OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: Mr.Goodcat on February 07, 2018, 05:19:12 pm
-
Hi,
I'm using a cable modem (LAN IP 192.168.100.1) which hands out the IP 192.168.100.10 to OPN's WAN interface everytime it looses its connection to the ISP (as ISP's DHCP is unavailable). This somehow causes OPNSense to ignore all requests from LAN, forcing me to powercycle it manually. Therefore I'm looking for an option to reject leases on the WAN interface (i.e. from the cable modem). It seems pfsense provides this functionality, however I simply can't find the option on OPN. Any help to get this working would be greatly appreciated!
Here's a sample of the log file after the cable modem lost sync, maked by OPN's WAN interface (igb3) going down:
Feb 5 01:17:08 opnsense: /usr/local/etc/rc.newwanip: Aborted IP detection: Resolving timed out after 5622 milliseconds
Feb 5 01:17:02 opnsense: /usr/local/etc/rc.newwanip: Aborted IP detection: Resolving timed out after 5668 milliseconds
Feb 5 01:16:56 configd.py: [cd23c407-c465-4fd8-9b78-d6827340aad1] refresh url table aliases
Feb 5 01:16:56 configd.py: generate template container OPNsense/Filter
Feb 5 01:16:56 configd.py: [fb65fbed-ea52-4c87-96e8-5d2dc14683f2] generate template OPNsense/Filter
Feb 5 01:16:55 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 192.168.100.1
Feb 5 01:16:55 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.100.10) (interface: WAN[wan]) (real interface: igb3).
Feb 5 01:16:55 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'igb3'
Feb 5 01:16:51 opnsense: /usr/local/etc/rc.linkup: ROUTING: setting IPv4 default route to 192.168.100.1
Feb 5 01:16:07 configd_ctl.py: error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 65, in exec_config_cmd line = sock.recv(65536) timeout: timed out
Feb 5 01:15:53 opnsense: /usr/local/etc/rc.newwanip: Curl error occurred: Could not resolve host: dynupdate.no-ip.com
Feb 5 01:14:24 opnsense: /usr/local/etc/rc.newwanip: Aborted IP detection: Resolving timed out after 5638 milliseconds
Feb 5 01:14:18 opnsense: /usr/local/etc/rc.newwanip: Aborted IP detection: Resolving timed out after 5599 milliseconds
Feb 5 01:14:13 configd.py: [1c61f7db-4d68-4013-af84-b3d872e9c5c4] refresh url table aliases
Feb 5 01:14:12 configd.py: generate template container OPNsense/Filter
Feb 5 01:14:12 configd.py: [218b621f-ab9f-4147-a084-ed45160e66d6] generate template OPNsense/Filter
Feb 5 01:14:12 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 192.168.100.1
Feb 5 01:14:11 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.100.10) (interface: WAN[wan]) (real interface: igb3).
Feb 5 01:14:11 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'igb3'
Feb 5 01:14:07 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Feb 5 01:14:07 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Feb 5 01:14:07 configd.py: [a4d45c01-f5af-4529-9472-3353417bcc27] Linkup starting igb3
Feb 5 01:14:07 kernel: igb3: link state changed to UP
Feb 5 01:14:03 opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 37.201.100.1.
Feb 5 01:14:03 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Feb 5 01:14:03 configd.py: [6d803314-7ff0-4901-87f9-e2a432681405] Linkup stopping igb3
Feb 5 01:14:03 kernel: igb3: link state changed to DOWN
-
Why use DHCP on the WAN interface to the modem?
Is the configuration of the LAN interface of the cable modem locked?
If not, I would always assign a fixed IP addresses in that network (e.g. 92.168.100.3 for the OPNsense WAN Ifc in that case).
One could even restrict this network to /31 or /28 to limit the possible IPs in the DMZ, but this not
necessarily needed.
In the case that the cable modem could not deliver data, the interface to the OPNsense router should stay up.
If the cable modem forces a link-down on its NON-WAN interface when it loses connection on its WAN interface,
then I would consider this a BUG.
Just my 2cts
Axel
-
See https://github.com/opnsense/core/issues/2178
Cheers,
Franco
-
See https://github.com/opnsense/core/issues/2178
Cheers,
Franco
Hi Franco, thank you very much for the fast feedback!
Sorry for being dense, but when I switch configuration mode to advanced (which I need because of a supersede modifier) the "Reject leases from" option is not available (only in the GUI?). Any ideas?
Best,
Fabian
-
Hey Fabian,
You use a config file override?
The statement is:
reject ip-address;
Also see the manual page:
# man dhclient.conf
Cheers,
Franco
-
Hey Fabian,
You use a config file override?
The statement is:
reject ip-address;
Also see the manual page:
# man dhclient.conf
Cheers,
Franco
I just use the option "supersede dhcp-server-identifier 255.255.255.255" as discussed in https://forum.opnsense.org/index.php?topic=4533.msg31870#msg31870 (https://forum.opnsense.org/index.php?topic=4533.msg31870#msg31870).
OK thanks, I'll try to build a new config and see if that works. It'll have to wait though, as I'm currently not on site and don't want to risk locking myself out. However, assuming it works, having the option to configure this via GUI would be great - it's quicker and there's less risk of a typo breaking the entire dhcp client.
Thanks!
-
Hey Fabian,
You use a config file override?
The statement is:
reject ip-address;
Also see the manual page:
# man dhclient.conf
Cheers,
Franco
Hi Franco,
creating a custom dhclient.conf with the reject command works as intended. Nevertheless it would still be good if one could configure this purely from the GUI. This would also help in case one needs to restore a previous configuration, as one wouldn't have to remember to add an extra conf file (and the settings it contains).
Also, I found some new (?) issues with interface names, but I'll start another thread for that.
Thanks for your help in solving this!
Best,
Fabian
-
Hi Fabian,
Understood... try this and let me know if that works:
https://github.com/opnsense/core/commit/20ad5b
# opnsense-update 20ad5b
Cheers,
Franco
-
Hi Fabian,
Understood... try this and let me know if that works:
https://github.com/opnsense/core/commit/20ad5b
# opnsense-update 20ad5b
Cheers,
Franco
Hi Fanco,
thanks for the update! Will try it in the next few days and get back to you once I know if it worked.
Cheers,
Fabian
-
Hi Franco,
after applying the patch, adjusting the settings to reject reases from 192.168.100.1 and power cycling the cable modem - opnsense got an IP from 192.168.100.1... So while the patch enables the "reject leases" option in the GUI, the desired funtionality is missing. Had to reboot my opn box, as even after switching back to my own dhclient.conf some issues persisted (e.g. NTPd was dead and wouldn't restart). Seems like opn really doesn't like having LAN IPs on both LAN and WAN interfaces at the same time.
Best,
Fabian
-
Hi Fabian,
You are right. Would have been too easy.
https://github.com/opnsense/core/commit/c6dc3dbd2
# opnsense-patch c6dc3dbd2
Cheers,
Franco
-
Hi Franco,
the patch works flawlessly :D The settings are also included when exporting the configuration which is great.
Thank you very much for all your effort!
Best,
Fabian
-
It's all part of 18.1.3. Enjoy! 8)