dhclient ignoring offers

blakktux · June 15, 2021, 10:28:07 PM

I'm having trouble getting DHCP to work on WAN.

I have an AT&T fiber connection typically connected via a BGW210-700. Cert extraction, wpa_supplicant, etc all works just fine. DHCP does not.

Here is output from system log view on the portal:

Code Select

2021-06-15T16:01:25	dhclient[96673]	Starting delete_old_states()	
2021-06-15T16:01:25	dhclient[8410]	No working leases in persistent database - sleeping.	
2021-06-15T16:01:25	dhclient[8410]	No DHCPOFFERS received.	
2021-06-15T16:01:06	dhclient[8410]	DHCPDISCOVER on bxe0 to 255.255.255.255 port 67 interval 19	
2021-06-15T16:00:47	dhclient[8410]	DHCPDISCOVER on bxe0 to 255.255.255.255 port 67 interval 19	
2021-06-15T16:00:30	dhclient[8410]	DHCPDISCOVER on bxe0 to 255.255.255.255 port 67 interval 17	
2021-06-15T16:00:24	dhclient[8410]	DHCPDISCOVER on bxe0 to 255.255.255.255 port 67 interval 6	
2021-06-15T16:00:24	dhclient[93706]	Starting delete_old_states()

I ran tcpdump on the WAN interface and see offers coming back (uniquely identifiable information is replaced with 'x's):

Code Select

16:00:30.312209 IP (tos 0xc0, ttl 64, id 20041, offset 0, flags [none], proto UDP (17), length 331)
    x.x.x.x.bootps > x.x.x.x.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 303, xid 0xxxxxxxxx, Flags [none] (0x0000)
          Your-IP x.x.x.x
          Server-IP x.x.x.x
          Gateway-IP x.x.x.x
          Client-Ethernet-Address xx:xx:xx:xx:xx:xx (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: x.x.x.x
            Lease-Time Option 51, length 4: 3600
            Subnet-Mask Option 1, length 4: 255.255.254.0
            BR Option 28, length 4: x.x.x.x
            Default-Gateway Option 3, length 4: x.x.x.x
            Domain-Name-Server Option 6, length 8: x.x.x.x,x.x.x.x
            Client-ID Option 61, length 7: ether xx:xx:xx:xx:xx:xx
            Hostname Option 12, length 8: "OPNsense"
16:00:47.656117 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx (oui Unknown), length 300, xid 0xxxxxxxxx, secs 23, Flags [none] (0x0000)
          Client-Ethernet-Address xx:xx:xx:xx:xx:xx (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Requested-IP Option 50, length 4: 136.55.173.54
            Client-ID Option 61, length 7: ether xx:xx:xx:xx:xx:xx
            Hostname Option 12, length 8: "OPNsense"
            Parameter-Request Option 55, length 10:
              Subnet-Mask, BR, Time-Zone, Classless-Static-Route
              Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
              Option 119, MTU
16:00:47.681437 IP (tos 0xc0, ttl 64, id 21322, offset 0, flags [none], proto UDP (17), length 331)
    x.x.x.x.bootps > x.x.x.x.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 303, xid 0xxxxxxxxx, Flags [none] (0x0000)
          Your-IP x.x.x.x
          Server-IP x.x.x.x
          Gateway-IP x.x.x.x
          Client-Ethernet-Address xx:xx:xx:xx:xx:xx (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: x.x.x.x
            Lease-Time Option 51, length 4: 3600
            Subnet-Mask Option 1, length 4: 255.255.254.0
            BR Option 28, length 4: x.x.x.x
            Default-Gateway Option 3, length 4: x.x.x.x
            Domain-Name-Server Option 6, length 8: x.x.x.x,x.x.x.x
            Client-ID Option 61, length 7: ether xx:xx:xx:xx:xx:xx
            Hostname Option 12, length 8: "OPNsense"
16:01:06.836082 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx (oui Unknown), length 300, xid 0xxxxxxxxx, secs 42, Flags [none] (0x0000)
          Client-Ethernet-Address xx:xx:xx:xx:xx:xx (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Requested-IP Option 50, length 4: 136.55.173.54
            Client-ID Option 61, length 7: ether xx:xx:xx:xx:xx:xx
            Hostname Option 12, length 8: "OPNsense"
            Parameter-Request Option 55, length 10:
              Subnet-Mask, BR, Time-Zone, Classless-Static-Route
              Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
              Option 119, MTU
16:01:06.860762 IP (tos 0xc0, ttl 64, id 22595, offset 0, flags [none], proto UDP (17), length 331)
    x.x.x.x.bootps > x.x.x.x.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 303, xid 0xxxxxxxxx, Flags [none] (0x0000)
          Your-IP x.x.x.x
          Server-IP x.x.x.x
          Gateway-IP x.x.x.x
          Client-Ethernet-Address xx:xx:xx:xx:xx:xx (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: x.x.x.x
            Lease-Time Option 51, length 4: 3600
            Subnet-Mask Option 1, length 4: 255.255.254.0
            BR Option 28, length 4: x.x.x.x
            Default-Gateway Option 3, length 4: x.x.x.x
            Domain-Name-Server Option 6, length 8: x.x.x.x,x.x.x.x
            Client-ID Option 61, length 7: ether xx:xx:xx:xx:xx:xx
            Hostname Option 12, length 8: "OPNsense"

I'm at my wits end with this. I can even get DHCP6 to work, but not DHCP4 so I doubt it's the link.

franco · June 16, 2021, 10:15:41 AM

Hi,

Strange but hopefully solvable. :)

Can you try to see if dhclient produces any more output by calling it manually?

# dhclient -d -c /var/etc/dhclient_wan.conf <interface>

Only recently we worked on VLAN-0 support from stray ISPs, but since tcpdump doesn't show a VLAN on the offer this may not be your issue.

At least tcpdump and dhclient both use the same mechanism to read the packet so for some reasons it is being ignored in the code.

Cheers,
Franco

franco · June 16, 2021, 10:24:50 AM

PS: One follow-up question would be if you use Sensei or Suricata in IPS mode on the WAN interface?

dhclient ignoring offers

blakktux

June 15, 2021, 10:28:07 PM

franco

June 16, 2021, 10:15:41 AM #1

franco

June 16, 2021, 10:24:50 AM #2