pfsense dropping IP on restarts

[chimkenlittle]

So this is a strange one for me, I switched to a homemade pfsense router to replace my service providers one mostly just to learn more than for necessity. Now my apartment has coax with 1gb speeds, this goes into the provided router that is in bridge mode, cat 6 to the pfsense box (vers. 2.6.0)  which has a micro itx board with two 1gb ports, second port goes into a basic netgear 5 port unmanaged switch. Now attached to the switch is my gaming pc, "nas" pc (two where I'm having the issues), an apple airport extreme, and some other unimportant devices. 

 

Now to the issue, almost every night when I start up my either of my pcs they are no longer connected to the internet despite having ethernet to the switch. Now the only ways I have found to solve this issue are, sometimes if i do windows network troubleshooter it will connect once it resets the connection (only about 20% of the time though), or to consistently reconnect every time I have to unplug my ethernet connection from the switch and into the airport extreme. Once the connection is established through the airport I then have to quickly reconnect the cable to the switch. After that it works with no issues, until I turn the pc back on the next day. The times that the windows troubleshooter fails to fix the issue the error it displays is along the lines of "this computer doesn't have a valid ip address" I don't remember exactly what it says since I am currently connected lol.

 

Now so far I have tried to assign a static IP and done a fresh install of pfsense (twice). I am really just unsure of where to go from here. This is my first foray into networking type things after getting a pc in December so I do apologize if the answer is either obvious or my explanation of the issue is bad. I attached a diagram of my network in case my explanation was bad.

 

TLDR: no ip being assigned... I think

[Denniz]

So basically you dont get an ip from the LAN? WHat subnet and ip range do you have?

[chimkenlittle]

 

27 minutes ago, Denniz said:

So basically you dont get an ip from the LAN? WHat subnet and ip range do you have?

Yeah I get no IP from LAN, sometimes. I am using just the default 192.168.1.x

[Kilrah]

You did disable DHCP on that airport extreme, right? And connect it to the switch via a LAN port, not WAN?

[chimkenlittle]

10 minutes ago, Kilrah said:

You did disable DHCP on that airport extreme, right? And connect it to the switch via a LAN port, not WAN?

Yeah the Airport has no issues at all with connections, that's what I quickly move the ethernet connections to when they drop from the switch.

[Kilrah]

4 minutes ago, chimkenlittle said:

Yeah the Airport has no issues at all with connections, that's what I quickly move the ethernet connections to when they drop from the switch.

That's not the point, if you didn't disable the DHCP server on it sometimes it will be the one your PC gets an answer from first when requesting an address and it will thus get it from the airport instead of the router, which could cause exactly what you're seeing.

[chimkenlittle]

7 minutes ago, Kilrah said:

That's not the point, if you didn't disable the DHCP server on it sometimes it will be the one your PC gets an answer from first when requesting an address and it will thus get it from the airport instead of the router, which could cause exactly what you're seeing.

"Connection Sharing: Off (Bridge Mode)" So yes

[Falcon1986]

@chimkenlittle

 

1. What is the make/model of this “bridge mode router”?
2. What local/LAN IP range is it on?
3. Is the pfSense’s WAN set to obtain an IP address from DHCP or static?

[chimkenlittle]

7 hours ago, Falcon1986 said:

@chimkenlittle

 

1. What is the make/model of this “bridge mode router”?
2. What local/LAN IP range is it on?
3. Is the pfSense’s WAN set to obtain an IP address from DHCP or static?

1. hitron coda 4582

2. pfsense gives out 192.168.x.x

3. DHCP

 

 

Also here's a screenshot of the troubleshooter error, was able to capture it when I started up my pc this am

[Ralphred]

10 minutes ago, chimkenlittle said:

screenshot of the troubleshooter error

What useless/missing information, it's almost as if they don't want you to fix it, lol.

Run ipconfig /all in a command line and post the output please.

[chimkenlittle]

6 minutes ago, Ralphred said:

What useless/missing information, it's almost as if they don't want you to fix it, lol.

Run ipconfig /all in a command line and post the output please.

Yeah the troubleshooter has been entirely unhelpful lol, I have just been living with this issue for months and decided top finally ask for help fixing it.

