dnsmasq DHCP on 25.1.7: IPv6 works, but no IPv4 addresses

Vexz · May 19, 2025, 05:35:49 PM

It's me again, testing dnsmasq DHCP again, now that 25.1.7 is out.

My dnsmasq DHCP configuration didn't change from when I was on 25.1.6, but now on 25.1.7 my clients don't get a new DHCPv4 lease anymore. DHCPv6 is working fine though. In the logs I see the following:

Code Select

2025-05-19T17:20:30 Informational dnsmasq-dhcp DHCP, IP range 10.0.0.20 -- 10.0.0.254, lease time 1dThat indicates it should work, right? I tested it on an Android client and a Linux PC. A reboot of my OPNsense didn't fix the issue.

Here's my range configuration for DHCPv4:

Let me know if I can provide more information to help you fix this.

dinguz · May 19, 2025, 06:50:48 PM

A reboot may be required because DNSmasq modifies firewall settings, but these changes don't appear to be fully applied when using the 'Apply' button in the DNSmasq menu. As a result, client requests may not reach DNSmasq.

Vexz · May 19, 2025, 08:14:32 PM

Quote from: dinguz on May 19, 2025, 06:50:48 PMA reboot may be required because DNSmasq modifies firewall settings, but these changes don't appear to be fully applied when using the 'Apply' button in the DNSmasq menu. As a result, client requests may not reach DNSmasq.

Quote from: Vexz on May 19, 2025, 05:35:49 PMA reboot of my OPNsense didn't fix the issue.

Javier® · May 19, 2025, 09:01:02 PM

Hello, what static IP do you have on LAN and network mask?

julsssark · May 19, 2025, 09:27:38 PM

Are you seeing any blocked DHCP traffic on the LAN interface in Firewall->Live View?

nitro2879 · May 19, 2025, 11:17:18 PM

I am having a similar problem on my OPNsense setup when attempting to switch to dnsmasq DHCP. I have followed the steps in the documentation, complete with integration into Unbound, however, I am unable to get an IPv4 address. I am seeing "Default Deny/State Violation Rule" blocks in live firewall logs for DHCP traffic. If I disable dnsmasq and switch back to ISC, it works immediately.

The Friendly Ghost · May 20, 2025, 03:26:03 AM

Same issue here, have not yet taken the time to dive too deep into this unfortunately though.
The ranges I have set are:

interface	start	end	mode	domain
LAN	10.20.1.1		static
LAN	10.20.1.101	10.20.1.150		my.domain
Guest	10.20.50.101	10.20.50.150		guest.my.domain

No issues at all on ISC

nitro2879 · May 20, 2025, 04:09:18 AM

There's another post on this forum detailing the same issue. It appears the firewall rules are not being created automatically, even after a reboot or reload of the firewall rules.

The Friendly Ghost · May 20, 2025, 07:57:46 AM

Quote from: nitro2879 on May 20, 2025, 04:09:18 AMThere's another post on this forum detailing the same issue. It appears the firewall rules are not being created automatically, even after a reboot or reload of the firewall rules.

I have found this one now indeed https://forum.opnsense.org/index.php?msg=237255
It seems that indeed the IPv4 rules for DHCP are not added if you have 'All' selected as interfaces, if you select the specific interfaces, they do get added.

Vexz · May 20, 2025, 05:39:46 PM

Quote from: Javier® on May 19, 2025, 09:01:02 PMHello, what static IP do you have on LAN and network mask?

Only the OPNsense itself (10.0.0.1).

Quote from: julsssark on May 19, 2025, 09:27:38 PMAre you seeing any blocked DHCP traffic on the LAN interface in Firewall->Live View?

No

Quote from: The Friendly Ghost on May 20, 2025, 07:57:46 AM
Quote from: nitro2879 on May 20, 2025, 04:09:18 AMThere's another post on this forum detailing the same issue. It appears the firewall rules are not being created automatically, even after a reboot or reload of the firewall rules.
I have found this one now indeed https://forum.opnsense.org/index.php?msg=237255
It seems that indeed the IPv4 rules for DHCP are not added if you have 'All' selected as interfaces, if you select the specific interfaces, they do get added.

I just noticed that too, but that didn't help either. I see the rules on my LAN interface, but restarting the packet filter didn't help to fix this.

Edit:
For some reason it took a while. My Android client finally has an IPv4 lease. I really don't know why it took a few minutes.

Edit 2:
I noticed something, that might help to find the issue here:
In the general settings tab of dnsmasq DHCP, when no interface is selected, it says "All". This is misleading. When you click on "Select All" right below that menu, it lists all the selected interfaces, but doesn't just say "All". This is what tricked me into believing that DHCP will work on my LAN interface.

The Friendly Ghost · May 21, 2025, 02:37:39 AM

Quote from: Vexz on May 20, 2025, 05:39:46 PMEdit 2:
I noticed something, that might help to find the issue here:
In the general settings tab of dnsmasq DHCP, when no interface is selected, it says "All". This is misleading. When you click on "Select All" right below that menu, it lists all the selected interfaces, but doesn't just say "All". This is what tricked me into believing that DHCP will work on my LAN interface.

I think this is the most misleading part indeed, since after changing that is also worked for me.

I also had the annoyance of IPv6 not working because ISC DHCP6 was doing its thing and I couldn't find how to disable that.
But that's the setting "Allow manual adjustment of DHCPv6 and Router Advertisements". Which is tricky to find if you don't know/remember it is there, in my opinion.

dnsmasq DHCP on 25.1.7: IPv6 works, but no IPv4 addresses

Vexz

May 19, 2025, 05:35:49 PM

dinguz

May 19, 2025, 06:50:48 PM #1

Vexz

May 19, 2025, 08:14:32 PM #2

Javier®

May 19, 2025, 09:01:02 PM #3

julsssark

May 19, 2025, 09:27:38 PM #4

nitro2879

May 19, 2025, 11:17:18 PM #5

The Friendly Ghost

May 20, 2025, 03:26:03 AM #6

nitro2879

May 20, 2025, 04:09:18 AM #7

The Friendly Ghost

May 20, 2025, 07:57:46 AM #8

Vexz

May 20, 2025, 05:39:46 PM #9 Last Edit: May 20, 2025, 05:59:48 PM by Vexz

The Friendly Ghost

May 21, 2025, 02:37:39 AM #10