dhclient issues 14.3

D

DingoFnBaby

I had initially thought this might be related to OPNSense, but I've found dhclient is not installing the default gateway under *certain circumstances*.

The circumstances are using a netgear cable modem and getting double DHCP. Apparently initially the netgear device (CM2000) hands out an RFC1918 address, along with default gateway. Right afterwards, the cableco offers a public ipv4 on a /23, and while the address changes, the default gateway does not.

It seems like something's happening slightly out of sequence on the second (and final) public IP DHCP, where the default gateway is in fact, not getting installed.

The workaround is that I ssh into the system from a different local interface and manually set the default gateway using "route add" - it's very easy to do, but also very mandatory on every reboot.

Code: 
<13>1 2025-07-25T18:32:54+00:00 OPNsense.localdomain dhclient 25176 - [meta sequenceId="353"] dhclient-script: Reason PREINIT on igc0 executing
<13>1 2025-07-25T18:32:54+00:00 OPNsense.localdomain dhclient 28704 - [meta sequenceId="354"] dhclient-script: Reason EXPIRE on igc0 executing
<13>1 2025-07-25T18:32:54+00:00 OPNsense.localdomain dhclient 32152 - [meta sequenceId="355"] dhclient-script: Reason PREINIT on igc0 executing
<13>1 2025-07-25T18:32:54+00:00 OPNsense.localdomain dhclient 34599 - [meta sequenceId="356"] dhclient-script: Reason ARPSEND on igc0 executing
<13>1 2025-07-25T18:32:54+00:00 OPNsense.localdomain dhclient 35609 - [meta sequenceId="357"] dhclient-script: Reason ARPCHECK on igc0 executing
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 36796 - [meta sequenceId="358"] dhclient-script: Reason BOUND on igc0 executing
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 37792 - [meta sequenceId="359"] dhclient-script: New IP Address (igc0): 192.168.100.10
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 38707 - [meta sequenceId="360"] dhclient-script: New Subnet Mask (igc0): 255.255.255.0
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 39854 - [meta sequenceId="361"] dhclient-script: New Broadcast Address (igc0): 192.168.100.255
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 41450 - [meta sequenceId="362"] dhclient-script: New Routers (igc0): 192.168.100.1
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 44951 - [meta sequenceId="363"] dhclient-script: Creating resolv.conf
<13>1 2025-07-25T18:33:56+00:00 OPNsense.localdomain dhclient 56021 - [meta sequenceId="398"] dhclient-script: Reason EXPIRE on igc0 executing
<13>1 2025-07-25T18:33:56+00:00 OPNsense.localdomain dhclient 59211 - [meta sequenceId="399"] dhclient-script: Reason PREINIT on igc0 executing
<13>1 2025-07-25T18:33:56+00:00 OPNsense.localdomain dhclient 62005 - [meta sequenceId="400"] dhclient-script: Reason ARPSEND on igc0 executing
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 63406 - [meta sequenceId="401"] dhclient-script: Reason ARPCHECK on igc0 executing
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 64503 - [meta sequenceId="402"] dhclient-script: Reason BOUND on igc0 executing
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 67460 - [meta sequenceId="403"] dhclient-script: New IP Address (igc0): xxx.xxx.207.105
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 68265 - [meta sequenceId="404"] dhclient-script: New Subnet Mask (igc0): 255.255.254.0
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 69227 - [meta sequenceId="405"] dhclient-script: New Broadcast Address (igc0): xxx.xxx.207.255
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 70453 - [meta sequenceId="406"] dhclient-script: New Routers (igc0): xxx.xxx.206.1
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 73338 - [meta sequenceId="407"] dhclient-script: Creating resolv.conf
I can also leave it untouched for multiple cycles and it doesn't seem to repair itself. Not 100% sure what's breaking but also in the logs I get these two messages (with some context before/after):
Code: 
<13>1 2025-07-25T18:31:51+00:00 OPNsense.localdomain dhclient 57809 - [meta sequenceId="345"] dhclient-script: Reason RENEW on igc0 executing
<13>1 2025-07-25T18:31:51+00:00 OPNsense.localdomain dhclient 59145 - [meta sequenceId="346"] dhclient-script: Creating resolv.conf
<27>1 2025-07-25T18:32:20+00:00 OPNsense.localdomain dhclient 63149 - [meta sequenceId="348"] connection closed
<26>1 2025-07-25T18:32:20+00:00 OPNsense.localdomain dhclient 63149 - [meta sequenceId="349"] exiting.
<13>1 2025-07-25T18:32:54+00:00 OPNsense.localdomain dhclient 25176 - [meta sequenceId="353"] dhclient-script: Reason PREINIT on igc0 executing
<13>1 2025-07-25T18:32:54+00:00 OPNsense.localdomain dhclient 28704 - [meta sequenceId="354"] dhclient-script: Reason EXPIRE on igc0 executing
<13>1 2025-07-25T18:32:54+00:00 OPNsense.localdomain dhclient 32152 - [meta sequenceId="355"] dhclient-script: Reason PREINIT on igc0 executing
Not blaming by any stretch, seems like weird behavior for the cable modem, I'm wondering if there's a way to resolve or if /etc/dhclient.conf can be adjusted to somehow work around this cable modem behavior. My current dhclient.conf is empty aside from comments (no adjustments yet).