 

here's the ipconfig:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-R5ORPAV
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home.arpa

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home.arpa
   Description . . . . . . . . . . . : Intel(R) Ethernet Controller (3) I225-V
   Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.169(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, August 24, 2022 12:45:02 PM
   Lease Expires . . . . . . . . . . : Wednesday, August 24, 2022 2:45:02 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hitronhub.home
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7265
   Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

[Ralphred]

1 hour ago, chimkenlittle said:

DNS Servers . . . . . . . . . . . : 192.168.1.1

Is this right, you are running a DNS server|proxy|cache on your pfsense machine? and the pfsense machine is on 192.168.1.1?

DNS errors do make sense, windows uses that to "prove" an interwebs connection.

 

12 hours ago, chimkenlittle said:

Yeah the Airport has no issues at all with connections, that's what I quickly move the ethernet connections to when they drop from the switch.

So, you switch on the wireless, get some IP info, then switch back to ethernet? or the Airport has switch ports you move the ethernet to? 

I'm not that familiar with the hardware.

[chimkenlittle]

27 minutes ago, Ralphred said:

Is this right, you are running a DNS server|proxy|cache on your pfsense machine? and the pfsense machine is on 192.168.1.1?

DNS errors do make sense, windows uses that to "prove" an interwebs connection.

 

So, you switch on the wireless, get some IP info, then switch back to ethernet? or the Airport has switch ports you move the ethernet to? 

I'm not that familiar with the hardware.

Sorry I’m new to all this so I’m not sure how to answer the first question. I think it’s a yes. But if you could dumb down the question I could hopefully answer it better. 
 

As for the second question yeah I use the Airports built in Ethernet ports to get the IP info. 

[Ralphred]

47 minutes ago, chimkenlittle said:

Airports built in Ethernet ports to get the IP info.

Cool, so can you post ipconfig /all when it is working, so we can see the difference?

I'm still not convinced it isn't a cable issue at this point, not all RJ45 (ethernet) sockets are created equal, and finding a cable that works in one socket but not another wouldn't be the first time.

 

47 minutes ago, chimkenlittle said:

Sorry I’m new to all this so I’m not sure how to answer the first question.

I'll try and run pfsense up in a VM, get a feel for it ... done 

 

So, yeah, in it's default state you might get dns issues, if you can log into it and use the Diagnostic > DNS Lookup menu option to see if it can resolve stuff on it's own, that's the starting point in my mind.

 

Another Edit: pfsense is rather well though out UI over a BSD backend, I wouldn't use it myself as I route on my server, but it's still quite nice.

[chimkenlittle]

1 hour ago, Ralphred said:

Cool, so can you post ipconfig /all when it is working, so we can see the difference?

Heres ipconfig in the non connected state, a reply of mine higher up has the connected state.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-R5ORPAV
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home.arpa

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home.arpa
   Description . . . . . . . . . . . : Intel(R) Ethernet Controller (3) I225-V
   Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IPv4 Address. . : 169.254.251.121(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hitronhub.home
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7265
   Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . :xx-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

 

 

1 hour ago, Ralphred said:

I'm still not convinced it isn't a cable issue at this point, not all RJ45 (ethernet) sockets are created equal, and finding a cable that works in one socket but not another wouldn't be the first time.

I have been informed that it happens on Wi-Fi too actually so I think a cable is unlikely unless its one of the patch cables from switch -> pfsense or pfsense -> bridge router/modem. I'll change them out for working cables here in a bit just to be sure.

 

 

1 hour ago, Ralphred said:

So, yeah, in it's default state you might get dns issues, if you can log into it and use the Diagnostic > DNS Lookup menu option to see if it can resolve stuff on it's own, that's the starting point in my mind.

So when i type out my 192.168.x.x ip its not resolved but when I type out my public ip or googles 8.8.8.8 or even google.com it has no issues, I haven't used this function before though so maybe I am just using it incorrectly. 

 

1 hour ago, Ralphred said:

pfsense is rather well though out UI over a BSD backend, I wouldn't use it myself as I route on my server, but it's still quite nice.

Also yes, the only reason I went through with trying it was that the UI made it much less daunting for a beginner, which thinking that obviously had its faults for me lol.

[Ralphred]

1 hour ago, chimkenlittle said:

169.254.251.121

So this is a self assigned APIPA address, meaning your computer couldn't reach the DHCP server or it didn't like the reply etc. You said earlier you tried the PC with a static IP and it still didn't work?

