Arris SB8200 + Homebuilt Pfsense multi vlan router and not getting DHCP Offer

Don't spend your time with Xfinity AI agent, Chat Support Agents, or L1 support if you have customer owned modem and customer owned router. They will always just tell you that the modem is online and it's your modem is defective or you have to contact the manufacturer of your router.  Try explaining to them you built your own router from parts and you will get 😲🤔😵⚠️😱💥🤯🙄❌⛔🛑🚧

I'm posting this in the hopes that it helps someone else avoid the frustration I've been dealing with the last two days, this being now my 5th time that Xfinity residential service has blocked me from getting DHCP Offer messages. I was convinced it was Xfinity's fault and I actually got irate at a technical support person (Flo or Fleur I couldn't tell how you pronounced it.. I'm sorry). In the past getting to the Advanced Technical Support team would resolve my issue because they would do something on their end to get my DHCP lease removed and when I would get a new address I would be connected again.

Turns out that the few times in my packet captures I would see a DHCP Offer message followed by Request > ACK > ARP > ARP > ARP I would see a flurry of DNS and ICMP traffic go out and I would get disconnected and be back to DHCP Discover broadcasts.

There is a setting in PFSense on the Gateway (System / Routing / Gateways) "Monitor IP" which would have the IP of the last known gateway/default route next hop (or maybe I entered it manually)  When I cleared out this field, and checked both boxes for "Disable Gateway Monitoring" and "Disable Gateway Monitoring Action" along with the other steps below I was able to get back online.

You may not need to do all the following steps but I highly recommend it.

1. Disable Gateway Monitoring (System / Routing / Gateways - Gateway Monitoring)

2. Disable Gateway Monitoring Action (System / Routing / Gateways - Gateway Action)

3. Enable Secure Shell (System / Advanced - scroll down to "Enable Secure Shell") this will be useful for step 5

4. Disable your WAN interface (Interfaces / WAN - Enable "uncheck it")

5. SSH into your PFSense and go to option 8 "Shell", run (replace {your-interface} with your actual interface mine was lagg0.1):  cd /var/db && mv dhclient.leases.{your-interface} dhclient.leases.{your-interface}.bak

6. exit from SSH shell back to SSH menu and do option 5 to "Reboot System"

7. While your PFSense router is rebooting disconnect the ethernet cable to the modem and reboot the modem

8. let the modem boot up and get upstream/downstream locked and wait about 3-5 more minutes.

9. while waiting for the modem to lock us/ds go into your WAN interface (Interfaces / WAN) and in the DHCP Client Configuration section in "Reject leases from" enter 192.168.100.1   (this is what I get from my modem between reboots yours may vary)

10. (Cable Modem ethernet cable should still be disconnected) Enable the WAN interface

11. Start up packet capture on WAN interface if you feel so inclined to watch and make sure you're getting a DHCP Offer message

12. Plug in the ethernet cable to the modem

What you should see:

Something you might also want to try is look at your dhclient.leases.{your-interface} file to see when your lease is set to renew/rebind/expire.

In a worst case scenario you might need to turn all your equipment off (pfsense and modem) and leave it off until some desirable amount of time past the expire date/time. This should ensure that your lease is clear from their system. I did this the first night and I did get a new IP address but the monitoring got me blocked by Xfinity again.

I'm hopeful this post will be allowed as it does accuse Xfinity of blocking customers but lets be real Xfinity, I wouldn't have had to post this at all if your system wasn't kicking me off your network and blocking my DHCP Discover requests. What is the harm in pinging my gateway to make sure I'm connected???

SRSLY!! 🤬

¯\_༼ ಥ ‿ ಥ ༽_/¯