FWIW I spent quite a bit of time with FreeBSD and IPFW way back in the day. A little more later with PF, but went away from it for years, stayed near with JunOS, and just came back to non commercialized FreeBSD a few months ago running OPNSense for the home router.

Forgot how much I loved the efficiency of the OS, and the performance of the IP stack / kernel fw :D
 
OPNSense is not supported here. And with FreeBSD the gateway MUST be within the interface's network or it will not be accepted.

Code: 
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 67460 - [meta sequenceId="403"] dhclient-script: New IP Address (igc0): xxx.xxx.207.105
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 68265 - [meta sequenceId="404"] dhclient-script: New Subnet Mask (igc0): 255.255.254.0
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 69227 - [meta sequenceId="405"] dhclient-script: New Broadcast Address (igc0): xxx.xxx.207.255
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 70453 - [meta sequenceId="406"] dhclient-script: New Routers (igc0): xxx.xxx.206.1

You also have to understand, you can only ever have one (1) default gateway. Try to set a default gateway a second time and the system is going to complain about it as it's already been set.
 
SirDice said:
OPNSense is not supported here. And with FreeBSD the gateway MUST be within the interface's network or it will not be accepted.

Code: 
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 67460 - [meta sequenceId="403"] dhclient-script: New IP Address (igc0): xxx.xxx.207.105
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 68265 - [meta sequenceId="404"] dhclient-script: New Subnet Mask (igc0): 255.255.254.0
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 69227 - [meta sequenceId="405"] dhclient-script: New Broadcast Address (igc0): xxx.xxx.207.255
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 70453 - [meta sequenceId="406"] dhclient-script: New Routers (igc0): xxx.xxx.206.1

You also have to understand, you can only ever have one (1) default gateway. Try to set a default gateway a second time and the system is going to complain about it as it's already been set.
Click to expand...
First off, thanks for the reply.

Yes of course, the GW must be reachable via ARP. The interface's network is a /23 netmask, which puts .206 and .207 within broadcast (xxx.xxx.207.255)

Just to be clear is dhclient FreeBSD or is it OPNSense? I understand this isn't an OPNSense support forum. It's referenced in the system log, because of the hostname stamp which should be irrelevant.

If dhclient has received an offer, accepted it, and then on the next cycle receives an offer with new addressing, complete with a new (also connected) default gateway, will it not update the default gateway along with the DHCP address?


