Messages

I didn't even know There is such a options like DHCP Guard.

Why not?
It is right in the GUI, well explained there and disabled by default.

Hope this helps others!

I don't think so, it is kinda to obvious.

There's always one! Top points for least valuable post of the day #yourock

... and thanks for all your inputs.

Problem Solved!!

One point I failed to mention was that I'm doing this all in Hyper-V

I was checking the Hyper-V config for the internal Nic on the guest and by chance noticed an enabled feature in the advanced settings called DHCP guard. I disabled this and hey presto it's all working.

Hope this helps others!

As a data point it would help to know if this is is a version before 24.1.6 or if this started with 24.1.6. If we don't have these data points it's harder to narrow this down (even if it is just a configuration hiccup).


Cheers,
Franco

OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

As a bit of history I have always used VYOS - I had attempted this before on version 22.7 but had the same DHCP relay issue. I'm now reattempting to use OPNsense, upgraded to 24.1.6 but issue remains.

DHCP relay is a function of a device capable L3. Basically your 1st device in the chain acting as a GW should be the Relay Gateway.

Relay works in a way where the GW changes the source IP (either 0.0.0.0 on discovery or unique private address on re-release) for GIADDR, which is used by the DHCP server as destination. Relay GW is an intermediator, asking on behalf the Host and replying on behalf the DHCP server.

I am currently running 24.1.6, my Relay config was migrated automatically from ISC to the new DHCPRelay implementation by OPNsense and its working.

Can you check your DHCPrelay config? The old section under ISC should be gone and a new service TAB called DHCPRelay should be under Services, there should be the Relay config present.
Regards,
S.

Config is there, and the request is being relayed to the DHCP server, the DHCP is responding with the offer to the originating VLAN gateway but it does not appear to be hitting the gateway.

Using Wireshark and looking at the offer you can see the destination is 192.168.20.254 and the DHCP offer is correct IP leased, correct MAC address etc

Why are you setting up a DHCP relay? It is solely for remote networks that the DHCP server cannot listen to via broadcast. I think you would have problems if your OpnSense can both listen to the boardcasts and still gets a routed DHCP request.

With a "usual" setup, all you need is to enable ISC DHCP on every VLAN interface.

I have a specific need to have a Windows DHCP server and you can't broadcast over different VLANS. This has to be manged by the Relay\IP helper. The IP helper forwards the request to the DHCP server, the client doesn't yet have an IP so the DHCP server sends the response to the switch and the switch forwards to the requesting client - at least that's what should be happening.

Hi,
Need some help please with a VLAN config.

I have one physical nic that I have created VLANS:

VLAN_10 - 192.168.10.254
VLAN_20 - 192.168.20.254

I have enabled DHCP Relay on all DHCP Server 192.168.10.1

When a device boots in VLAN_20 the DHCP server in VLAN_10 gets the request and sends the offer correctly to 192.168.20.254 but it's not received by the device.

Networks are not my thing but I'm guessing there is an issue with the route back to 192.168.20.254. Can't see anything being blocked on the firewall.

All inter vlan comms work if I assign static IPs; I can ping both ways.

What config am I missing?

Appreciate any advice.

Thanks