplex is set to auto and link is up.

So the next step I am gonna try is to put a DHCP in front of WAN and see if that works.

Is there a logging option for the dhcp request part?
On the openwrt i could log the udhcpc output and see what the ISP "provides" me.

Update: Connected the WAN to another Router and the interface gets an IP.

Thing I did so far:
- I started over with a different USB Stick and new config.
- Changed WAN from em0 to re0

Any further ideas appreciated.
Or maybe BSD is a bit picky because the 6rd config also gets delivered via DHCP?

Not blaming the ISP, since any other device I connected worked.

THX
   Chaos

[bartjsmit]

I would:

Try with IPv6 disabled to exclude that as an influence.

Run tcpdump on the OPNsense WAN interface and look at the traces with Wireshark to see if where the DHCP protocol fails.

Try a different NIC. I had issues with an Intel on the WAN and ended up with a Realtek. YMMV.

Bart...

[hardwarechaos]

Hi,

IPv6 is disabled and I tried a realtek instead of the intel already.

Started a packet capture and it shows a couple of discovers like:

Code: [Select]

10 11.434240 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x1cc2488aBut apperently no DHCP offer.

Meanwhile tested IPFire and instantly got an IPv4 address.
Next I try pfsense.

Super annoying.

THX
   Chaos

[chemlud]

...did you wait some hours to obtain an IP? (is it a fixed IP?)

Otherwise: package capture on device that gets an IP and look for differences in DCHPDISCOVER.

My bet is on the ISP/the briged router not passing on the request. Would look around in that config to stop any filtering etc...

[hardwarechaos]

Hi,

pfsense brings the same results as opnsense :-/

It seems that my provider does not answer the requests and give me an address, but i doubt they try to filter it.

TCPDump of OpenWRT

Code: [Select]

root@Hauptrouter:~# tcpdump -i eth0 port 67 or port 68 -e -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:55:34.454468 00:15:17:91:07:c8 > 02:00:00:00:00:22, ethertype IPv4 (0x0800), length 342: 100.64.74.29.68 > 100.64.0.1.67: BOOTP/DHCP, Request from 00:15:17:91:07:c8, length 300
11:55:34.482541 02:00:00:00:00:22 > 00:15:17:91:07:c8, ethertype IPv4 (0x0800), length 364: 100.64.0.1.67 > 100.64.74.29.68: BOOTP/DHCP, Reply, length 322
TCPDump of pfsense

Code: [Select]

[2.3.2-RELEASE][root@pfSense.localdomain]/root: tcpdump -i em0 port 67 or port 68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:44:23.192518 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
20:44:40.831473 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
20:44:42.789420 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
20:44:44.223050 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
20:44:48.185863 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:15:17:91:07:c8 (oui Unknown), length 300
Out of ideas...


THX
   Chaos

[Zeitkind]

Put a hub in front to be sure to capture all packets with a third machine. Just set this eg. laptop to a static IP like 10.2.3.4 and capture in promiscuous mode.
ISP - Modem - hub - router and laptop
A switch with an admin/mirror/monitor/whatever-it-is-called port will do the same.

[csmall]

My ISP will only issue an IP to one mac address. In order to change routers/interfaces I need to make sure I release my IP first. If I don't, I won't get an address.

That being said, is it possible that your interfaces are swapped when using OPNsense? Your LAN and WAN interfaces could be reversed and your ISP won't issue the IP to the wrong interface.

Just an idea. Good luck.

[hardwarechaos]

Hi there,

thanks for the ideas.
MAC is the same (see tcpdump examples).
And my ISP does not mind, because if I use a Fritzbox router I still get an IP and that one has a different MAC.

Due to time related issues I might try the port mirroring switch next week. Meanwhile I am gonna write my ISP and see if they can find something.

THX
Chaos

[hardwarechaos]

Hi there,

problem is fixed.
Had a nice talk with my isp and it is really necessary to wait one hour, so that the DHCP lease time is expired.

THX
   Chaos

[echappatte]

Hi there,

problem is fixed.
Had a nice talk with my isp and it is really necessary to wait one hour, so that the DHCP lease time is expired.

THX
   Chaos

Thanks for the feedback ! It's annoying for testing... but at least now you can enjoy your opnSense

[hardwarechaos]

Hi

Thanks for the feedback ! It's annoying for testing... but at least now you can enjoy your opnSense

sadly not, because I can't get IPV6 to work via 6rd.

THX
   Chaos