Clearing DHCP Lease Causes subnets to drop and Configuration Loss

Started by machine3532, Today at 06:10:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 06:10:59 AM
Hi everyone,

I've been experiencing a persistent issue with OPNsense for over a year and am finally getting around to posting about it.

One day while at work, I remotely cleared the DHCP lease on my home network (using OPNsense), and immediately afterward, the firewall went offline. When I got home to troubleshoot, I discovered that my WAN and LAN interfaces had somehow swapped. This seems to be a default behavior I've noticed before—OPNsense sometimes defaults to using igc1 as WAN instead of igc0, so I always manually correct it to use igc0 for WAN. This appears to be different for each firewall, I have an 8 port firewall that doesn't swap interfaces.

While WAN and LAN still functioned properly after the incident (along with associated rules and DHCP reservations), all of my other subnets and my WireGuard tunnel dropped. Worse, I lost the configuration for those subnets, including many DHCP reservations for my server VLAN/subnet.

In our work, one of the common practices is to clear DHCP leases and power cycle the routers. However, we've seen this issue repeatedly with customers using OPNsense, someone clears the lease while the firewall is running, and it leads to significant problems, including lost configurations and interface issues.

Unfortunately, many of my coworkers don't realize that OPNsense firewalls are sensitive to this, so the problem keeps recurring.

My questions:
Is this considered a known bug or limitation with OPNsense?
Is there any way to prevent loss of subnets or configuration loss when clearing leases?

Any guidance or advice would be greatly appreciated. I'd really like to help prevent this from happening to other users and our customers.

Thanks in advance!
Today at 06:17:58 AM #1 Last Edit: Today at 06:23:47 AM by hharry
Perhaps you can give some more information.

1. i assume you means DHCP server leases ?
2. which DHCP server are you using, ISC ?, Kea?, or DNSmasq ?
3. what method are you using to clear the leases ?


It seems a bit unusual that you'd be manually clearing DHCP leases, as both ISC and Kea do reasonably good job at managing DHCP leases...What is/are the reson(s) for clearing the DHCP leases in the first place ?

I have a lot more multi year experience with ISC DHCPd, on multiple different platforms, and never had any reasons to manually clear DHCP leases...ISC DHCP failover can be a little quirky, but once you realize it's requirements, can easily satisfy it's quirkiness

Kea is a recent development, but so far it seems more aggressive in managing DHCP leases, but still operational...
OPNsense 25.7.1_1-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, sftp-backup plugins. limited kea DHCP server deployment.
Today at 11:49:20 AM #2 Last Edit: Today at 12:02:03 PM by machine3532
Sorry for not being clear. This is the DHCP lease provided by the ISP that the WAN interface gets from the ISP's DHCP server, I used ICS up until this weekend, then I switched to dnsmasq. I can ask my ISP to clear my DHCP lease while my system is running to verify if this is still an issue. I work for an ISP and have noticed this issue on customer firewalls as well.
Print
Go Up Pages1
User actions