Hello everyone!
Here's a mystery! I usually can figure these out, but I am stumped on this one! I upgraded my 11-STABLE router to 12-STABLE. Everything continues to function! Briefly, it has this setup:
pf firewall serves NAT
Serves wi-fi with hostapd 2.7
bridges wired and wireless (lan0 and wlan0) as bridge0
- I have this set: net.link.bridge.pfil_member=0
- pf performs NAT on bridge0
Runs DHCP with isc-dhcpd44-server
Functions flawlessly (like 11.2), though it seems to run spotty at times.
Windows wi-fi clients and other devices are able to associate with the network and pull IP from DHCP and do all normal Windows things.
FreeBSD 11.2 and 12 wi-fi clients are able to associate but not pull IP from DHCP?
These kinds of updates always bring such mysteries! The last one I had was with net/if_bridge features removed (fastforwarding?), and before that a new net.link.bridge.pfil_member tunable was added that broke things between updates.
What I have tried:
On the FreeBSD router:
I ran dhcpd with -d and observed it "seeing" requests and offering IPs back to the FreeBSD client.
I ran tcpdump -i bridge0 -v and watched BOOTPS/BOOTPC/DHCP request and reply packets pass.
I ran tcpdump -i wlan0 -v and watched BOOTPS/BOOTPC/DHCP request and reply packets pass.
I modified block rules to log in /etc/pf.conf and reloaded firewall rules and ran tcpdump -i pflog0 -v and observed no BOOTPS/BOOTPC/DHCP packets blocked. I even added some firewall rules to ensure DHCP packets really pass that I found DutchDaemon had posted here a long time ago!
On FreeBSD 11.2 and 12 clients:
I connected to the LAN by ethernet cable and observed that I could get an IP with dhclient.
Using system wpa_supplicant and wpa_supplicant 2.7, I successfully associated with the router using:
- AR9285-based Atheros card (if_ath).
- USB realtek wi-fi adapter with either if_urtwn (11.2) or if_rtwn (12.0)
In both cases, I ran tcpdump -i wlan0 -v and observed outbound BOOTPS/BOOTPC/DHCP requests as well as NETBIOS chatter from Windows systems on the LAN. I saw no BOOTPS/BOOTPC/DHCP replies from the server.
If I had to guess, FreeBSD net80211 clients in both 11.2 and 12.0 are dropping my DHCP replies from a FreeBSD 12 router! This didn't happen with the FreeBSD 11 router! Any ideas?
In summary:
tcpdump and dhcpd both confirm that BOOTPC/BOOTPS/DHCP request/reply packets are passing on the bridge and member wireless interface on the router.
FreeBSD 11.2 and 12.0 wireless clients can associate and tcpdump confirms that it is seeing LAN traffic (NETBIOS) and outgoing DHCP requests but no DHCP replies.
Windows clients and other devices still operate correctly with the FreeBSD 12 router.
Here's a mystery! I usually can figure these out, but I am stumped on this one! I upgraded my 11-STABLE router to 12-STABLE. Everything continues to function! Briefly, it has this setup:
pf firewall serves NAT
Serves wi-fi with hostapd 2.7
bridges wired and wireless (lan0 and wlan0) as bridge0
- I have this set: net.link.bridge.pfil_member=0
- pf performs NAT on bridge0
Runs DHCP with isc-dhcpd44-server
Functions flawlessly (like 11.2), though it seems to run spotty at times.
Windows wi-fi clients and other devices are able to associate with the network and pull IP from DHCP and do all normal Windows things.
FreeBSD 11.2 and 12 wi-fi clients are able to associate but not pull IP from DHCP?
These kinds of updates always bring such mysteries! The last one I had was with net/if_bridge features removed (fastforwarding?), and before that a new net.link.bridge.pfil_member tunable was added that broke things between updates.
What I have tried:
On the FreeBSD router:
I ran dhcpd with -d and observed it "seeing" requests and offering IPs back to the FreeBSD client.
I ran tcpdump -i bridge0 -v and watched BOOTPS/BOOTPC/DHCP request and reply packets pass.
I ran tcpdump -i wlan0 -v and watched BOOTPS/BOOTPC/DHCP request and reply packets pass.
I modified block rules to log in /etc/pf.conf and reloaded firewall rules and ran tcpdump -i pflog0 -v and observed no BOOTPS/BOOTPC/DHCP packets blocked. I even added some firewall rules to ensure DHCP packets really pass that I found DutchDaemon had posted here a long time ago!
On FreeBSD 11.2 and 12 clients:
I connected to the LAN by ethernet cable and observed that I could get an IP with dhclient.
Using system wpa_supplicant and wpa_supplicant 2.7, I successfully associated with the router using:
- AR9285-based Atheros card (if_ath).
- USB realtek wi-fi adapter with either if_urtwn (11.2) or if_rtwn (12.0)
In both cases, I ran tcpdump -i wlan0 -v and observed outbound BOOTPS/BOOTPC/DHCP requests as well as NETBIOS chatter from Windows systems on the LAN. I saw no BOOTPS/BOOTPC/DHCP replies from the server.
If I had to guess, FreeBSD net80211 clients in both 11.2 and 12.0 are dropping my DHCP replies from a FreeBSD 12 router! This didn't happen with the FreeBSD 11 router! Any ideas?
In summary:
tcpdump and dhcpd both confirm that BOOTPC/BOOTPS/DHCP request/reply packets are passing on the bridge and member wireless interface on the router.
FreeBSD 11.2 and 12.0 wireless clients can associate and tcpdump confirms that it is seeing LAN traffic (NETBIOS) and outgoing DHCP requests but no DHCP replies.
Windows clients and other devices still operate correctly with the FreeBSD 12 router.