This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to obtain DHCP lease through bridged VDSL modem

Hi there:

I could really use some suggestions.  Been running the home version of UTM 9 (Firmware version: 9.405-5) for a few months now with no issues.  My WAN connection on eth1 had been an ADSL using PPPoE, but this last weekend I finally got bumped up to a VDSL line using DHCP rather than PPPoE.  When I changed my WAN int to reflect this, I could not get a response to my DHCPDISCOVER packets.  The DSL modem I am using was placed in bridged mode, and when I use a laptop or a Cisco (Linksys) router configured for DHCP, I have no issues.  My troubleshooting so far is as follows:

  • Spoofing the MAC of the VDSL modem has no effect.
  • Rebooting has no effect.
  • Replacing the NIC with an older Intel 10/100 card had no effect.
  • Sending vendor-class-identifier to MSFT 5.0 in the DISCOVER packet:  no effect.
  • Doing a full factory reset, while making me redo all my rules and config did not fix the issue.
  • Temporarily flushed the iptables and set to accept, still no obtaining of the lease.

Here's the thing:  When I boot the machine with a Debian Live CD I have no issue temporarily editing its /etc/network/interfaces, setting the very same NIC to DHCP, ifup eth1 and bang, I'm connected fine.  In my mind this shows that my ISP is not doing something weird against Linux boxes, and that UTM is the issue.  When I do a tcpdump on the WAN interface, I can see the response packet from the ISP, Wiresharked the capture and verified its a good response, but UTM seems to be blocking or ignoring it.  I am at a loss.

As it stands, for the last few days I've been booting into the LiveCD to accept the lease, then reboot back into UTM and set the interface as static with the info from the ISP.  Their lease expires every 24 hours, at which time our Internet connection is dead until I do this process again.

Please help, I'd rather stay on UTM then go back to managing my firewall on a Debian build with scripts like I've done for the past 10 years.  Thanks to any and all who read this and might assist.

Grant



This thread was automatically locked due to age.
Parents
  • Hi Grant,

    It is a bug NUTM-3490 and unfortunately, it is unresolved yet. The problem is that the default route is not set after the lease renewal.

    I really wished that I could have helped you achieve a solution on this matter.  An easier alternative to get connected after the lease is renewed is to enable/disable the bridge interface.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • Hi Grant,

    It is a bug NUTM-3490 and unfortunately, it is unresolved yet. The problem is that the default route is not set after the lease renewal.

    I really wished that I could have helped you achieve a solution on this matter.  An easier alternative to get connected after the lease is renewed is to enable/disable the bridge interface.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
  • Thank you very much for the response.  If I'm indeed running into a bug, then I hope for a speedy resolution.  Regarding your suggested workaround about "enable/disable the bridge interface" are you meaning just to disable/enable my WAN interface eth1?  The issue is that the DHCP response packet appears ignored by UTM and it continues to broadcast discovery, to which the ISP responds and is ignored.  Until the DHCP process completes successfully, I cannot push traffic through to the ISP, and if I use another device to do the DHCP lease, it gets bound to that device's MAC and I can't just then have the UTM usurp the IP address that was assigned via DHCP (I've tried unsuccessfully to do this).  

    Apologies if I am not understanding your suggestion as I would love a workaround that doesn't involve booting the UTM into another O/S just to get a DHCP lease.

  • Hi Grant,

    We will definitely try to get this resolved from the Dev. Team. Yes, simply disable/enable the WAN eth1 interface, I think that should work.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • As mentioned, this does not in any way work once the lease expires.  As a courtesy even though I'd tried this in the past, I can confirm 100% last night that disable/enable of the WAN interface as no effect after the DHCP has expired.  I must boot the same box into another O/S to renew the lease against the MAC as apparently there is no way I can through the UTM 9.  I will look to any bug fix, and am comfortable with deploying any beta for testing purposes for the devs.

    Grant