Print Page - picky DHCP on WAN

Title: picky DHCP on WAN
Post by: TheSHAD0W on June 11, 2026, 09:44:28 PM

I've been having issues with connecting to my DSL provider's service on opnsense. It will occasionally connect but not for longer than a few hours and it may take hours to reconnect. I've tested with kali, mint and win10 and all three are able to connect, though it does seem to take a bit longer than it ought to. Some options taken from the gemini llm improved the situation a bit but not acceptably; the connection would still tend to drop after a while. (It also seems the router doesn't attempt to renew the lease until right at the very end of the lease term.) It looks to me like the provider is dropping most of the packets it receives from opnsense, but is more permissive from other sources. I've replacing the ethernet adapter too. (Both are intel i350 type.)

Quoteroot@router:/var/etc # cat /var/etc/dhclient.igb2.conf
interface "igb2" {
timeout 60;
retry 15;
select-timeout 0;
initial-interval 1;
script "/usr/local/opnsense/scripts/interfaces/dhclient-script";
supersede interface-mtu 0;
}

QuoteFlags   up
broadcast
running
promisc
simplex
multicast
lower_up
Capabilities   rxcsum
txcsum
vlan_mtu
vlan_hwtagging
jumbo_mtu
vlan_hwcsum
tso4
tso6
lro
wol_ucast
wol_mcast
wol_magic
vlan_hwfilter
vlan_hwtso
netmap
rxcsum_ipv6
txcsum_ipv6
hwstats
mextpg
Options   vlan_mtu
vlan_hwtagging
jumbo_mtu
vlan_hwcsum
wol_magic
vlan_hwfilter
vlan_hwtso
hwstats
mextpg
MAC Address   80:61:5f:08:00:74 - Beijing Sinead Technology Co.
Ltd.
Supported Media   autoselect
1000baseT
1000baseT full-duplex
100baseTX full-duplex
100baseTX
10baseT/UTP full-duplex
10baseT/UTP
Physical   true
Device   igb2
mtu   1500
macaddr_hw   80:61:5f:08:00:74
Media   100baseTX <full-duplex>
Media (Raw)   Ethernet autoselect (100baseTX <full-duplex>)
Status   up
nd6
flags
performnud
ifdisabled
auto_linklocal
Identifier   opt7
Description   WANdsl
Enabled   true
Link Type   dhcp
addr4
addr6
VLAN Tag
Gateways
Driver   igb2
Index   7
Promiscuous Listeners   1
Send Queue Length   0
Send Queue Max Length   50
Send Queue Drops   0
Type   Ethernet
Address Length   6
Header Length   18
Link State   2
vhid   0
Data Length   152
Metric   0
Line Rate   100.00 Mbit/s
Packets Received   3320
Input Errors   0
Packets Transmitted   90121
Output Errors   0
Collisions   0
Bytes Received   318664
Bytes Transmitted   10446593
Multicasts Received   426
Multicasts Transmitted   0
Input Queue Drops   0
Packets for Unknown Protocol   0
Hardware Offload Capabilities   0x0
Uptime at Attach or Statistics Reset   1

example of a successful handshake:

Quote13:59:59.313540 80:61:5f:08:00:74 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 80:61:5f:08:00:74, length 300, xid 0x29715326, Flags [none] (0x0000)
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Discover
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
     Hostname (12), length 6: "router"
     Parameter-Request (55), length 10:
     Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
     Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
     Unknown (119), MTU (26)
14:00:12.315311 80:61:5f:08:00:74 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 80:61:5f:08:00:74, length 300, xid 0x29715326, secs 13, Flags [none] (0x0000)
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Discover
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
     Hostname (12), length 6: "router"
     Parameter-Request (55), length 10:
     Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
     Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
     Unknown (119), MTU (26)
14:00:28.356093 80:61:5f:08:00:74 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 80:61:5f:08:00:74, length 300, xid 0x29715326, secs 29, Flags [none] (0x0000)
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Discover
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
     Hostname (12), length 6: "router"
     Parameter-Request (55), length 10:
     Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
     Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
     Unknown (119), MTU (26)
14:00:38.407528 80:61:5f:08:00:74 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 80:61:5f:08:00:74, length 300, xid 0x29715326, secs 39, Flags [none] (0x0000)
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Discover
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
     Hostname (12), length 6: "router"
     Parameter-Request (55), length 10:
     Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
     Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
     Unknown (119), MTU (26)
14:00:51.408343 80:61:5f:08:00:74 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 80:61:5f:08:00:74, length 300, xid 0x29715326, secs 52, Flags [none] (0x0000)
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Discover
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
     Hostname (12), length 6: "router"
     Parameter-Request (55), length 10:
     Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
     Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
     Unknown (119), MTU (26)
14:01:01.459540 80:61:5f:08:00:74 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 80:61:5f:08:00:74, length 300, xid 0xddf175e3, Flags [none] (0x0000)
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Discover
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
     Hostname (12), length 6: "router"
     Parameter-Request (55), length 10:
     Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
     Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
     Unknown (119), MTU (26)
14:01:01.654312 08:96:ad:5a:db:c1 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 355: (tos 0xc0, ttl 30, id 48761, offset 0, flags [none], proto UDP (17), length 341)
104.193.102.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 313, xid 0xddf175e3, Flags [none] (0x0000)
     Your-IP 104.193.102.85
     Gateway-IP 104.193.102.1
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Offer
     Subnet-Mask (1), length 4: 255.255.255.0
     Default-Gateway (3), length 4: 104.193.102.1
     Domain-Name-Server (6), length 12: 199.27.156.34,199.27.156.35,167.254.227.7
     Hostname (12), length 6: "router"
     Domain-Name (15), length 12: "dellcity.com"
     Lease-Time (51), length 4: 3600
     Server-ID (54), length 4: 199.27.156.55
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
14:01:02.669840 80:61:5f:08:00:74 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 80:61:5f:08:00:74, length 300, xid 0xddf175e3, Flags [none] (0x0000)
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Request
     Server-ID (54), length 4: 199.27.156.55
     Requested-IP (50), length 4: 104.193.102.85
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
     Hostname (12), length 6: "router"
     Parameter-Request (55), length 10:
     Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
     Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
     Unknown (119), MTU (26)
14:01:11.679729 80:61:5f:08:00:74 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 80:61:5f:08:00:74, length 300, xid 0xddf175e3, Flags [none] (0x0000)
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Request
     Server-ID (54), length 4: 199.27.156.55
     Requested-IP (50), length 4: 104.193.102.85
     Client-ID (61), length 7: ether 80:61:5f:08:00:74
     Hostname (12), length 6: "router"
     Parameter-Request (55), length 10:
     Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
     Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
     Unknown (119), MTU (26)
14:01:11.866296 08:96:ad:5a:db:c1 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 355: (tos 0xc0, ttl 30, id 56185, offset 0, flags [none], proto UDP (17), length 341)
104.193.102.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 313, xid 0xddf175e3, Flags [none] (0x0000)
     Your-IP 104.193.102.85
     Gateway-IP 104.193.102.1
     Client-Ethernet-Address 80:61:5f:08:00:74
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: ACK
     Subnet-Mask (1), length 4: 255.255.255.0
     Default-Gateway (3), length 4: 104.193.102.1
     Domain-Name-Server (6), length 12: 199.27.156.34,199.27.156.35,167.254.227.7
     Hostname (12), length 6: "router"
     Domain-Name (15), length 12: "dellcity.com"
     Lease-Time (51), length 4: 3600
     Server-ID (54), length 4: 199.27.156.55
     Client-ID (61), length 7: ether 80:61:5f:08:00:74

Example of handshake from other device:

Quote13:06:35.855113 08:8f:c3:6d:33:fd > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 333: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 319)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 08:8f:c3:6d:33:fd, length 291, xid 0xa3745acd, secs 1, Flags [none] (0x0000)
     Client-Ethernet-Address 08:8f:c3:6d:33:fd
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Discover
     Client-ID (61), length 7: ether 08:8f:c3:6d:33:fd
     Parameter-Request (55), length 17:
     Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
     Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
     Default-Gateway (3), Static-Route (33), YD (40), YS (41)
     NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
     RP (17)
     MSZ (57), length 2: 576
     Requested-IP (50), length 4: 104.193.102.50
     Hostname (12), length 7: "misaka4"
13:06:38.612918 08:8f:c3:6d:33:fd > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 333: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 319)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 08:8f:c3:6d:33:fd, length 291, xid 0x843f0ebf, secs 2, Flags [none] (0x0000)
     Client-Ethernet-Address 08:8f:c3:6d:33:fd
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Discover
     Client-ID (61), length 7: ether 08:8f:c3:6d:33:fd
     Parameter-Request (55), length 17:
     Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
     Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
     Default-Gateway (3), Static-Route (33), YD (40), YS (41)
     NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
     RP (17)
     MSZ (57), length 2: 576
     Requested-IP (50), length 4: 104.193.102.50
     Hostname (12), length 7: "misaka4"
13:06:38.751299 08:96:ad:5a:db:c1 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 356: (tos 0xc0, ttl 30, id 26121, offset 0, flags [none], proto UDP (17), length 342)
104.193.102.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 314, xid 0x843f0ebf, Flags [none] (0x0000)
     Your-IP 104.193.102.50
     Gateway-IP 104.193.102.1
     Client-Ethernet-Address 08:8f:c3:6d:33:fd
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Offer
     Subnet-Mask (1), length 4: 255.255.255.0
     Default-Gateway (3), length 4: 104.193.102.1
     Domain-Name-Server (6), length 12: 199.27.156.34,199.27.156.35,167.254.227.7
     Hostname (12), length 7: "misaka4"
     Domain-Name (15), length 12: "dellcity.com"
     Lease-Time (51), length 4: 3600
     Server-ID (54), length 4: 199.27.156.55
     Client-ID (61), length 7: ether 08:8f:c3:6d:33:fd
13:06:38.751530 08:8f:c3:6d:33:fd > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 339: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 325)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 08:8f:c3:6d:33:fd, length 297, xid 0x843f0ebf, secs 2, Flags [none] (0x0000)
     Client-Ethernet-Address 08:8f:c3:6d:33:fd
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Request
     Client-ID (61), length 7: ether 08:8f:c3:6d:33:fd
     Parameter-Request (55), length 17:
     Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
     Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
     Default-Gateway (3), Static-Route (33), YD (40), YS (41)
     NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
     RP (17)
     MSZ (57), length 2: 576
     Requested-IP (50), length 4: 104.193.102.50
     Server-ID (54), length 4: 199.27.156.55
     Hostname (12), length 7: "misaka4"
13:06:43.051749 08:8f:c3:6d:33:fd > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 339: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 325)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 08:8f:c3:6d:33:fd, length 297, xid 0x843f0ebf, secs 2, Flags [none] (0x0000)
     Client-Ethernet-Address 08:8f:c3:6d:33:fd
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Request
     Client-ID (61), length 7: ether 08:8f:c3:6d:33:fd
     Parameter-Request (55), length 17:
     Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
     Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
     Default-Gateway (3), Static-Route (33), YD (40), YS (41)
     NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
     RP (17)
     MSZ (57), length 2: 576
     Requested-IP (50), length 4: 104.193.102.50
     Server-ID (54), length 4: 199.27.156.55
     Hostname (12), length 7: "misaka4"
13:06:47.497671 08:8f:c3:6d:33:fd > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 339: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 325)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 08:8f:c3:6d:33:fd, length 297, xid 0x843f0ebf, secs 2, Flags [none] (0x0000)
     Client-Ethernet-Address 08:8f:c3:6d:33:fd
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: Request
     Client-ID (61), length 7: ether 08:8f:c3:6d:33:fd
     Parameter-Request (55), length 17:
     Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
     Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
     Default-Gateway (3), Static-Route (33), YD (40), YS (41)
     NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
     RP (17)
     MSZ (57), length 2: 576
     Requested-IP (50), length 4: 104.193.102.50
     Server-ID (54), length 4: 199.27.156.55
     Hostname (12), length 7: "misaka4"
13:06:47.691162 08:96:ad:5a:db:c1 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 356: (tos 0xc0, ttl 30, id 32265, offset 0, flags [none], proto UDP (17), length 342)
104.193.102.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 314, xid 0x843f0ebf, Flags [none] (0x0000)
     Your-IP 104.193.102.50
     Gateway-IP 104.193.102.1
     Client-Ethernet-Address 08:8f:c3:6d:33:fd
     Vendor-rfc1048 Extensions
     Magic Cookie 0x63825363
     DHCP-Message (53), length 1: ACK
     Subnet-Mask (1), length 4: 255.255.255.0
     Default-Gateway (3), length 4: 104.193.102.1
     Domain-Name-Server (6), length 12: 199.27.156.34,199.27.156.35,167.254.227.7
     Hostname (12), length 7: "misaka4"
     Domain-Name (15), length 12: "dellcity.com"
     Lease-Time (51), length 4: 3600
     Server-ID (54), length 4: 199.27.156.55
     Client-ID (61), length 7: ether 08:8f:c3:6d:33:fd

Title: Re: picky DHCP on WAN
Post by: TheSHAD0W on June 11, 2026, 10:18:52 PM

Also for reference: Here are the settings gemini recommended:

Quoteroot@router:/var/etc # cat dhclient.igb2.conf
interface "igb2" {
# timing values
backoff-cutoff 10;
initial-interval 10;
reboot 30;
retry 5;
select-timeout 1;
timeout 60;
# custom options
require dhcp-server-identifier;
always-broadcast true;
supersede dhcp-max-message-size 576;
supersede dhcp-parameter-request-list 1,28,2,121,3,15,6,12,119,26,57;
# standard settings
script "/usr/local/opnsense/scripts/interfaces/dhclient-script";
supersede interface-mtu 0;
}

Also got a *very* delayed DHCP ACK while testing these settings, which was interesting.

OPNsense Forum

English Forums => 26.1, 26,4 Series => Topic started by: TheSHAD0W on June 11, 2026, 09:44:28 PM