The sequence of initial offer, acceptance, binding, down through creation of /etc/resolve.conf, and then subsequent second offer is all in this snippet of `cat system_$date.log | grep dhclient`:
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 37792 - [meta sequenceId="359"] dhclient-script: New IP Address (igc0): 192.168.100.10
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 38707 - [meta sequenceId="360"] dhclient-script: New Subnet Mask (igc0): 255.255.255.0
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 39854 - [meta sequenceId="361"] dhclient-script: New Broadcast Address (igc0): 192.168.100.255
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 41450 - [meta sequenceId="362"] dhclient-script: New Routers (igc0): 192.168.100.1
<13>1 2025-07-25T18:32:55+00:00 OPNsense.localdomain dhclient 44951 - [meta sequenceId="363"] dhclient-script: Creating resolv.conf
<13>1 2025-07-25T18:33:56+00:00 OPNsense.localdomain dhclient 56021 - [meta sequenceId="398"] dhclient-script: Reason EXPIRE on igc0 executing
<13>1 2025-07-25T18:33:56+00:00 OPNsense.localdomain dhclient 59211 - [meta sequenceId="399"] dhclient-script: Reason PREINIT on igc0 executing
<13>1 2025-07-25T18:33:56+00:00 OPNsense.localdomain dhclient 62005 - [meta sequenceId="400"] dhclient-script: Reason ARPSEND on igc0 executing
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 63406 - [meta sequenceId="401"] dhclient-script: Reason ARPCHECK on igc0 executing
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 64503 - [meta sequenceId="402"] dhclient-script: Reason BOUND on igc0 executing
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 67460 - [meta sequenceId="403"] dhclient-script: New IP Address (igc0): xxx.xxx.207.105
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 68265 - [meta sequenceId="404"] dhclient-script: New Subnet Mask (igc0): 255.255.254.0
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 69227 - [meta sequenceId="405"] dhclient-script: New Broadcast Address (igc0): xxx.xxx.207.255
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 70453 - [meta sequenceId="406"] dhclient-script: New Routers (igc0): xxx.xxx.206.1
<13>1 2025-07-25T18:33:57+00:00 OPNsense.localdomain dhclient 73338 - [meta sequenceId="407"] dhclient-script: Creating resolv.conf

"man dhclient" suggests it's FreeBSD:

FreeBSD 14.3-RELEASE-p1 August 1, 2024 FreeBSD 14.3-RELEASE-p1

It looks like the 1st and second offer are 1 minute apart, my question is why is it not setting the 2nd offer's default gateway? I can replicate this on reboot without fail. I haven't tried yet deleting the lease file, it shows the lease history, but the last one and the majority of the entries look like this:

interface "igc0";
fixed-address xxx.xxx.207.105;
option subnet-mask 255.255.254.0;
option time-offset -25200;
option routers xxx.xxx.206.1;
option dhcp-lease-time 86400;
option dhcp-message-type 5;
option dhcp-server-identifier xxx.xxx.xxx.xxx;
option dhcp-renewal-time 48204;
option dhcp-rebinding-time 75600;
renew 2 2025/7/29 01:06:44;
rebind 2 2025/7/29 10:06:44;
expire 2 2025/7/29 13:06:44;

I stripped out time, dns, and log server entries since that would seem to be irrelevant.

I would think the default gateway should be set correctly on the second offer a minute after the first that sets one on it's reachable network.

As far as default gateways go, I understand there can only be one in fib0. I could set alternates in fb1 - n, depending, but I'm not doing that or trying to, strictly in fib0.

The second offer essentially negates the default gateway, since it changes icg0's IP to a completely different (public) subnet.

If it's no longer reachable, I don't understand how the fib withdraws the route, but I assume that works, because when I look at the system there is no default route at all after the second dhclient cycle.

What's not happening is the new default gateway, paired with a new address, isn't getting installed into fib0. I'm at a loss to understand why. I realize also that the reason is "bad" if you will behavior of the cable modem, but also I would think dhcp should update the default gateway since it's *clearly* processing everything else (up through resolve.conf).

Is there ... some sort of way I could further debug dhclient's interaction with fib0?
 
Also, I believe this should be a supported release, as per the forum guidelines:

14.3-RELEASE-p1 FreeBSD 14.3-RELEASE-p1
 
OPNSense is a FreeBSD derivative, none of the derivatives are supported here.

DutchDaemon

Thread 'GhostBSD, pfSense, TrueNAS, and all other FreeBSD Derivatives'

Questions about 'derivative FreeBSDs', like
  • GhostBSD
  • TrueNAS
  • XigmaNAS
  • OPNsense
  • pfSense
  • BSD Router Project
  • NomadBSD
  • helloSystem
  • HardenedBSD
should be asked on the forums and/or mailing lists for these specific products. See below for links.

If you still think your questions should be asked here, beware of the following:

  • To show that you have indeed tried to get a solution from the forum or mailing list of the...
  • Thanks
  • Like
 
You must log in or register to reply here.
Back
Top