DHCP seems to have stopped randomly

Hi all you will have to forgive my naivety as I’m new to openwrt and I’m not an expert in networking.

I’ve had a solid setup for months but of late I’ve had two occasions where devices have dropped off my network and then can’t seem to get a new dhcp ip address, or at least that’s the only symptom that shows. A restart of the router and all is fine again.

I’m running OpenWrt 19.07.3 r11063-85e04e9f46 and my network consists of openwrt on a hub one router providing dhcp and dns, I have an Cisco sg500x which has a number of unify devices hanging off it providing my WiFi network. My internet access is provided by an lte router which connects to my openwrt router.

I’ve checked logs on my openwrt nothing obvious in the ui. Can anyone suggest a way to diagnose?

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Also you can run logread -e dnsmasq ; pgrep -fa dnsmasq; netstat -lnp | grep dnsmasq when the problem occurs.
All the devices have issues renewing their IP or only some of them?

It feels like a mixed estate and that only some devices suffer. Output below;

> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.*
/tmp/resolv.* /tmp/resolv.*/*
{
        "kernel": "4.14.180",
        "hostname": "OpenWrt",
        "system": "xRX200 rev 1.2",
        "model": "BT Home Hub 5A",
        "board_name": "bt,homehub-v5a",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.3",
                "revision": "r11063-85e04e9f46",
                "target": "lantiq/xrx200",
                "description": "OpenWrt 19.07.3 r11063-85e04e9f46"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd53:9cf9:7d01::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option tone 'av'
        option ds_snr_offset '0'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ip6assign '60'
        list ipaddr '192.168.1.1/24'
        list ipaddr '192.168.0.1/24'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr 'f4:6b:ef:38:6b:7a'

config interface 'wan'
        option ifname 'dsl0'
        option proto 'pppoe'
        option username ''
        option password ''
        option ipv6 '1'

config device 'wan_dsl0_dev'
        option name 'dsl0'
        option macaddr 'f4:6b:ef:38:6b:7b'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 4 2 0'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 1'
        option vid '2'

config interface 'LTE'
        option ifname 'eth0.2'
        option proto 'dhcp'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
        option htmode 'VHT80'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid ''
        option key ''
        option encryption 'psk-mixed'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:0e.0'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option key ''
        option ssid ''
        option encryption 'psk-mixed'
        option disabled '1'

package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'
        option limit '200'
        option start '50'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option mac ''
        option dns '1'
        option ip '192.168.0.80'
        option name 'server'

config host
        option mac ''
        option name 'cisco'
        option dns '1'
        option ip '192.168.0.200'

config host
        option mac ''
        option name 'uap-kitchen'
        option dns '1'
        option ip '192.168.0.101'

config host
        option mac ''
        option name 'uap-outside-back'
        option dns '1'
        option ip '192.168.0.219'

config host
        option mac ''
        option name 'uap-landing'
        option dns '1'
        option ip '192.168.0.116'

config host
        option mac ''
        option name 'camera'
        option dns '1'
        option ip '192.168.0.59'

config host
        option mac ''
        option name 'samsung'
        option dns '1'
        option ip '192.168.0.52'

config host
        option mac ''
        option name 'rmmini1'
        option dns '1'
        option ip '192.168.0.125'

package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 LTE'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qle                                                                                                                                                             n 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet 192.168.0.1/24 brd 192.168.0.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state U                                                                                                                                                             P qlen 1000
    inet 192.168.2.219/24 brd 192.168.2.255 scope global eth0.2
       valid_lft forever preferred_lft forever
default via 192.168.2.1 dev eth0.2  src 192.168.2.219
192.168.0.0/24 dev br-lan scope link  src 192.168.0.1
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.2.0/24 dev eth0.2 scope link  src 192.168.2.219
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.0.0 dev br-lan table local scope link  src 192.168.0.1
local 192.168.0.1 dev br-lan table local scope host  src 192.168.0.1
broadcast 192.168.0.255 dev br-lan table local scope link  src 192.168.0.1
broadcast 192.168.1.0 dev br-lan table local scope link  src 192.168.1.1
local 192.168.1.1 dev br-lan table local scope host  src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local scope link  src 192.168.1.1
broadcast 192.168.2.0 dev eth0.2 table local scope link  src 192.168.2.219
local 192.168.2.219 dev eth0.2 table local scope host  src 192.168.2.219
broadcast 192.168.2.255 dev eth0.2 table local scope link  src 192.168.2.219
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx    1 root     root            16 May 16  2020 /etc/resolv.conf -> /tm                                                                                                                                                             p/resolv.conf
-rw-r--r--    1 root     root            32 Dec 13 22:38 /tmp/resolv.conf
-rw-r--r--    1 root     root            39 Dec 13 22:38 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface LTE
nameserver 192.168.2.1
head: /tmp/resolv.*/*: No such file or directory

Do you need this second IP on the lan interface?
If yes, then create an alias interface, rather than adding it under lan. Make sure there is only one interface serving DHCP.

