Hi,
I did the upgrade last Night which went fine. One hour ago I realized a PC did not receive anymore a IP address from the DHCP server. Looking into the OPNsense dashboard I realized the DHCP Server was down. First I restarted the Service, which did not help. I restarted the Router, did not help either.
The log does not say a lot. What can I do to provide you with details to get to the root cause.
(I have put 15.1.12 in place)
One thing I like to say. This is the first time since March my OPNsense let me down. Absolutely great work, gratulations to the team.
Regards Jakob
Jul 3 12:47:01 dhcpd: exiting.
Jul 3 12:47:01 dhcpd:
Jul 3 12:47:01 dhcpd: the README file.
Jul 3 12:47:01 dhcpd: send them to the appropriate mailing list as described in
Jul 3 12:47:01 dhcpd: help directly to the authors of this software - please
Jul 3 12:47:01 dhcpd: Please do not under any circumstances send requests for
Jul 3 12:47:01 dhcpd:
Jul 3 12:47:01 dhcpd: submitting bug reports and requests for help.
Jul 3 12:47:01 dhcpd: mailing list, please read the section on the README about
Jul 3 12:47:01 dhcpd: If you intend to request help from the dhcp-bugs at isc.org
Jul 3 12:47:01 dhcpd: yet read the README, please read it before requesting help.
Jul 3 12:47:01 dhcpd: If you did get this software from ftp.isc.org and have not
Jul 3 12:47:01 dhcpd:
Jul 3 12:47:01 dhcpd: requesting help.
Jul 3 12:47:01 dhcpd: get the latest from ftp.isc.org and install that before
Jul 3 12:47:01 dhcpd: If you did not get this software from ftp.isc.org, please
Jul 3 12:47:01 dhcpd:
Jul 3 12:47:01 dhcpd: no such user: dhcpd
Jul 3 12:47:01 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jul 3 12:47:01 dhcpd: All rights reserved.
Jul 3 12:47:01 dhcpd: Copyright 2004-2015 Internet Systems Consortium.
Jul 3 12:47:01 dhcpd: Internet Systems Consortium DHCP Server 4.2.8
You only get that message in the logs when the dhcpd.conf has an error in it.
Providing the conf file would provide more insight probably.
The identical config file is running fine with 15.1.12
Gesendet von iPhone mit Tapatalk
Hi,
here is the /var/dhcpd/etc/dhvpd.conf.
I have removed most of the hosts. If needed I can sent it via pm.
The structure of the dhcpd entries look fine in the config file.
root@OPNsense:/var/dhcpd/etc # cat dhcpd.conf
option domain-name "teamstrebel.ch";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;
option arch code 93 = unsigned integer 16; # RFC4578
default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;
subnet 192.168.10.0 netmask 255.255.255.0 {
pool {
range 192.168.10.210 192.168.10.240;
}
option routers 192.168.10.1;
option domain-name-servers 192.168.10.1;
}
host s_lan_0 {
hardware ethernet 34:15:9e:09:0f:32;
fixed-address 192.168.10.10;
option host-name "idefix";
}
host s_lan_1 {
hardware ethernet 00:c0:ee:aa:19:71;
option dhcp-client-identifier "printer";
fixed-address 192.168.10.30;
option host-name "kyocera1370";
}
subnet 172.22.0.0 netmask 255.255.240.0 {
pool {
range 172.22.0.10 172.22.1.100;
}
option routers 172.22.0.1;
option domain-name-servers 172.22.0.1;
}
root@OPNsense:/var/dhcpd/etc #
root@OPNsense:/var/dhcpd/etc # ls -l
total 8
-rw-r--r-- 1 root wheel 4255 Jul 3 15:10 dhcpd.conf
root@OPNsense:/var/dhcpd/etc #
Looks fine to me too.
It's been a whle since I used a UNIX DHCP server, but when you start the DHCP server deamon and it finds an error, it will show you a message like the one you get, but above what you posted should also be a part on which line something is wrong?
