Wireguard S2S DHCP Relay Issue

[b1nb4sh]

Hello,

Currently I have three sites and I want to distribute my systems between SiteA and SiteB. So I began to migrate my DCs and DHCP-Servers, but I face a strange problem. Here is the configuration:

Every FW is on OPNsense 22.1.8_1-amd64


SiteA
HA-CARP
10.0.5.1 (VIP)
10.0.5.2 FW1
10.0.5.3 FW2
10.0.9.1 (VIP)
10.0.9.2 FW1
10.0.9.3 FW2

VPN (WG0)
172.31.254.1 (VIP) --> Wireguard-kmod
172.31.254.2 FW1
172.31.254.3 FW2

DHCP-Server
10.0.5.6 (ISC-DHCP) GW:5.1

Clients (relayed) --> 10.0.5.6 & 10.0.18.2
10.0.9.0/24

---------------------------------------------------------

SiteB
172.31.254.4 FW1 --> Wireguard-kmod
10.0.18.1 FW1
10.0.22.1 FW1

DHCP-Server
10.0.18.2 (ISC-DHCP) GW:18.1

Clients (relayed) --> 10.0.5.6 & 10.0.18.2
10.0.22.0/24

I only get leases from 10.0.18.2 on SiteB, until I disable DHCP 10.0.18.2 and the clients are stuck on trying to fetch an ip and on siteA I found the following dhcrelay error:
Error   dhcrelay   Packet to bogus giaddr 10.0.22.1.
I also tried to disable the dhcrelay on SiteAFW but it still doesn't work.
When I setup an isc-dhcp-relay agent in the clients network (10.0.9.0 & 10.0.22.0) the request are forwarded to the dhcp servers without any issues.


                                                                 

[b1nb4sh]

Nevermind I found a working solution.

Disabled the dhcp relay on opnsense and configured it on the core switches and now everything is working as expected.

Funny fact: on side C is only an openwrt router with wireguard. Connected to both Sides A & B and the dhcp relay is working without any problems.