Messages

@opns_neuling thanks for the pointer, but AFAICT, the native OPNsense API does NOT support DHCP management.

For more information check this GitHub issue:
https://github.com/opnsense/core/issues/4062

It has been timed-out for a year now. Nobody was ready to step in.

[Device]

A colleague suggested to bring the big guns and use Wireshark. The right tool for the job I guess.

OPNSense is properly sending the Device (The real device name of this interface. ). For some reason, dnsmasq doesn't log it. For some reason, kea ISC DHCP server logging refuses to print it. But the packet is correctly formatted, so OPNSense relay mechanism is working as intended.

The documentation for Append circuit ID and agent ID to requests was misleading for an ignorant such as myself. It says something about the "interface number" which is a concept that doesn't appear anywhere else on OPNSense documentation. I was chasing some ghosts trying to find that "number" but... yeah, now I understand.

Leaving this post as proof of my idiocy and maaaaybe it will help someone in the future.

[Append circuit ID and agent ID to requests]

Maybe I am missing something very obvious, but I cannot get the DHCP target to receive the circuit information from OPNSense.

My setup consists basically on a few VLAN and I was trying to setup an authoritative DHCP server (outside the OPNSense appliance). I activated the Append circuit ID and agent ID to requests flag but I was not getting information in the dnsmasq box.

At first I believed that ther was some limitation on dnsmasq and now was trying with the ISC kea DHCP server. However, I get the following:

Code Select Expand


DEBUG DHCP4_PACKET_RECEIVED ...
DEBUG DHCP4_QUERY_DATA (...)
options:
    (...)
   type=082, len=016:,
options:
     type=001, len=014: ...


All options (client identifier, hostname, relay information, etc.) is received correctly on the ISC kea server. However the circuit id field (option 82) receives something buggy. dnsmasq was missing that information too, so... am I missing something obvious on DHCP server configuration? There are not a lot of options to tweak on the OPNsense side.

[is]

My goal was to automate certain IP management tasks, and discovered that OPNsense's DHCP supports OMAPI (since 20.1 if I'm not mistaken). I am using an up-to-date OPNsense 21.1 installation.

Once activated and configured, I can see that OMAPI port is working (netstat -an | grep 7911 shows it). However, after adding a lease from the web UI, if I try to get with pypureomapi, it fails:

In [5]: omapi.lookup_ip("de:ad:be:ef:ca:fe")
---------------------------------------------------------------------------
OmapiErrorNotFound                        Traceback (most recent call last)
<ipython-input-5-83d144de8394> in <module>
----> 1 omapi.lookup_ip("de:ad:be:ef:ca:fe")

~...python3.8/site-packages/pypureomapi.py in lookup_ip(self, mac)
   1101                 @raises socket.error:
   1102                 """
-> 1103                 res = self.lookup_by_lease(mac=mac)
   1104                 try:
   1105                         return res["ip-address"]

~...python3.8/site-packages/pypureomapi.py in lookup_by_lease(self, **kwargs)
   1181
   1182         def lookup_by_lease(self, **kwargs):
-> 1183                 return self.__lookup("lease", **kwargs)
   1184
   1185         def __lookup(self, ltype, **kwargs):

~...python3.8/site-packages/pypureomapi.py in __lookup(self, ltype, **kwargs)
   1216                 response = self.query_server(msg)
   1217                 if response.opcode != OMAPI_OP_UPDATE:
-> 1218                         raise OmapiErrorNotFound()
   1219                 if "raw" in kwargs and kwargs["raw"]:
   1220                         return dict(response.obj)

OmapiErrorNotFound: not found

The connection seems to be correctly established, as I was receiving a different error when it was wrong (the fact that the OMAPI key name is omapi_key was a mysterious fact, as I could not find that on the documentation).

Something is working, because a double add fails on the second one:

In [7]: omapi.add_host("172.21.132.123", "be:ef:00:00:be:ef")

In [8]: omapi.add_host("172.21.132.123", "be:ef:00:00:be:ef")
---------------------------------------------------------------------------
OmapiError                                Traceback (most recent call last)
<ipython-input-8-6cf1f93d7c17> in <module>
----> 1 omapi.add_host("172.21.132.123", "be:ef:00:00:be:ef")

~...python3.8/site-packages/pypureomapi.py in add_host(self, ip, mac)
   1253                 response = self.query_server(msg)
   1254                 if response.opcode != OMAPI_OP_UPDATE:
-> 1255                         raise OmapiError("add failed")
   1256
   1257         def add_host_supersede_name(self, ip, mac, name):  # pylint:disable=E0213

OmapiError: add failed


... which is expected. But that lease does not appear on the web UI, nor can it be retrieved with the pypureomapi library.

This is my first time working with OMAPI, so I may have some misconception on how it works or how it shoulbe be used. I want a mechanism to add/sync static leases from a Python codebase, and OMAPI seemed the path to walk (is there another mechanism? maybe there is an OPNsense API endpoint for managing that? I could not find it. Maybe there is a simpler & easier way to achieve my goal?)