DHCP Relay sending duplicate requests

Started by gege29, July 29, 2022, 02:42:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 29, 2022, 02:42:03 PM
Hello,

I'm having an issue where my DHCPv4 Relay is sending duplicate requests to my neighbour DHCP server.

The setup looks the following:

- I have multiple VLAN interfaces for my own network (acting as GW for each vlan).
- DHCP server is located in another network.
- In order to establish communication between OPNSense DHCP Relay and neighbour DHCP Server a point-to-point vlan between networks has been created, these 2 networks are going through same network topology (same hardware and cabling).
- A static route has been applied to reach the DHCP server via the point-to-point VLAN.

Some info regarding the setup:

- Point-to-point VLAN = VLAN1100 10.10.10.10 (subnet 10.10.10.8/30)
- DHCP Server = VLAN2200 10.21.0.100 (subnet 10.21.0.0/22)
- Static route to 10.21.0.100 via 10.10.10.10

Now up to the issue. Well, under this setup, the DHCP Relay seems to be sending duplicate DHCP requests to the server. See below output from the server dhcpd logs.

Code Select
Jul 27 13:49:14 cp0385 dhcpd: DHCPREQUEST for 10.33.0.11 from ####### via 10.33.0.1
Jul 27 13:49:14 cp0385 dhcpd: DHCPACK on 10.33.0.11 to ####### via 10.33.0.1
Jul 27 13:54:14 cp0385 dhcpd: DHCPREQUEST for 10.33.0.11 from ####### via 10.10.10.10: wrong network.
Jul 27 13:54:14 cp0385 dhcpd: DHCPNAK on 10.33.0.11 to ####### via 10.10.10.10
Jul 27 13:54:14 cp0385 dhcpd: DHCPNAK from ####### via 10.10.10.10: unknown network segment

Network 10.10.10.8/30 is not configured on DHCP server, this is intended.

As you can see, every five minutes a duplicate request is sent via the wrong GW. I have checked my configuration on GUI level for the DHCP Relay, VLAN1100 interface is not selected to relay requests.

Is there anything I can check or change on my end to make this setup work without duplicate requests? I haven't been able to see antyhing relevant on the logs both GUI or /var/log/dhcpd/latest.log (which look the same to me) and I can't seem to be able to find any cfg file for the DHCP Relay where I could see more options than the ones given in the GUI.

Thanks in advance!

August 08, 2022, 03:15:04 PM #1
I want to report that I've found a workaround for this issue.

After testing different workarounds I've come to fix it blocking traffic for port 67-68 from all my vlan interfaces but the point-to-point one, so eventually I just created a floating rule for that instead of creating single rules on each interface.

Now, this fix puzzles me, because if you check the output from my neighbour DHCP server, the duplicate request comes from the Point-to-Point vlan iface, one would expect that I should block the DHCP traffic from that iface (which is a no-go).

Anyway, I don't know if this is because the nature of my setup or if it's some weird interaction from the DHCP Relay service @ OPNSense, I thought on sharing this knowledge and maybe devs or other users can make any use of this.

Cheers.
August 08, 2022, 06:09:30 PM #2
Are you on any port using tagged and untagged frames at the same time?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 09, 2022, 10:31:37 AM #3
I'm running a LAGG on trunk, so all tagged. My clients are on access mode, tho.
Print
Go Up Pages1
User actions