Thank your for your help.
I was looking in the log for a entry which would be meaningful and point into the right direction.
But this is not the case. I am wondering, is there a chance to control the dhcpd deamon in a way to produce more details.
jakob
Jakob, can you please provide output for the following commands:
# df
# pkg info
I think your package database is gone so the ports groups and users are gone (dhcpd is one of them).
Franco, thank you for the quick response.
here is what you asked:
df
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ufs/OPNsense0 933495 831425 27390 97% /
devfs 1 1 0 100% /dev
/dev/md0 118556 52 109020 0% /tmp
/dev/md1 118556 15520 93552 14% /var
devfs 1 1 0 100% /var/dhcpd/dev
root@OPNsense:~ # pkg info
apinger-0.6.1_3 IP device monitoring tool
ataidle-2.7.2 Utility to spin down ATA drives
beep-1.0_1 Beeps a certain duration and pitch out of the PC Speaker
bind910-9.10.2_5 BIND DNS suite with updated DNSSEC and DNS64
bsdinstaller-2.3_5 BSD Installer mega-package
bsnmp-regex-0.6_1 bsnmpd module allowing creation of counters from log files
bsnmp-ucd-0.4.1 bsnmpd module that implements parts of UCD-SNMP-MIB
ca_root_nss-3.19.1_1 Root certificate bundle from the Mozilla Project
choparp-20021107_4 Simple proxy arp daemon
clog-1.0.1_3 Circular log support for FreeBSD syslogd
cpdup-1.17_2 Comprehensive filesystem mirroring and backup program
cpustats-0.1 cpustats
curl-7.43.0_2 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers
dhcp6-20080615_2 KAME DHCP6 client, server, and relay
dhcpleases-0.2 read dhpcd.lease file and add it to hosts file
dnsmasq-2.73,1 Lightweight DNS forwarder, DHCP, and TFTP server
easy-rsa-2.2.2 Small RSA key management package based on openssl
expat-2.1.0_2 XML 1.0 parser written in C
expiretable-0.6_1 Utility to remove entries from the pf(4) table based on their age
filterdns-0.1 filterdns
filterlog-0.2 Parse pflog(4) output
freetype2-2.5.5 Free and portable TrueType font rendering engine
gettext-runtime-0.19.4 GNU gettext runtime libraries and programs
gmp-5.1.3_2 Free library for arbitrary precision arithmetic
idnkit-1.0_5 Library to handle internationalized domain names
ifinfo-10.1 Interface statistics reader
igmpproxy-0.1_2,1 Multicast forwarding IGMP proxy
indexinfo-0.2.3 Utility to regenerate the GNU info page index
isc-dhcp42-client-4.2.8 The ISC Dynamic Host Configuration Protocol client
isc-dhcp42-relay-4.2.8 The ISC Dynamic Host Configuration Protocol relay
isc-dhcp42-server-4.2.8 ISC Dynamic Host Configuration Protocol server
jansson-2.7 C library for encoding, decoding, and manipulating JSON data
libart_lgpl-2.3.21_2,1 Library for high-performance 2D graphics
libdaemon-0.14_1 Lightweight C library that eases the writing of UNIX daemons
libevent2-2.0.22_1 API for executing callback functions on events or timeouts
libffi-3.2.1 Foreign Function Interface
libhtp-0.5.16 Security-aware parser for the HTTP protocol
libiconv-1.14_8 Character set conversion library
libltdl-2.4.6 System independent dlopen wrapper
libmcrypt-2.5.8_2 Multi-cipher cryptographic library (used in PHP)
libnet-1.1.6_3,1 C library for creating IP packets
libpdel-0.5.3_6 Packet Design multi-purpose C library for embedded applications
libressl-2.2.0 Free version of the SSL/TLS protocol forked from OpenSSL
libxml2-2.9.2_3 XML parser library for GNOME
libyaml-0.1.6_2 YAML 1.1 parser and emitter written in C
lighttpd-1.4.35_5 Secure, fast, compliant, and flexible Web Server
lzo2-2.09 Portable speedy, lossless data compression library
minicron-0.0.2 very small cron
miniupnpd-1.9_1,1 UPnP IGD implementation which uses pf/ipf
mpd4-4.4.1_2 Multi-link PPP daemon based on netgraph(4)
mpd5-5.7_2 Multi-link PPP daemon based on netgraph(4)
