DHCP fixed vs. dynamic lease

playsafewithfire · 6 February 2021 19:06

Hi Everyone,

all my hosts have been on GREEN so far. Today I started to split them between BLUE and GREEN and assigning fixed IP adresses.

Change connection from GN to BL and reboot host.
Fetch MAC-address via DHCP
Assign fixed DHCP lease and reboot host.

Here is the behavior that startles me: Many of devices show up in both, fixed and dynamic leases. Some of them show up twice under dynamic lease, the first time without MAC address. See example of one device highlightd in the screenshot below. They can be pinged via their latest dynamically assigned address.

Setup: ipfire 152 with APU4D2. BLUE and GREEN are both wired networks via unmanaged switches connected. Since the wiki page on DHCP states as expected:

All clients not listed in this section will be given an address from the ‘dynamic’ range set above.

What would be a reasonable explanation?
What should be my next course of action?
Restart ipfire, too? That does not seem the way it is supposed to work.

Thanks.
playsafewithfire

bbitsch · 8 February 2021 11:59

These double entries in fixed and dynamic leases are normal for this process.
To get the MAC address and test the DHCP connection of a device, you just plug it in and read the information from the dynamic leases table.
A definition in the fixed leases set doesn’t change the set of possible dynamic leases. The DHCP server dhcpcd holds this set to accomplish the task of reassigning the same IP to a device identified by its MAC. That isn’t really nice, I know. But dhcpcd first looks at the fixed leases definitions, thus the dynamic leases information is irrelevant.

Why there are dynamic leases without MAC is curious. This shouldn’t happen.
Could you provide the leases information files? Maybe the WUI display contains an error for certain configurations.

playsafewithfire · 13 February 2021 12:27

Thanks @bbitsch. Check, that was the procedure I was going through.

But dhcpcd first looks at the fixed leases definitions, thus the dynamic leases information is irrelevant.

That was my expectation, which is why I was surprised to see new dynamic leases. I can live with the duplicate entries, entries without MAC and the fact that ipfire assigns the dynamic rather than the fixed addresses are the puzzlers. From a recent backup, the file:

/var/ipfire/dhcp/fixleases contains all entries of my GREEN network. None for BLUE.
/var/ipfire/dhcp/dhcpd.conf contains subnet definitions for GREEN and BLUE plus entries for fixed leases on GREEN.

Entries for fixed leases on BLUE I could not find any of the files. Where should I look next?

I’d rather share the config files on a more private basis - not in the open forum.

Kind regards
Play Safe

bbitsch · 13 February 2021 12:38

Are the fixed leases on BLUE shown in the WUI?

Can you look at the dhcp messages in /var/log/messages?
( Either by grep dhcpcd /var/log/messages from the console or Logs->System Logs, section DHCP Server from the WUI )

playsafewithfire · 13 February 2021 15:57

Yes, they are showing in the WUI as shown in the screenshot. History of browser deletes with every shutdown, so the information is fresh and not from cache. Clearing one hour of cache in the browser and reloading the WUI rendered the same result.

Logfiles downloaded from the WUI:

IPFire diagnostics
Section: dhcp
Date: February 13, 2021

The logfile reports DHCPREQUEST and DHCPACK messages from all devices that are online and using DHCP, about every hour. For example:

16:37:50 dhcpd:  DHCPREQUEST for 192.168.1.56 from 00:1b:a9:35:e2:e3 (BRN001BA935E2E3) via blue0
16:37:50 dhcpd:  DHCPACK on 192.168.1.56 to 00:1b:a9:35:e2:e3 (BRN001BA935E2E3) via blue0

There are three additional messages every hour:

15:37:50 dhcpd:  Wrote 0 deleted host decls to leases file.
15:37:50 dhcpd:  Wrote 0 new dynamic host decls to leases file.
15:37:50 dhcpd:  Wrote 10 leases to leases file.

NB: IP addresses on two devices from an automation system are hard coded, which fixed communications problems they seem to be having. This does not appear to be related, though.

Where does ipfire store fixed and dynamic leases on blue?

trash-trash · 14 February 2021 08:56

I had similar things with a tablet, which used a random MAC address on Wi-Fi .
I set at device the Wi-Fi MAC address for this Wi-Fi profile to “Tablet” own fix under Advanced settings of this SSID connection .
I set fix IP under IPFire blue allowed devices; and under IPFire DHCP for fix IP to devices .
Then disconnect Wi-Fi for that device under IPFire blue disallow once … then allow for blue again that device .

bonnietwin · 14 February 2021 09:54

Hi @playsafewithfire

All fixed leases are written into /var/ipfire/dhcp/dhcp.conf
If you have a dynamic section but no fixed leases in the conf file then it is likely that you have fixed leases for the Blue subnet defined in the Current Fixed Leases section that are not enabled.

If you have a client that is in the Fixed Lease section but not enabled then dhcp will provide it with a lease from the defined dynamic range. You will then see it in your Current Fixed Lease section and also in the Current Dynamic Leases section.

bonnietwin · 14 February 2021 12:14

Hi @playsafewithfire

I just noticed that you say that you have no entries for Blue in the fixleases file. That file should contain all the leases entered into the Current Fixed Leases table, whether they are enabled or not. If enabled then the third entry in the line is “on”. If disabled then the entry can be either “off” or “”.

Can you provide a screenshot of the Current Fixed Leases table.

playsafewithfire · 17 February 2021 15:26

Hi @bonnietwin the screenshot at the top is from my WUI, is this what you are looking for. I think I found the strange behavior: I had added the “fixed lease” entries from WUI: Firewall >> Blue Access.

After adding the same device via the WUI in: Network >> DHCP, the fixed leases show up in both files:

/var/ipfire/dhcp/dhcp.conf
/var/ipfire/dhcp/fixleases

Might this be an unwanted, undocumented feature (bug)? I still need to check tonight that this edit caused the desired effect of fixing IP addresses and will report results. If yes, should I file a bug report?

I really appreciate the help from the team.

bbitsch · 17 February 2021 15:44

Do you mean the section ’ Current DHCP leases on BLUE’ of the page?
There isn’t differtiated between fixed and dynamic leases. This table just shows all known leases ( fixed and active dynamic leases ) for adding them to the set of allowed wireless devices. Editing allows to do that with or without MAC filtering.

bonnietwin · 17 February 2021 15:44

Hi @playsafewithfire

The screenshots from the top of the thread are titled Devices on Blue and Current DHCP leases on Blue. These are entries on the Firewall → Blue Access menu.

I was looking for the Current fixed leases table on Network → DHCP Server

Your comment has answered the question I had. If you don’t enter a fixed lease in the Network → DHCP Server table then you don’t have a fixed lease. What you see in Firewall → Blue Access is the dynamic leases. That is why they were not showing up in the fixed leases file. It is created only from the entries in the Network → DHCP Current fixed leases table.
The fixleases file contains all entries in the table enabled or not.
The dhcp.conf only contains the fixed leases that are enabled.

No you don’t have a bug there.

When you add a device in the Firewall → Blue Access page then you are permitting it’s mac address to be recognised. It makes no difference in this table if the client has a fixed lease or a dynamic lease.

You can also decide whether you want to check for the mac addresses for all your wireless clients or not.

https://wiki.ipfire.org/configuration/firewall/accesstoblue

playsafewithfire · 17 February 2021 16:49

Thanks for the clarification. I missunderstood the entries. Case closed.