This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM Wifi DHCP does not assign adresses

Our Sophos UTM SG135 Release 9.711-5  currently does not assign DHCP adresses to devices on a certain Wifi network (sperate zone, only access to Internet, no access to other networks).

Devices only get APIPA adresses in the end, strangely a tcdump shows that no packets for dhcp negotiation were received.

Assigning proper IP adresses (from the pool of the adresses which the DHCP server should assign) to the devices on the devices by hand is working, Wifi connection works as intended.

The Wifi network is assign to AP15.

We already tried:

  • a reboot of the UTM,
  • removed and reassigned the Access Point,
  • re-made the DHCP server for that network
  • compared this Wifi to others, identical Wifi setups on different UTMs with the same settings, no difference
  • disabled and enabled Client Separation
  • and tried to look up "system dhcp static-entry-scope show", but that command seemingly only exists for XG firewalls, not for UTMs.

These are our settings, for DHCP server, the Wifi itself and the corresponding Firewall rule:



This thread was automatically locked due to age.
  • What are your DHCP logs showing you?  Are you sure that you aren't using this scope elsewhere?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • DHCP logs

    deactivation of DHCP server for RG-wlan-Handy:

    2022:08:12-08:08:28 nl-ost dhcpd: Internet Systems Consortium DHCP Server 4.4.1
    2022:08:12-08:08:28 nl-ost dhcpd: Copyright 2004-2018 Internet Systems Consortium.
    2022:08:12-08:08:28 nl-ost dhcpd: All rights reserved.
    2022:08:12-08:08:28 nl-ost dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    2022:08:12-08:08:28 nl-ost dhcpd: Config file: /etc/dhcpd.conf
    2022:08:12-08:08:28 nl-ost dhcpd: Database file: /var/state/dhcp/dhcpd.leases
    2022:08:12-08:08:28 nl-ost dhcpd: PID file: /var/run/dhcpd.pid
    2022:08:12-08:08:28 nl-ost dhcpd: Internet Systems Consortium DHCP Server 4.4.1
    2022:08:12-08:08:28 nl-ost dhcpd: Copyright 2004-2018 Internet Systems Consortium.
    2022:08:12-08:08:28 nl-ost dhcpd: All rights reserved.
    2022:08:12-08:08:28 nl-ost dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    2022:08:12-08:08:28 nl-ost dhcpd: Wrote 0 leases to leases file.
    2022:08:12-08:08:28 nl-ost dhcpd: Listening on LPF/wlan3/00:1a:8c:0a:54:03/192.168.18.0/24
    2022:08:12-08:08:28 nl-ost dhcpd: Sending on LPF/wlan3/00:1a:8c:0a:54:03/192.168.18.0/24
    2022:08:12-08:08:28 nl-ost dhcpd: Listening on LPF/wlan0/00:1a:8c:0a:0f:00/192.168.16.0/24
    2022:08:12-08:08:28 nl-ost dhcpd: Sending on LPF/wlan0/00:1a:8c:0a:0f:00/192.168.16.0/24
    2022:08:12-08:08:28 nl-ost dhcpd: Sending on Socket/fallback/fallback-net
    2022:08:12-08:08:28 nl-ost dhcpd: Server starting service.

    reactivation of DHCP server for RG-wlan-Handy:

    2022:08:12-08:09:18 nl-ost dhcpd: Internet Systems Consortium DHCP Server 4.4.1
    2022:08:12-08:09:18 nl-ost dhcpd: Copyright 2004-2018 Internet Systems Consortium.
    2022:08:12-08:09:18 nl-ost dhcpd: All rights reserved.
    2022:08:12-08:09:18 nl-ost dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    2022:08:12-08:09:18 nl-ost dhcpd: Config file: /etc/dhcpd.conf
    2022:08:12-08:09:18 nl-ost dhcpd: Database file: /var/state/dhcp/dhcpd.leases
    2022:08:12-08:09:18 nl-ost dhcpd: PID file: /var/run/dhcpd.pid
    2022:08:12-08:09:18 nl-ost dhcpd: Internet Systems Consortium DHCP Server 4.4.1
    2022:08:12-08:09:18 nl-ost dhcpd: Copyright 2004-2018 Internet Systems Consortium.
    2022:08:12-08:09:18 nl-ost dhcpd: All rights reserved.
    2022:08:12-08:09:18 nl-ost dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    2022:08:12-08:09:18 nl-ost dhcpd: Wrote 0 leases to leases file.
    2022:08:12-08:09:18 nl-ost dhcpd: Listening on LPF/wlan3/00:1a:8c:0a:54:03/192.168.18.0/24
    2022:08:12-08:09:18 nl-ost dhcpd: Sending on LPF/wlan3/00:1a:8c:0a:54:03/192.168.18.0/24
    2022:08:12-08:09:18 nl-ost dhcpd: Listening on LPF/wlan2/00:1a:8c:0a:3f:02/192.168.12.0/24
    2022:08:12-08:09:18 nl-ost dhcpd: Sending on LPF/wlan2/00:1a:8c:0a:3f:02/192.168.12.0/24
    2022:08:12-08:09:18 nl-ost dhcpd: Listening on LPF/wlan0/00:1a:8c:0a:0f:00/192.168.16.0/24
    2022:08:12-08:09:18 nl-ost dhcpd: Sending on LPF/wlan0/00:1a:8c:0a:0f:00/192.168.16.0/24
    2022:08:12-08:09:18 nl-ost dhcpd: Sending on Socket/fallback/fallback-net
    2022:08:12-08:09:18 nl-ost dhcpd: Server starting service.

    Connecting a wifi client to RG-wlan-Handy:
    -> no entries in the log

    seemingly the clients dont even try to get an adress or the packets get dropped on the way to the DHCP but the firewall log does not show that.

    We also disabled IPS but that did not help either.

    This wifi, with the same name and same configuration, is used on other APs and firewalls throughout our company on several different physical locations for ease of use, these work without a problem. Clients trying to connect to the malfunctioning wifi have never been connected to those other wifis.

    Another thing we found later in the log:

    2022:08:12-08:48:37 nl-ost dhcpd: Server starting service.

    #2022:08:12-08:48:54 nl-ost dhcpd: receive_packet failed on wlan3: Network is down

    2022:08:12-08:48:54 nl-ost dhcpd: receive_packet failed on wlan2: Network is down

    2022:08:12-08:48:54 nl-ost dhcpd: receive_packet failed on wlan0: Network is down

    But the network is not reported as down, at least not in the network UI.

  • Are there DHCP-reservations within another lease ... for the non-working devices?
    There is/was a problem with XG related to this problem... Possible with SG too..


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Test notebook has a DHCP reservation for the other non-wifi NIC but none for that wifi NIC. Problem is not confined to one device, it is for all devices wether they are notebooks, smartphones with no earlier connection to that wifi or any company wifi.

  • I wonder if this could be related to being in the Separate Zone configuration and MTU settings on endpoint devices, like we were discussing HERE.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • we neither use unmanaged switches nor UTM on AWS. Would be great if I had an idea on how to tell an iPhone or guest user to change their MTU before they can use the wifi.