Messages

Yes, i have confirmed the static assigned IP is the one that didn't get internet.

I ripped off the band aid and setup Kea DHCPv4.  Previously I was confused with the changes to the GUI but I found a migrate script that worked remarkeable well.

All issues are resolved after migrating to Kea DHCPv4.  So I guess the issue was something to do with the deprecated ISC DHCPv4.

Thanks for pushing me to finally update.

Hey I appreciate the response.  What I think you are saying is that the device pulls an IP when connected, and then I set a static reservation but the existing reservation still exists for that MAC.  That seems plausible, except for I just got a new mikrotick switch, which did not pull an IP via DHCP.  I had to login to the switch and manually change the IP address to my IP range, and then I made a static reservation in the router for that IP.  In this case, there was no dynamic reservation.  To be clear, the switch couldnt check for firmware updates until I rebooted the router. 

Does it work if you just restart the DHCP service?

Sorry, I didnt see your response until now.  No, restarting the DHCP v4 service does not allow new DHCP reservations to get internet.  In fact, I tried restarting all services shown on the dashboard and still no internet.  The only thing that works is to reboot the router which is a 3-4 minute internet outage.  It is frustrating for sure.

Likely I will build a second router and re-create all my configs and go thru setting up Kea DHCP since ISC is deprecated anyways.

Hey I appreciate the response, but I think I may have obfuscated the real question by explaining how my setup works.

What I'm trying to sort out is why newly reserved IPs won't get internet until I reboot the firewall. This is new behavior in the last few months or so. I shouldn't have to reboot for a valid DHCP IP to get out to the internet.

OPNsense 26.1.2 (although this was a problem on various 25xx versions)
ISC DHCPV4 (not sure this is relevant)

In order to keep my kids from using private MACs to get internet at night (I have schedules enabled), my lan DHCP scope is a /23.  I have my DHCP server set to give IPs out from the second /24. That /24 is blocked in the firewall.  Essentially, if a new MAC connects, it won't get internet until I make a DHCP reservation and put the IP in the first /24.  This has worked for years up until a few months ago, so I believe this setup is largely irrelevant.

Sometime in the last few months, I started having issues that IPs that I manually assign an IP from the first /24 that "should" have internet, they will not have internet until the firewall is rebooted.  This behavior is very odd and I don't think this is normal.  Is this a normal setting that I just don't know about, or is something messed up?

Sorry for the late reply.  I fixed it by switching my docker network from IPVLAN to MACVLAN and adding DHCP reservations for each container MAC in the router DHCP table.

My firewall was offline for about 4 months due to shipping, I believe the old version was probably 25.1.6 or close to it, and I just upgraded it to current [25.7.4].  Before I upgrade, all my docker containers that have static IPs could access the internet.  After the upgrade, they can't.  So something changed but I don't know what it is.  The docker network uses ipvlan which doesn't allow setting MAC addresses for the static IPs so pulling an IP from DHCP is not an option. 

I tried changing to macvlan on the docker host but that had it's own issues which are separate from this problem. 

If I change the network setting on the docker containers to use the docker host IP, then the router can ping them and vice versa. 

Does anyone know what setting in the firewall would cause this behavior.  Of note, I have two other docker hosts running exactly the same way but using pfsense router, and this behavior does not occur.

Thanks!