So i had the issue again and have run the logread, here is the contents;

asq
Sun Dec 13 22:37:51 2020 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Sun Dec 13 22:37:51 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: started, version 2.80 cachesize 150
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: DNS service limited to local subnets
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: using local addresses only for domain test
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: using local addresses only for domain onion
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: using local addresses only for domain localhost
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: using local addresses only for domain local
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: using local addresses only for domain invalid
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: using local addresses only for domain bind
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: using local addresses only for domain lan
Sun Dec 13 22:37:52 2020 daemon.warn dnsmasq[1119]: no servers found in /tmp/resolv.conf.auto, will retry
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: read /etc/hosts - 10 addresses
Sun Dec 13 22:37:52 2020 daemon.info dnsmasq[1119]: read /tmp/hosts/dhcp.cfg01411c - 8 addresses
Sun Dec 13 22:38:01 2020 daemon.info dnsmasq[1119]: exiting on receipt of SIGTERM
Sun Dec 13 22:38:02 2020 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Sun Dec 13 22:38:03 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: started, version 2.80 cachesize 150
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: DNS service limited to local subnets
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: using local addresses only for domain test
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: using local addresses only for domain onion
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: using local addresses only for domain localhost
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: using local addresses only for domain local
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: using local addresses only for domain invalid
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: using local addresses only for domain bind
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: using local addresses only for domain lan
Sun Dec 13 22:38:06 2020 daemon.warn dnsmasq[1945]: no servers found in /tmp/resolv.conf.auto, will retry
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: read /etc/hosts - 10 addresses
Sun Dec 13 22:38:06 2020 daemon.info dnsmasq[1945]: read /tmp/hosts/dhcp.cfg01411c - 8 addresses
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: read /etc/hosts - 10 addresses
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: read /tmp/hosts/odhcpd - 1 addresses
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: read /tmp/hosts/dhcp.cfg01411c - 8 addresses
Sun Dec 13 22:38:09 2020 daemon.warn dnsmasq[1945]: Ignoring query from non-local network
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: reading /tmp/resolv.conf.auto
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: using local addresses only for domain test
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: using local addresses only for domain onion
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: using local addresses only for domain localhost
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: using local addresses only for domain local
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: using local addresses only for domain invalid
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: using local addresses only for domain bind
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: using local addresses only for domain lan
Sun Dec 13 22:38:09 2020 daemon.info dnsmasq[1945]: using nameserver 192.168.2.1#53
Sun Dec 13 22:38:10 2020 daemon.err dnsmasq[1945]: failed to send packet: Operation not permitted
Sun Dec 13 22:38:10 2020 daemon.info dnsmasq[1945]: read /etc/hosts - 10 addresses
Sun Dec 13 22:38:10 2020 daemon.info dnsmasq[1945]: read /tmp/hosts/odhcpd - 2 addresses
Sun Dec 13 22:38:10 2020 daemon.info dnsmasq[1945]: read /tmp/hosts/dhcp.cfg01411c - 8 addresses
Fri Jan 15 05:52:42 2021 daemon.info dnsmasq[1945]: read /etc/hosts - 10 addresses
Fri Jan 15 05:52:42 2021 daemon.info dnsmasq[1945]: read /tmp/hosts/odhcpd - 3 addresses
Fri Jan 15 05:52:42 2021 daemon.info dnsmasq[1945]: read /tmp/hosts/dhcp.cfg01411c - 8 addresses
1945 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
tcp        0      0 192.168.2.220:53        0.0.0.0:*               LISTEN      1945/dnsmasq
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1945/dnsmasq
tcp        0      0 192.168.1.1:53          0.0.0.0:*               LISTEN      1945/dnsmasq
tcp        0      0 192.168.0.1:53          0.0.0.0:*               LISTEN      1945/dnsmasq
tcp        0      0 fd53:9cf9:7d01::1:53    :::*                    LISTEN      1945/dnsmasq
tcp        0      0 fe80::f66b:efff:fe38:6b7a:53 :::*                    LISTEN      1945/dnsmasq
tcp        0      0 fe80::7834:ceff:fee7:abe6:53 :::*                    LISTEN      1945/dnsmasq
tcp        0      0 fe80::7834:ceff:fee7:abe6:53 :::*                    LISTEN      1945/dnsmasq
tcp        0      0 ::1:53                  :::*                    LISTEN      1945/dnsmasq
udp        0      0 192.168.2.220:53        0.0.0.0:*                           1945/dnsmasq
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1945/dnsmasq
udp        0      0 192.168.1.1:53          0.0.0.0:*                           1945/dnsmasq
udp        0      0 192.168.0.1:53          0.0.0.0:*                           1945/dnsmasq
udp        0      0 fd53:9cf9:7d01::1:53    :::*                                1945/dnsmasq
udp        0      0 fe80::f66b:efff:fe38:6b7a:53 :::*                                1945/dnsmasq
udp        0      0 fe80::7834:ceff:fee7:abe6:53 :::*                                1945/dnsmasq
udp        0      0 fe80::7834:ceff:fee7:abe6:53 :::*                                1945/dnsmasq
udp        0      0 ::1:53                  :::*                                1945/dnsmasq

I can also see from my Unifi Dashboard that its finding anomalies with devices connected unable to obtain an IP.

8:00am
Client  is having trouble obtaining an IP via DHCP.for last 2 hours

You didn't reply if you need the secondary IP on the lan interface.
Also there is a huge gap in the logs for 1 month.

So i don't think i need the secondary IP unless its related to my backup gateway (I have two gateways to the internet that i have weighted (lte, copper). Forgive me i'm not an expert in networking. This is what it looks like through lucia, at present only me lte interface is up.

image1047×475 38.9 KB

With regards to the log gap, I have no idea why there is a gap in the logs.

It is not needed for that. To manage multiple gateways you should use mwan3 or vpn-pbr. So better remove the secondary IP.
Also from the netstat output it shows that the dnsmasq is not serving dhcp.

Maybe the device was rebooted? That could explain the date gap. Check with uptime
First remove the secondary IP, then restart the dnsmasq, verify it is service dhcp, and monitor.

uci del_list network.lan.ipaddr='192.168.1.1/24'
uci commit network
ifup lan
service restart dnsmasq
netstat -lnp | grep dnsmasq