nettle-2.7.1 Low-level cryptographic library
ntp-4.2.8p3 The Network Time Protocol Distribution
oniguruma4-4.7.1_1 BSDL Regular Expressions library compatible with POSIX/GNU/Perl
openldap-client-2.4.41 Open source LDAP client implementation
openssh-portable-6.8.p1_8,1 The portable version of OpenBSD's OpenSSH
openvpn-2.3.7 Secure IP/Ethernet tunnel daemon
opnsense-15.7 ea948fa3f
os-update-15.7 OPNsense system update utility
pcre-8.37_1 Perl Compatible Regular Expressions library
pecl-radius-1.2.7 Radius client library for PHP
perl5-5.20.2_5 Practical Extraction and Report Language
pftop-0.7_4 Utility for real-time display of statistics for pf
phalcon-2.0.3 Phalcon PHP Framework written in C-language
php-pfSense-0.2_4 Library for getting useful info
php-suhosin-0.9.37.1_1 PHP extension that implements high-level protections
php-xdebug-2.2.5 Xdebug extension for PHP
php56-5.6.10 PHP Scripting Language
php56-bcmath-5.6.10 The bcmath shared extension for php
php56-bz2-5.6.10 The bz2 shared extension for php
php56-ctype-5.6.10 The ctype shared extension for php
php56-curl-5.6.10 The curl shared extension for php
php56-dom-5.6.10 The dom shared extension for php
php56-filter-5.6.10 The filter shared extension for php
php56-gettext-5.6.10 The gettext shared extension for php
php56-hash-5.6.10 The hash shared extension for php
php56-json-5.6.10 The json shared extension for php
php56-ldap-5.6.10 The ldap shared extension for php
php56-mbstring-5.6.10 The mbstring shared extension for php
php56-mcrypt-5.6.10 The mcrypt shared extension for php
php56-mysql-5.6.10 The mysql shared extension for php
php56-openssl-5.6.10 The openssl shared extension for php
php56-pdo-5.6.10 The pdo shared extension for php
php56-pdo_sqlite-5.6.10 The pdo_sqlite shared extension for php
php56-session-5.6.10 The session shared extension for php
php56-simplexml-5.6.10 The simplexml shared extension for php
php56-sockets-5.6.10 The sockets shared extension for php
php56-sqlite3-5.6.10 The sqlite3 shared extension for php
php56-tokenizer-5.6.10 The tokenizer shared extension for php
php56-xml-5.6.10 The xml shared extension for php
php56-zlib-5.6.10 The zlib shared extension for php
pkg-1.5.4 Package manager
png-1.6.17 Library for manipulating PNG images
py27-Babel-1.3_2 Collection of tools for internationalizing Python applications
py27-Jinja2-2.7.3 Fast and easy to use stand-alone template engine
py27-MarkupSafe-0.23 Implements a XML/HTML/XHTML Markup safe string for Python
py27-pytz-2014.10,1 World Timezone Definitions for Python
py27-requests-2.7.0 HTTP library written in Python for human beings
py27-setuptools27-17.0 Python packages installer
py27-sqlite3-2.7.10_6 Standard Python binding to the SQLite3 library
py27-ujson-1.33 Ultra fast JSON encoder and decoder for Python
python27-2.7.10 Interpreted object-oriented programming language
radvd-1.9.7 Linux/BSD IPv6 router advertisement daemon
rate-0.9 Traffic analysis command-line utility
relayd-5.5.20140810_1 OpenBSD relay daemon
rrdtool12-1.2.30_7 Round Robin Database Tools v1.2
smartmontools-6.4 S.M.A.R.T. disk monitoring tools
sqlite3-3.8.10.2 SQL database engine in a C library
squid-3.5.3_1 HTTP Caching Proxy
sshlockout_pf-0.0.2_2 Automatically block IPs with failed SSH logins using pf(4)
strongswan-5.3.2 Open Source IKEv2 IPsec-based VPN solution
sudo-1.8.13 Allow others to run commands as root
suricata-2.0.8_1 High Performance Network IDS, IPS and Security Monitoring engine
syslogd-10.1_1 FreeBSD syslogd with additions
voucher-0.1_4 voucher support
wol-0.7.1_2 Tool to wake up Wake-On-LAN compliant computers
zip-3.0_1 Create/update ZIP files compatible with PKZIP
root@OPNsense:~ #
Same issue in my installation: dhcp is not working after the update.
