OPNsense Forum
English Forums => Virtual private networks => Topic started by: b1nb4sh on June 20, 2022, 10:55:39 pm
-
Hello,
Currently I have three sites and I want to distribute my systems between SiteA and SiteB. So I began to migrate my DCs and DHCP-Servers, but I face a strange problem. Here is the configuration:
Every FW is on OPNsense 22.1.8_1-amd64
SiteA
HA-CARP
10.0.5.1 (VIP)
10.0.5.2 FW1
10.0.5.3 FW2
10.0.9.1 (VIP)
10.0.9.2 FW1
10.0.9.3 FW2
VPN (WG0)
172.31.254.1 (VIP) --> Wireguard-kmod
172.31.254.2 FW1
172.31.254.3 FW2
DHCP-Server
10.0.5.6 (ISC-DHCP) GW:5.1
Clients (relayed) --> 10.0.5.6 & 10.0.18.2
10.0.9.0/24
---------------------------------------------------------
SiteB
172.31.254.4 FW1 --> Wireguard-kmod
10.0.18.1 FW1
10.0.22.1 FW1
DHCP-Server
10.0.18.2 (ISC-DHCP) GW:18.1
Clients (relayed) --> 10.0.5.6 & 10.0.18.2
10.0.22.0/24
I only get leases from 10.0.18.2 on SiteB, until I disable DHCP 10.0.18.2 and the clients are stuck on trying to fetch an ip and on siteA I found the following dhcrelay error:
Error dhcrelay Packet to bogus giaddr 10.0.22.1.
I also tried to disable the dhcrelay on SiteAFW but it still doesn't work.
When I setup an isc-dhcp-relay agent in the clients network (10.0.9.0 & 10.0.22.0) the request are forwarded to the dhcp servers without any issues.
-
Nevermind I found a working solution.
Disabled the dhcp relay on opnsense and configured it on the core switches and now everything is working as expected.
Funny fact: on side C is only an openwrt router with wireguard. Connected to both Sides A & B and the dhcp relay is working without any problems.