SOLVED: Rogue DHCP Server gives Freedombox Bogus IP

Problem Description
When my cable modem restarts it will become a DHCP server which will assign a private network non-routable IP address to my freedombox (192.168.100.1). The modem is an Arris Surfboard SB6190. I have intermittent internet outages which can only be fixed by forcing a DHCP release on the primary network interface after the cable modem is connected to the ISP. This is done by deactivating and reactivating the primary network interface or by rebooting freedombox.

Steps to Reproduce

  1. Start with a normally operating internet connected freedombox
  2. Restart the cable modem
  3. Freedombox will make a DHCP request
  4. Cable modem (192.168.100.1) will offer address 192.168.100.20 to freedombox
  5. freedombox will have a non-internet private network address for the primary interface
  6. you will have no internet connection for freedombox or freedombox clients
  7. Cable modem comes back with an ISP connection, but freedombox keeps the private network address instead of getting an ISP assigned public internet address

Freedombox has eno1 primary interface connected to cable modem, and eno2 local network interface connected to LAN.

Solution

  1. Identify the rogue DHCP server by IP address
    1.1. I used journalctl -b0 | grep eno1 to find log entries about the dhcp state of the primary interface.
    1.2. I could see the dhcp offer from 192.168.100.1 and knew that this should not be in a private address range for the internet exposed primary connection
  2. A dhcp server on your network may be rejected by IP address by NetworkManager
    2.1. modify the /etc/NetworkManager/system-connections/eno1.nmconnection file
    2.1.1. you may need to replace eno1 with whatever label your primary connection is configured to have (example: my-internet.nmconnection)
    2.2. add dhcp-reject-servers=192.168.100.1 at the end of the [ipv4] section to ignore DHCP offers from the offending device
    2.2.1. your rogue DHCP server may have a different address.
    2.3. My complete [ipv4] section looks like this now:

[ipv4]
dns=9.9.9.10;9.9.9.9;
dns-search=
ignore-auto-dns=true
method=auto
dhcp-reject-servers=192.168.100.1
← this is the new line

  1. reboot
  2. if you do this correctly you will not be able to reproduce the problem.

I’ll note that I have at least one more rogue dhcp server on my network in a TP-Link AV600 SOHO powerline ethernet wifi access point. I’ll probably have to treat that next.

Screenshot with no valid IP (plinth sys/networks/eno1 page)

Information

  • FreedomBox version: You are running Debian GNU/Linux 11 (bullseye) and FreedomBox version 22.20. FreedomBox is up to date.
  • Hardware: Linux myfpbhostname 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64 GNU/Linux
  • How did you install FreedomBox?: netinst + DEBIAN_FRONTEND=noninteractive apt-get install freedombox -y
  • ISP: Xfinity USA
  • Cable Modem: CommScope (Arris) Surfboard SB6190