DHCP relay stops working in 24.1.6

Started by WM54, May 01, 2024, 07:54:15 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
May 29, 2024, 08:34:04 AM #15
Thank for the patch. Unfortunately, DHCP relay is still not working for me.
I can see the DHCP responses from the server but these are not appearing on the correct interfaces.

root@OPNsense:/var/log/system # tcpdump -i igc1_vlan20 udp port 67 or port 68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igc1_vlan20, link-type EN10MB (Ethernet), capture size 262144 bytes
16:23:01.335025 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:09.951942 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:18.588958 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:26.376540 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:34.825601 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:44.910245 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300




Quote from: franco on May 27, 2024, 01:16:37 PM
https://github.com/opnsense/core/issues/7471#issuecomment-2133085251

feedback on the latest binary is welcome...
May 29, 2024, 08:42:27 AM #16
The patch fixes an endless loop in the packet capture. It's not a "functional" fix or it could also mean your setup is incorrect.


Cheers,
Franco
May 29, 2024, 10:42:15 AM #17
Thanks. I have put a SNAT workaround on my DHCP servers so DHCPOFFER messages appear to come from the DHCPrelay address. DHCPOFFER messages were being dropped because the source didn't match the DHCPrelay address config.

Quote from: franco on May 29, 2024, 08:42:27 AM
The patch fixes an endless loop in the packet capture. It's not a "functional" fix or it could also mean your setup is incorrect.
May 29, 2024, 10:45:12 AM #18
You were the one on GitHub with the iptables workaround?

In any case I'm not sure the older client handled this differently and or which behaviour is the correct one.

We will probably chase down one or two more problems in the mid-term so any data point is appreciated.


Cheers,
Franco
Print
Go Up Pages 1 2
User actions