WAN Interface UP/DOWN every 24 hours

[tek411]

Greetings all,

I have a newly installed OPNsense 23.7.10_1 installed on a protectli FW4B with 8/120.  The system works excellent except for one issue.  My WAN interface seems to be flapping at exactly the same time every 24 hours and I am trying to figure out why that is.

This is what I see in my logs.  The connection issue resolves on its own within 1-2 minutes however I would prefer that it not go down like this of course.  I am using XFINITY with an ARRIS modem.  I am thinking this has something to do with DHCP and it first tries to get a private address before its assigned the public address according to these logs.  I do have private address blocked on WAN.

Any ideas how to fix?  TIA.

[Patrick M. Hausen]

Are you sure it isn't your provider forcing a reconnect every 24 hours? Common practice e.g. here in Germany. Do they have a support forum? Maybe ask that question there.

[jbhorner]

My guess would be DHCP as well. Out of curiosity, I searched to see if there was a way for you to see how long the lease was for your DHCP address on the WAN interface. I did find the following that might help you troubleshoot it a bit more: https://www.reddit.com/r/opnsense/comments/xphlfp/is_there_a_way_to_check_wan_uptime_or_dhcp_lease/

What I've seen on a DHCP WAN renewal is that the WAN interface changes to the private IP on your modem (for my brand it's 192.168.100.1) and then eventually changes to the assigned IP from your ISP. I didn't dig into your log enough to see if that is what was happening.

[tek411]

Yes that's what appears to be happening.  Thanks for the link I will try to collect some more data.

[tek411]

My guess would be DHCP as well. Out of curiosity, I searched to see if there was a way for you to see how long the lease was for your DHCP address on the WAN interface. I did find the following that might help you troubleshoot it a bit more: https://www.reddit.com/r/opnsense/comments/xphlfp/is_there_a_way_to_check_wan_uptime_or_dhcp_lease/

What I've seen on a DHCP WAN renewal is that the WAN interface changes to the private IP on your modem (for my brand it's 192.168.100.1) and then eventually changes to the assigned IP from your ISP. I didn't dig into your log enough to see if that is what was happening.

If I have block private address enabled on WAN would that cause an issue?  My CM is doing the same thing based on the logs.  Its giving the 192.168.100.x addressing and since that is a private address its blocked on the WAN.  From the logs it appears as if the ethernet cable from the WAN is being unplugged.  It shows DOWN and then 6 seconds later shows UP.  Then 5 seconds later the dhclient throws an error "connection closed".

When I login to my Arris CM I see this in the event logs around the same time:
Thu Jan 01 00:01:44 1970   3   No Ranging Response received - T3 time-out;CM-MAC=[REMOVED];CMTS-MAC=[REMOVED];CM-QOS=1.1;CM-VER=3.0;

It looks like my cable modem is rebooting.  Update on the web interface for cable model shows uptime of 16h.

[tek411]

My guess would be DHCP as well. Out of curiosity, I searched to see if there was a way for you to see how long the lease was for your DHCP address on the WAN interface. I did find the following that might help you troubleshoot it a bit more: https://www.reddit.com/r/opnsense/comments/xphlfp/is_there_a_way_to_check_wan_uptime_or_dhcp_lease/

What I've seen on a DHCP WAN renewal is that the WAN interface changes to the private IP on your modem (for my brand it's 192.168.100.1) and then eventually changes to the assigned IP from your ISP. I didn't dig into your log enough to see if that is what was happening.

If I have block private address enabled on WAN would that cause an issue?  My CM is doing the same thing based on the logs.  Its giving the 192.168.100.x addressing and since that is a private address its blocked on the WAN.  From the logs it appears as if the ethernet cable from the WAN is being unplugged.  It shows DOWN and then 6 seconds later shows UP.  Then 5 seconds later the dhclient throws an error "connection closed".

When I login to my Arris CM I see this in the event logs around the same time:
Thu Jan 01 00:01:44 1970   3   No Ranging Response received - T3 time-out;CM-MAC=[REMOVED];CMTS-MAC=[REMOVED];CM-QOS=1.1;CM-VER=3.0;

It looks like my cable modem is rebooting.  Uptime on the web interface for cable model shows uptime of 16h.

[jbhorner]

If I have block private address enabled on WAN would that cause an issue?  My CM is doing the same thing based on the logs.  Its giving the 192.168.100.x addressing and since that is a private address its blocked on the WAN.  From the logs it appears as if the ethernet cable from the WAN is being unplugged.  It shows DOWN and then 6 seconds later shows UP.  Then 5 seconds later the dhclient throws an error "connection closed".

When I login to my Arris CM I see this in the event logs around the same time:
Thu Jan 01 00:01:44 1970   3   No Ranging Response received - T3 time-out;CM-MAC=[REMOVED];CMTS-MAC=[REMOVED];CM-QOS=1.1;CM-VER=3.0;

It looks like my cable modem is rebooting.  Uptime on the web interface for cable model shows uptime of 16h.

I'm not sure what you mean by a block of Private IP addresses on the WAN. They are generally blocked by default, unless you de-selected that option for the WAN interface. I have blocked them on my WAN interface, as well as BOGONS. Although private IP addresses aren't routable on the Internet, it's still a good security measure to leave the box checked.

Your ISP can reboot your modem as well. I don't use an Arris modem (nor am I on Comcast), but I'm relatively sure there is nothing in the modem that tells it to reboot every 24 hours. I'm reaching here, as I do not have direct knowledge of how Arris and/or Comcast work--it could be that a renew initiates a modem reboot. Mine does not do that, but it's really apples/oranges.

Do you own the modem, or is it theirs? I bought my own because I hated the Spectrum-provided modem. (It failed to indicate an outage when there was one, and when it boots it isn't only time to get coffee--it's literally drive to Pete's/Coffee Bean/Starbucks to get the coffee...it was that long.

[tek411]

Thank you for your reply.  I own the modem and it is several years old.  Its an Arris SB6190.  I logged into it and cleared the logs.  No reboot last night so Xfinity must have been having some issues in the area (we are pretty rural here).

Whatever the issue was it would appear it was on the Xfinity side because I read that error is caused by power/signal issues. It's just really odd that it was rebooting exactly 24 hours apart.

[jbhorner]

Damn ISPs... 

My ISP fun is their changing my IPv6 prefix delegation randomly. Plays heck with my network, as I do not have the option of going SLAAC only due to the inability to block inter-VLAN IPv6 hosts but allow others through.

Glad you're up and running.