The error is also the same:
dhcpd: no such user: dhcpd
If I look at the available users the user dhcpd doesn't exist anymore.
In my 2nd installation which still runs with 15.1.11.4 a user named dhcpd is available.
Try this on the console on a running system. Then restart dhcp. There likely is a race condition when using /var MFS (which is enabled on nano images by default).
# /usr/local/etc/rc.recover
Unfortunately this didn't help:
# /usr/local/etc/rc.recover
pkg: No packages installed
When I try to start dhcp afterwards I still have the same problem.
I also had a look into the rc.recover file. I saw that there are all users listed in $etc_master_passwd, but I cannot find a user named dhcpd there either.
below is the console output. After this command the dhcpservjer came back and provided a address to the client. But after a reboot the box showed the same error as reported.
Regards Jakob
# /usr/local/etc/rc.recover
===> Creating users and/or groups.
Creating group 'dhcpd' with gid '136'.
Creating user 'dhcpd' with uid '136'.
===> Creating users and/or groups.
Creating group '_relayd' with gid '913'.
Creating user '_relayd' with uid '913'.
===> Creating users and/or groups.
Creating group 'squid' with gid '100'.
Creating user 'squid' with uid '100'.
root@OPNsense:~ #
mibuthu, please provide output for the commands I have mentioned above. You have a similar problem, but a different cause.
Jakob, yes, that is the race condition on boot I was suspecting. Disabling /var MFS helps, but it takes two reboots to "fix" the problem.
The pkg database lives in /var/db/pkg, which is transitioned to /root/var/db/pkg on /var MFS mount, where pkg itself won't find it. My bad. A permanent fix will be available early next week.
Franco, thanks for the advice. I disabled the the RAM disk and restarted the box twice. After this the box seems to behave normal. DHCPD was running. But bringing the Box back to the production Network the old problem was back. I wait until 15.7.1. Thanks again for your great work. Everybody who has experience in networking knows, its impossible to test things even with the best testbed.
Jakob
Can confirm this behaviour after today's upgrade. I also ran /usr/local/etc/rc.recover which brought the DHCP server back for now.
Jakob, do you mean "production" as in you brought back /var MFS? That'll bring back the bug.
I don't know about this. It is fixable and there'll be a fix today, with 15.7.1 out hopefully on Wednesday, but it'll happen again some day. I still remember the times we had the "no firmware updates available" issues, which correspond to the same problem class.
Maybe there is something I can do with pkgng in that regard that it won't point to a stale directory/database by default anymore. More on this later today.
Franco,
I disabled the Ramdisk (/var) and did a double boot. On the testbed it seemed working normal. But Back in the Production network. ( I mean the full office network) the problem was back.
