Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: Swtrse on March 12, 2024, 12:14:23 PM

Title: DHCP static mapping for changing MAC-addresses
Post by: Swtrse on March 12, 2024, 12:14:23 PM
Hello,

I am moving from openWrt firewall to OPNsense.

I am struggling to copy the DHCP settings.

My problem is, I run a XCP-ng hypervisor with 3 hosts in a pool. Every time a VM is restarted or (automatically) moved to a other host in the pool the MAC-Address of this VMs network card is changing. This behavior can not be turned off and I suspect it is the same on XenServer.

On openWrt I could register the static mappings based on the DUID (or if everything else fails on the hostname). I did not find a way to do that on OPNsense.
Did I miss anything?
Title: Re: DHCP static mapping for changing MAC-addresses
Post by: bartjsmit on March 12, 2024, 01:59:32 PM
Any reason why you don't use static IP or dynamic DNS for your servers?

I wouldn't trust DHCP for firewall rules since the client can change them. Better off with VLAN separation.

Bart...
Title: Re: DHCP static mapping for changing MAC-addresses
Post by: Patrick M. Hausen on March 12, 2024, 02:01:44 PM
Also although I don't know XCP-ng specifically I would expect that a hypervisor capable of VM mobility also includes IP address management for VMs? VMware sure does.
Title: Re: DHCP static mapping for changing MAC-addresses
Post by: pbk on March 12, 2024, 02:39:20 PM
Quote from: Swtrse on March 12, 2024, 12:14:23 PM
This behavior can not be turned off and I suspect it is the same on XenServer.

Maybe I completely misunderstood the problem here but sure... you can not only change the MAC to your liking, the MAC is fixed.

I've attached a screenshot from XenOrchestra.
Title: Re: DHCP static mapping for changing MAC-addresses
Post by: Greg_E on March 12, 2024, 03:30:10 PM
The MAC should not change, I'm not seeing this on my XCP-NG systems. if it did I have one application that would fail because it is "licensed" against the MAC address.

On my lab system I've moved one win 10 eval all over the place and the mac (and dhcp) did not move.
Title: Re: DHCP static mapping for changing MAC-addresses
Post by: Swtrse on March 12, 2024, 04:50:20 PM
@Greg_E I see this for example every time I restore a Snapshot or the VM is moved to an other host in the same pool, or the vm is stopped and started again. This does not work well with my DHCP-Server where I give static leases to some of the vms based on the MAC address.

The server are in there own subnet with static IP so no problem there.
However, the DEV Environments where VMs are created, restored, started, stopped as needed depend on DHCP.
Title: Re: DHCP static mapping for changing MAC-addresses
Post by: Swtrse on March 12, 2024, 04:58:00 PM
Ok, I found the solution.

I was too focused on Kea.

As I found out ISC is perfectly capable of linking the lease mapping with the DUID and not relying on the MAC Address.

So it looks like Kea is not capable of that yet, and ISC is the way to go. At least for the moment.
Title: Re: DHCP static mapping for changing MAC-addresses
Post by: Swtrse on May 05, 2024, 12:25:25 AM
Quote from: Greg_E on March 12, 2024, 03:30:10 PM
The MAC should not change, I'm not seeing this on my XCP-NG systems. if it did I have one application that would fail because it is "licensed" against the MAC address.

On my lab system I've moved one win 10 eval all over the place and the mac (and dhcp) did not move.
Just to be complete. Here is the forum link where even the devs will tell you that MAC address will change if you do a VM restore or a vm copy operation or a vm move operation. https://xcp-ng.org/forum/topic/5535/preventing-new-network-detection-on-different-xcp-ng-hosts
Text only | Text with Images