We know the DHCP server works because it works when plugged into the Airport, this is firmly in the "hardware error" camp*. Whether that is "pins on an RJ45 crimped down a bit hard" and not making contact with the switches port, or the the swicthport is literally on it's way out (some switch hardware nearly dead). Let the PC run through the Airport for a time, and see if the problem re-occurs, or see if it works on the "spare" LAN port.

 

*Unless you have been adding firewall rules and managed to block the "renew my lease please" traffic but not the "hello can I have an IP please" traffic (it's possible, I've done it) and windows is confused. It's not a managed switch is it?

[chimkenlittle]

1 hour ago, Ralphred said:

Unless you have been adding firewall rules and managed to block the "renew my lease please" traffic but not the "hello can I have an IP please" traffic

It’s an unmanaged 5 port. Could it be the switch as a whole? It seems to be every device connected to my network by wire, and occasionally happens on certain wireless devices (my partner just informed me of this this afternoon). So maybe the switch as a whole is junk but I did buy it new in like march or I have some messed up firewall rule?

[Ralphred]

3 minutes ago, chimkenlittle said:

or I have some messed up firewall rule?

Best way to test this is plug one of the PC's directly in to the pfsense machines LAN port, and leaving it overnight (when no one cares there is no wifi or internet anywhere else). If it's still working in the morning it's time to take the switch back, if it's a TP-link switch just bin it now and buy something nice(er).

 

Digressing a little, how many ethernet ports are on the AirPort, can you "cut the switch out altogether", and have a working network, just for a test period?

[chimkenlittle]

1 hour ago, Ralphred said:

can you "cut the switch out altogether", and have a working network, just for a test period?

Genius. I’ll do this and see how it goes! Thank you! 

[chimkenlittle]

On 8/24/2022 at 8:05 PM, Ralphred said:

Best way to test this is plug one of the PC's directly in to the pfsense machines LAN port, and leaving it overnight (when no one cares there is no wifi or internet anywhere else). If it's still working in the morning it's time to take the switch back, if it's a TP-link switch just bin it now and buy something nice(er).

 

Digressing a little, how many ethernet ports are on the AirPort, can you "cut the switch out altogether", and have a working network, just for a test period?

I’m back and it’s worse than ever lol. So I removed the switch from my setup completely and started to use the AP as one which is working fine, however this hasn’t stopped my connections being dropped from both wired and certain wireless devices. I replaced all Ethernet cables between my modem and all machines and am still having issues. I’m honestly unsure of what to do now, my thought was just to reset my pfsense back to defaults (not that I’ve configured too much anyways) and see what happens. If I’ve got time to hop on my pc later and grab some screenshots of firewall rules and airport settings if someone is interested. 
 

Weirdest part is it’s only certain devices. 
devices that disconnect wirelessly: 2016 MacBook Pro, 2011 MacBook Pro with newer wifi card, Apple TV, and Roku tv. 
 

devices that don’t: multiple iPhones, iPads, Apple watches, Google homes, and the Airport AP itself (though it’s wired but still). 

[Ralphred]

Hmm, something is throwing a spanner in the works, I think it would be unwise to assume that it's a "same" issue causing all the devices problems, but I wouldn't be surprised to read "I checked <this box> and now everything is working great!" either.

From a diagnostic point of view, you can set some devices with static IP's from outside of the DHCP pool and a 3rd party DNS server at the same time; If they STILL have issues that's a quite a few things you don't have to look at for that particular issue.

 

5 hours ago, chimkenlittle said:

grab some screenshots of firewall rules and airport settings

Yes!

[chimkenlittle]

16 hours ago, Ralphred said:

Yes!

 

 

I'll try the static with a google DNS tonight on one of my pcs on ethernet and see what happens.

 

[Ralphred]

^^ Nothing looks untoward there ^^

[Falcon1986]

@chimkenlittle

 

When you ran the pfSense setup wizard, did you enter any custom DNS?

 

What about activating the rule to prevent RFC1918 traffic? Your Hitron seems to default to using the 192.168.100.1 LAN IP when put into bridge mode. That means you should not activate the RFC1918 rule.

[chimkenlittle]

18 hours ago, Falcon1986 said:

When you ran the pfSense setup wizard, did you enter any custom DNS?

None, and I seem to misunderstand your second point. You say that I should activate it, but also that based on my settings I shouldn't activate it. So should I?