/var/etc/dhclient_wan.conf line 9: no option named vendor-class-identifier

[RomainMorlevat]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

After updating opnsense, I have no internet access.

The current OPNsense version where the bug first appeared: 24.1.8 The last OPNsense version where the bug did not exist: 24.1.6

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert) It obviously fails as opnsense have no internet access anymore.

# opnsense-revert -r 24.1.6 opnsense
Fetching opnsense.pkg: ..[fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/MINT/24.1.6/latest/Latest/opnsense.pkg.sig: Host does not resolve] failed

To Reproduce

Steps to reproduce the behavior:

1. Use opnsense 24.1.6 with a WAN with Lease Requirements Send Options vendor-class-identifier
2. Update to 24.1.8
3. Reboot
4. See error and no more internet access

Expected behavior

opnsense getting an IP from my ISP and having internet access.

Describe alternatives you considered

I've searched for issues with my config first (despite the error) to see if it can be done another way, tried without vendor-class-identifier, tried with dhcp-class-identifier (like for Orange FR). All attempts were without success. I've tried to set a new interface and connect opnsense to the ISP router in a DMZ (double NAT? no bridge mode available) but I don't manage to make it work. The next thing I'm going to try is to reinstall opnsense from scratch and restore a backup but I don't find were to download the exact 24.1.6 version. I only find 24.1.

Relevant log files

A relevant excerpt from the attached log file: log-opensense-20240602.txt

<27>1 2024-06-02T08:29:59+02:00 router.XXXXX.XXX dhclient 22157 - [meta sequenceId="246"] /var/etc/dhclient_wan.conf line 9: no option named vendor-class-identifier
<27>1 2024-06-02T08:29:59+02:00 router.XXXXX.XXX dhclient 22157 - [meta sequenceId="247"]   send vendor-class-identifier "BYGTELIAD"
<27>1 2024-06-02T08:29:59+02:00 router.XXXXX.XXX dhclient 22157 - [meta sequenceId="248"]       ^
<13>1 2024-06-02T08:30:01+02:00 router.XXXXX.XXX dhclient 22721 - [meta sequenceId="249"] dhclient-script: Reason PREINIT on vlan08 executing
<13>1 2024-06-02T08:30:01+02:00 router.XXXXX.XXX dhclient 23578 - [meta sequenceId="250"] dhclient-script: Reason EXPIRE on vlan08 executing
<13>1 2024-06-02T08:30:01+02:00 router.XXXXX.XXX dhclient 24633 - [meta sequenceId="251"] dhclient-script: Reason PREINIT on vlan08 executing
<13>1 2024-06-02T08:30:01+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="252"] <118>Configuring WAN interface...
<13>1 2024-06-02T08:30:01+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="253"] <6>igb0: link state changed to UP
<13>1 2024-06-02T08:30:01+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="254"] <6>vlan08: link state changed to UP
<13>1 2024-06-02T08:30:02+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="255"] <6>igb2: link state changed to UP
<13>1 2024-06-02T08:30:03+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="256"] <6>igb1: link state changed to UP
<13>1 2024-06-02T08:30:06+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="257"] <6>lagg0: link state changed to UP
<13>1 2024-06-02T08:30:06+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="258"] <6>vlan05: link state changed to UP
<13>1 2024-06-02T08:30:06+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="259"] <6>vlan07: link state changed to UP
<13>1 2024-06-02T08:30:06+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="260"] <6>vlan02: link state changed to UP
<13>1 2024-06-02T08:30:06+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="261"] <6>vlan04: link state changed to UP
<13>1 2024-06-02T08:30:06+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="262"] <6>vlan01: link state changed to UP
<13>1 2024-06-02T08:30:06+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="263"] <6>vlan06: link state changed to UP
<13>1 2024-06-02T08:30:06+02:00 router.XXXXX.XXX kernel - - [meta sequenceId="264"] <6>vlan03: link state changed to UP
<13>1 2024-06-02T08:31:00+02:00 router.XXXXX.XXX dhclient 27404 - [meta sequenceId="265"] dhclient-script: Reason FAIL on vlan08

Detail of /var/etc/dhclient_wan.conf:

interface "vlan08" {
    # DHCP Protocol Timing Values
    timeout 60;
    retry 15;
    select-timeout 0;
    initial-interval 1;

    # DHCP Protocol Options
    send vendor-class-identifier "BYGTELIAD";

    script "/usr/local/opnsense/scripts/interfaces/dhclient-script";
    supersede interface-mtu 0;
    vlan-pcp 0;
}

Result of /sbin/ifconfig -n:

igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
    ether 64:62:66:21:65:18
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

...

vlan08: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: WAN (wan)
    options=4000000<NOMAP>
    ether XX:XX:XX:XX:XX:XX # MAC address of my ISP box
    groups: vlan
    vlan: 100 vlanproto: 802.1q vlanpcp: 6 parent interface: igb0
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Additional context

I've installed opnsense on a Protectli VP2410. It is connected via an ethernet cable to the ONT (FTTH) provided by my ISP (Bouygues, France) and as I don't want to use the provided "Bbox fit" (ISP router) I need to tag my WAN to VLAN 100 and spoof the MAC address of the ISP router and use the vendor-class-identifier option.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.1.8 (amd64). Protectli VP2410 (Intel Celeron J4125, Intel Gigabit Ethernet NIC ports)

[AdSchellevis]

this https://docs.opnsense.org/manual/how-tos/orange_fr_fttp.html#configuring-the-wan-interface suggests the option is called dhcp-class-identifier. I haven't checked, but I think dhclient on both mentioned versions is the same by the way

[RomainMorlevat]

Yes, I've tried with that, but can't get an IP v4. This issue suggests that vendor- does not work while dhcp- does. But I was running fine with vendor-. I've reinstalled opnsense to 24.1 and still got the error :thinking: ; I'm lost.

[AdSchellevis]

maybe the error has always been there? the vendor- option was never available as far as I can find.

[RomainMorlevat]

Yes, that's possible, but I had internet access before that update, that's what I can't explain. And I don't get how to help myself here (no explicit error, nothing to check, "no" tutorial for this ISP).

[AdSchellevis]

can't help you with specific providers, but I would start with removing unsupported options, maybe start dhclient manually and capture some traffic. Our forum (https://forum.opnsense.org) is likely a better place to discuss configuration issues.

[RomainMorlevat]

Thank you to have taken the time to answer me. I will ask in the forum.

[RomainMorlevat]

OK, I managed to make it works seeing this post : it's about pfsense but the guy says that to spoof the MAC address of the ISP router, the WAN should be set before associating the VLAN to it. And in Interfaces: Other Types: VLAN, the MAC address displayed were not the one that I wanted to spoof. So by disabling WAN, associating device and VLAN to another interface to be sure that everything is not associated to my physical WAN port, then redoing the association back I got an IP instantly from my ISP. I'm not sure about why the MAC address didn't been spoof correctly on assignment and reboot. When I figure that out, I think I will submit a PR to your doc for that ISP.

I've also changed vendor-class-identifier to dhcp-class-identifier.

edit: updating to 24.1.8 broke again the MAC spoofing.