I am more than happy the help you out with some testing to track down the root cause. But you do not need to do a special for me. Jakob
This takes care of woes with the package database by keeping a /var/db/pkg symlink in the real file system after the move, at least as long as our /var MFS on/off migration works:
https://github.com/opnsense/core/commit/b60f5a3d6c7c208cba20fb03fb0169afc7046a1b
Unfortunately, it'll require anyone with /var MFS usage to disable, reboot, enable, reboot. I do not want to add more than this clean fix to not introduce another issue now or in the future.
A temporary workaround is to switch /var MFS off till 15.7.1.
Jakob has helped to verify that the fix works as intended. Thank you all for the participation. :)
I'm confused
I have the same issue. I applied the rc.recover stuff and reboot and nothing changed, still stuck with a non working brick unable to provide IP address to LAN.
system log continue to claim :
OPNsense opnsense: /usr/local/etc/rc.bootup: The command '/bin/sh /tmp/dhcpd.sh' returned exit code '1', the output was 'chown: dhcpd: illegal group name'
It's on an Alix with 4 Gb Flash, fresh install from openssl_nano & upgrade to 15.7.2.
If you have any advise it will be very helpful.
Best regards
Just guessing. Alix has just 256mb memory. Could this be the root cause the upgrade does not work?
Gesendet von iPhone mit Tapatalk
The release notes for 15.7.1 state the following:
If you are being affected by the DHCP server startup issue reboots are necessary in order to fix the root cause. Please follow these steps:
1. Upgrade to 15.7.1 using your preferred method.
2. Disable RAM disks in "System: Settings: Misc." and reboot.
3. Enable RAM disks in "System: Settings: Misc." and reboot.
4. The DHCP server will now startup correctly.
@Franco, Sorry I was assuming your upgrade instructions where properly followed. Jakob
No worries, Jakob. Maybe they were, but I saw no indication thereof. The fix is a little non-obvious since we can't mount/remount on the fly without breaking the operational status of the system. Better to make sure this non-obvious fix is as visible as possible. :)
I had this problem as well. What I saw in the logs was this:
opnsense: /status_services.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid em0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.8 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ no such user: dhcpd If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-bugs at isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the appropriate mailing list as described in the README file. exiting
I checked /etc/passwd and sure enough there was no dhcpd user. The next closest thing was "_dhcp":
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
I ssh'd in and manually created a system account named dhcpd, gave it rights to the pid file dhcpd wanted and the service started properly at the next request.
The fix does not survive a reboot. I am running RAM disks like OP.
Quote from: kaipanoi on July 12, 2015, 02:32:38 AM
I had this problem as well. What I saw in the logs was this:
opnsense: /status_services.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid em0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.8 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ no such user: dhcpd If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-bugs at isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the appropriate mailing list as described in the README file. exiting
I checked /etc/passwd and sure enough there was no dhcpd user. The next closest thing was "_dhcp":
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
I ssh'd in and manually created a system account named dhcpd, gave it rights to the pid file dhcpd wanted and the service started properly at the next request.
The fix does not survive a reboot. I am running RAM disks like OP.
Did you read, and do as mentioned in, post #21? Two whole posts above yours?
To fix the issue (from fresh openssl_nano install with 15.7.2 updates) I've done the following :
1) boot
2) from console as root (to get IP adress for LAN) :
/usr/local/etc/rc.recover
/bin/sh /tmp/dhcpd.sh
/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid vr0 vr2
3) Disable RAM disks in "System: Settings: Misc."
4) Reboot (from web GUI)
After reboot still same credentials issue : "The command '/bin/sh /tmp/dhcpd.sh' returned exit code '1', the output was 'chown: dhcpd: illegal group name'"
5) Tried from console another time :
/usr/local/etc/rc.recover
/bin/sh /tmp/dhcpd.sh
/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid vr0 vr2
=> then dhcpd starts.
6) reboot (from web gui)
After reboot dhcpd was working !
7) Enable RAM disks in "System: Settings: Misc."
8) Reboot from webGUI
=> Back to normal working operations !!