This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCPC timeout insufficient

Without getting into the why, the default of 20 seconds is too short for my needs.  I need to bump this to 60 sec.

utm:/root # cat /var/sec/chroot-dhcpc/etc/eth4.conf
interface "eth4" {
        timeout 20;
        retry 60;
        script "/usr/sbin/dhcp_updown.plx";
        request subnet-mask, broadcast-address, time-offset,
           routers, domain-name, domain-name-servers, host-name,
           domain-search, nis-domain, nis-servers,
           ntp-servers, interface-mtu;

}

 

How can this be done so it survives reboots?  For now I have another cronjob that runs 2 min after boot and every hour to check and adjust the timeout value if needed.  This seems kludgy and adds another layer or complication. Didn't find anywhere to configure this in the UI. Is there another script to edit?



This thread was automatically locked due to age.
Parents
  • What problem occurs if the timeout isn't longer?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • You just have to open pandora's box :).  In short, I get no connectivity.

    Long version follows:

    Context is this - https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/111868/at-t-fiber-uverse-gateway-elimination

    If the wan cable gets unplugged, it takes 30-40 seconds for 802.1x authentication to occur.  During this time, dhcp is trying to renew but can't because internet is blocked until authentication completes successfully.  Eventually it fails and falls back on the last assigned IP until that lease expires.  This is fine, except there's no internet connectivity when this fallback happens.

    2019:04:08-21:57:45 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 3
    2019:04:08-21:57:48 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:08-21:57:56 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 7
    2019:04:08-21:58:03 utm dhclient: No DHCPOFFERS received.
    2019:04:08-21:58:03 utm dhclient: Trying recorded lease 1.2.3.4
    2019:04:08-21:58:03 utm dhclient: bound: renewal in 1579 seconds.

    When the timeout is increased, it looks like this - 16:39:16 is when I disconnected/reconnected the wan cable.  1.2.3.4 is public ip, 9.1.1.1 is upstream isp dhcp server.  So about 36 seconds. 

    2019:04:09-16:39:16 utm dhclient: Killed old client process
    2019:04:09-16:39:17 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:20 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:20 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:27 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:35 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:09-16:39:43 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 9
    2019:04:09-16:39:52 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:09-16:39:52 utm dhclient: DHCPOFFER of 1.2.3.4 from 9.1.1.1
    2019:04:09-16:39:52 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:52 utm dhclient: DHCPACK of 1.2.3.4 from 9.1.1.1
    2019:04:09-16:39:52 utm dhclient: bound to 1.2.3.4 -- renewal in 1723 seconds.

    The watchdog script for the wpa_supplicant process runs every 10 minutes to ensure the process is running and responding, and to perform a wan dhcp renew if there's no net connectivity.  So at worst internet would be down for 10 minutes until the script runs again.

Reply
  • You just have to open pandora's box :).  In short, I get no connectivity.

    Long version follows:

    Context is this - https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/111868/at-t-fiber-uverse-gateway-elimination

    If the wan cable gets unplugged, it takes 30-40 seconds for 802.1x authentication to occur.  During this time, dhcp is trying to renew but can't because internet is blocked until authentication completes successfully.  Eventually it fails and falls back on the last assigned IP until that lease expires.  This is fine, except there's no internet connectivity when this fallback happens.

    2019:04:08-21:57:45 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 3
    2019:04:08-21:57:48 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:08-21:57:56 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 7
    2019:04:08-21:58:03 utm dhclient: No DHCPOFFERS received.
    2019:04:08-21:58:03 utm dhclient: Trying recorded lease 1.2.3.4
    2019:04:08-21:58:03 utm dhclient: bound: renewal in 1579 seconds.

    When the timeout is increased, it looks like this - 16:39:16 is when I disconnected/reconnected the wan cable.  1.2.3.4 is public ip, 9.1.1.1 is upstream isp dhcp server.  So about 36 seconds. 

    2019:04:09-16:39:16 utm dhclient: Killed old client process
    2019:04:09-16:39:17 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:20 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:20 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:27 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:35 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:09-16:39:43 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 9
    2019:04:09-16:39:52 utm dhclient: DHCPDISCOVER on eth4 to 255.255.255.255 port 67 interval 8
    2019:04:09-16:39:52 utm dhclient: DHCPOFFER of 1.2.3.4 from 9.1.1.1
    2019:04:09-16:39:52 utm dhclient: DHCPREQUEST for 1.2.3.4 on eth4 to 255.255.255.255 port 67
    2019:04:09-16:39:52 utm dhclient: DHCPACK of 1.2.3.4 from 9.1.1.1
    2019:04:09-16:39:52 utm dhclient: bound to 1.2.3.4 -- renewal in 1723 seconds.

    The watchdog script for the wpa_supplicant process runs every 10 minutes to ensure the process is running and responding, and to perform a wan dhcp renew if there's no net connectivity.  So at worst internet would be down for 10 minutes until the script runs again.

Children
No Data