Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 1318 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCPC timeout insufficient

Jay Jay

Without getting into the why, the default of 20 seconds is too short for my needs.  I need to bump this to 60 sec.

utm:/root # cat /var/sec/chroot-dhcpc/etc/eth4.conf
interface "eth4" {
        timeout 20;
        retry 60;
        script "/usr/sbin/dhcp_updown.plx";
        request subnet-mask, broadcast-address, time-offset,
           routers, domain-name, domain-name-servers, host-name,
           domain-search, nis-domain, nis-servers,
           ntp-servers, interface-mtu;

}

 

How can this be done so it survives reboots?  For now I have another cronjob that runs 2 min after boot and every hour to check and adjust the timeout value if needed.  This seems kludgy and adds another layer or complication. Didn't find anywhere to configure this in the UI. Is there another script to edit?



This thread was automatically locked due to age.
  • 0

    What problem occurs if the timeout isn't longer?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    You just have to open pandora's box :).  In short, I get no connectivity.

    Long version follows:

    Context is this - https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/111868/at-t-fiber-uverse-gateway-elimination

    If the wan cable gets unplugged, it takes 30-40 seconds for 802.1x authentication to occur.  During this time, dhcp is trying to renew but can't because internet is blocked until authentication completes successfully.  Eventually it fails and falls back on the last assigned IP until that lease expires.  This is fine, except there's no internet connectivity when this fallback happens.

    2019:04:08-21:57:45 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 3
    2019:04:08-21:57:48 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:08-21:57:56 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 7
    2019:04:08-21:58:03 utm dhclient: No DHCPOFFERS received.
    2019:04:08-21:58:03 utm dhclient: Trying recorded lease 1.2.3.4
    2019:04:08-21:58:03 utm dhclient: bound: renewal in 1579 seconds.

    When the timeout is increased, it looks like this - 16:39:16 is when I disconnected/reconnected the wan cable.  1.2.3.4 is public ip, 9.1.1.1 is upstream isp dhcp server.  So about 36 seconds. 

    2019:04:09-16:39:16 utm dhclient: Killed old client process
    2019:04:09-16:39:17 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:20 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:20 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:27 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:35 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:09-16:39:43 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 9
    2019:04:09-16:39:52 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:09-16:39:52 utm dhclient: DHCPOFFER of 1.2.3.4 from 9.1.1.1
    2019:04:09-16:39:52 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:52 utm dhclient: DHCPACK of 1.2.3.4 from 9.1.1.1
    2019:04:09-16:39:52 utm dhclient: bound to 1.2.3.4 -- renewal in 1723 seconds.

    The watchdog script for the wpa_supplicant process runs every 10 minutes to ensure the process is running and responding, and to perform a wan dhcp renew if there's no net connectivity.  So at worst internet would be down for 10 minutes until the script runs again.

  • 0

    You're right, Jay, I don't see any easier way to do it - nothing in the GUI and nothing in the related objects or settings to manipulate with cc.

    I see the problem - I thought AT&T business service was better than that!

    You know, I wonder if this might not be related to a problem I've seen before with AT&T fiber and Cisco routers.  We had to go to fixed speed & duplex on the UTM and the Cisco - see #7.7 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    The service in question is att home service, symmetrical gigabit plan.  I'm connecting to it in an unsupported way.  I see no point in using their gateway box when a direct connection between utm and the ont is possible.  Most of the folks over on dslr are doing the same with pfsense where control over the setting I'm having issues with is possible directly.

    I don't think the issue is duplex or speed.  There are no user adjustable settings on the ONT.  Once the wan cable is unplugged/replugged, the ont requires 802.1x authentication before data can flow. This is confusing utm because it sees an interface that's up, so dhcp client tries to renew.  The only other work around is to somehow add a delay before dhcp attempts are made.  I see no easy way to do this.

    Even if forced to 1000baseT/full, it takes almost 40 seconds before successful dhcp renewal can occur.

    Even with all of these issues, this is still better than the method used before, which if the service went down or was rebooted further upstream would require manual intervention on my part to regain connectivity.

Unfiltered HTML