Issue with WAN Interface dropping internet every 24 hours

[mikey00]

So i am running as a VM through proxmox, everything typically works just fine with my 1gb internet, i get close the same speeds my Netgear Nighthawk router was getting.
The issue is the WAN interface keeps dropping connection when it does its DHCP Renewal at 5AM sometimes it works just fine then other times the interface goes DOWN and internet is no longer working. A reboot always fixes the issue and internet comes back for the day typically.
I am using a Spoofed Mac address because i orginally thought it was the mac address because we would lose internet and the connection never came back after reboot. if i changed the Mac address to a spoofed one it worked just fine.

I am not sure what information to provide. keep in mind i am a Network admin so this is not rocket science for me but we are missing something on this end as this shouldnt be happening. is there a setting somewhere in opnsense that needs to be changed?

[mikey00]

is support for this dead? is this why so many issues with software?

[franco]

I would say nobody answered so far.

Is this a pass-through to a modem? If the link does not down/up and the lease is still valid DHCP will have no way of knowing to reload....

You can set a cron job for this, but it is only as good as the expected disconnect time and if the window is missed the above problem remains true.



Cheers,
Franco

[chemlud]

I have a cable ISP (router set to bridge mode) with OPNsense and DHCP on WAN. From time to time I request a fresh IP by changing the MAC for WAN. For the last 8 months or so this doesn't work without a reboot of OPNsense and the bridged router.

Bonus: For the last 2-3 months, the box get's an IP and everything is up for 2-5 min, including all tunnels and then the connection is interrupted (no IP on WAN) and a second reboot is needed. It's a pain, but I think it's on the side of the ISP (the DHCP server on WAN had a 10.0.0.0/16 IP last time I checked...), no time to check with them. The ISP always tries to send me a new router (selling point: "It's white !1!!eleven!!"), I guess this new router cannot be set to bridge mode anymore...

[Vilhonator]

You need to disable "block private IPs" from OpnSenses WAN interface settings.

10.0.0.0/16 ip block is reserved for private networks,  not sure if OpnSense is able to get public IP that way (you might see ip like 10.172.1.1/24 or any private IP on Opnsense WebGui, but by googling, you'll see if both router and opnsense share same public IP), but it is able to connect to the internet as long as routes are correct and your ISP router has internet connection.

OpnSense WAN interface prevents itself from getting IPs which are reserved for private networks by default, and you need to disable that every time you aren't directly connecting WAN to the internet.

[chemlud]

...
10.0.0.0/16 ip block is reserved for private networks,  not sure if OpnSense is able to get public IP that way (you might see ip like 10.172.1.1/24 or any private IP on Opnsense WebGui, but by googling, you'll see if both router and opnsense share same public IP), but it is able to connect to the internet as long as routes are correct and your ISP router has internet connection.

OpnSense WAN interface prevents itself from getting IPs which are reserved for private networks by default, and you need to disable that every time you aren't directly connecting WAN to the internet.

Please read again, the ISP router is bridged. The ISP DHCP server is somewhere in 10.0.0.0/16. I can get a public IP on WAN of OPNsense, but only after 2 reboots.

[Vilhonator]

Please read again, the ISP router is bridged. The ISP DHCP server is somewhere in 10.0.0.0/16. I can get a public IP on WAN of OPNsense, but only after 2 reboots.

That's basically what it does, gives you private IP because you are trying to copy IP of your router (MAC address spoofing basically allows you to combine multiple firewalls or routers by "spoofing" DHCP server with MAC address which is stored in DHCP leases.

If you set opnsense wan to spoof MAC address of a interface which IP is 192.168.1.1/24, then your OpnSense WAN IP is 192.168.1.1/24 and you need to disable private network block from it.

Another which you could try, is to setup your router so, that every single port on it gives devices public IP to any device. That ofc will expose your router completely to the internet (switches and access points do that when they are directly connected to the internet)

Anyway, you have to reboot your OpnSense everytime public IP changes, because the wan port doesn't have direct connection to the internet.

[chemlud]

It worked without reboot for years. And the MAC I spoof for WAN is complete fake (the second half, at least).

Please, my point is: The problem is most likely on the ISP side. @TO: Have a look at your syslog for DHCP and see what fails (even better: a wireshark on the WAN...).

[dwasifar]

You can set a cron job for this, but it is only as good as the expected disconnect time and if the window is missed the above problem remains true.

As a temporary workaround, instead of relying on the cron schedule completely, he could schedule a test script to see if the interface is active (ping yahoo.com, say), and do the restart only if it fails.

[Vilhonator]

It worked without reboot for years. And the MAC I spoof for WAN is complete fake (the second half, at least).

Please, my point is: The problem is most likely on the ISP side. @TO: Have a look at your syslog for DHCP and see what fails (even better: a wireshark on the WAN...).

Have you tried if releasing and renewing WAN IP on OpnSense solves the issue same way reboot does?

If so, then your OpnSense might just have wrong release time.

Certain routers might have something called lengthen expiry (or similar, different brands have different label for it and can't remember exact term, since it's been years when I had to play with internet ----> router <----> firewall topology).

First of all your issue shouldn't require reboot, what should work, is just release the IP and renew it (lazy way would be disabling network interface, wait for 1 minute and enable it again or detaching ethernet cable wait for 1 minute and attach it back)

[chemlud]

Have you tried if releasing and renewing WAN IP on OpnSense solves the issue same way reboot does?

Definitely. Won't help. But where is the TO? Any news?

[Vilhonator]

Definitely. Won't help. But where is the TO? Any news?

What do you mean by TO?

[chemlud]

https://www.dict.cc/?s=thread+opener+TO

;-)

[mikey00]

So the way mine works is daily it attempts to renew the ip but never establishes connection to the DHCP server. it keeps the same ip but no internet. if i reboot it works fine this process works for about 2 weeks. then at the 2 weekish mark i can reboot 10 times and it never gets internet, i change the mac address and boom its back online again. i think it maybe tied to duplicate mac address found on the DHCP server. being that i am using spoofed mac addresses.

[Vilhonator]

think it maybe tied to duplicate mac address found on the DHCP server. being that i am using spoofed mac addresses.

That most likely is the reason, another what might be reason, is if you setup static WAN IP on the device, which is spoofing mac addresses.

If I'm not mistaken, static IPs don't get requests sent by ISPs to confirm connections existence, so your device is connected to internet until ISP sends next request.