Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
DHCPv4 and multiple subnets
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: DHCPv4 and multiple subnets (Read 18571 times)
tofaz
Jr. Member
Posts: 58
Karma: 4
Re: DHCPv4 and multiple subnets
«
Reply #15 on:
November 07, 2020, 08:03:47 pm »
I don't understand, where is the legacy code, in isc-dhcpd or gui?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DHCPv4 and multiple subnets
«
Reply #16 on:
November 07, 2020, 08:43:25 pm »
Gui
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
tofaz
Jr. Member
Posts: 58
Karma: 4
Re: DHCPv4 and multiple subnets
«
Reply #17 on:
November 08, 2020, 04:47:46 pm »
Uhm, since the feature is already present in isc-dhcpd I think we just need to rewrite the GUI to allow to enable an empty subnet (the one for your attached NIC) and then create pools as usual. In the lease page, leases can be grouped by subnet (in my case I'm just doing a grep "subnet") to determine the quantity.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DHCPv4 and multiple subnets
«
Reply #18 on:
November 08, 2020, 05:11:35 pm »
If you have the time I think core team is happy to review
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
tofaz
Jr. Member
Posts: 58
Karma: 4
Re: DHCPv4 and multiple subnets
«
Reply #19 on:
November 08, 2020, 06:15:01 pm »
Unfortunately I'm not a developer and I just have average skills with bash scripting and trying to learn Python. I would really love to be directly involved with the project but I guess the gap is big.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DHCPv4 and multiple subnets
«
Reply #20 on:
November 08, 2020, 06:30:25 pm »
I also have no idea about legacy code base, sorry.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: DHCPv4 and multiple subnets
«
Reply #21 on:
November 08, 2020, 09:08:18 pm »
Just had a look into the code. Yesterday I made a PR for DHCPv4, where the limitation of not being able to reserve static leases could be removed.
Looks like the smallest effort to realize this feature would be to have a dummy interface in DHCPv4 menu-list. On this interface (i.e. "Generic") you could create subnets and pools as you wish. From a first short review it looks like the config-writer who is creating the dhcpd.conf should not need any changes.
Logged
„The S in IoT stands for Security!“
tofaz
Jr. Member
Posts: 58
Karma: 4
Re: DHCPv4 and multiple subnets
«
Reply #22 on:
November 09, 2020, 02:32:55 am »
That' a great news! How about the leases page? Do you think it is convenient to keep it as is with all different subnets listed under one single table or divide the page basing on the subnets found in the config file?
Logged
tofaz
Jr. Member
Posts: 58
Karma: 4
Re: DHCPv4 and multiple subnets
«
Reply #23 on:
November 24, 2020, 08:43:40 pm »
I have opened an issue on Github but I'm not sure why it has been marked as incomplete without any reason/explanation:
https://github.com/opnsense/core/issues/4450
Any idea why?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DHCPv4 and multiple subnets
«
Reply #24 on:
November 24, 2020, 10:00:29 pm »
Because you didnt use the template
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
mic
Newbie
Posts: 24
Karma: 1
Re: DHCPv4 and multiple subnets
«
Reply #25 on:
October 21, 2021, 05:15:52 pm »
Hi,
I am writing here to pull the following request about DHCPv4 Server.
We have many instance of virtualized OPNsense in our Datacenter and the most important feature that this wonderful Firewall miss is the ability to release, via its DHCPv4 Server, IPs addresses that are not in the subnet of the interface where OPNsense receives the DHCPv4 requests. For instance if we have 2 or more branch offices in which are present only cisco routers (one per office) and one of the host in that office make a DHCPv4 request, the cisco router forwards this request via dhcp relay to our OPNsense. The problem is that OPNsense is not able to process this request because it receives this request on an interface that is not directly connected (layer 2) to the host that needs to receive a specific ip address.
Thank you
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DHCPv4 and multiple subnets
«
Reply #26 on:
October 21, 2021, 07:46:21 pm »
Freeradius Plugin offer this feature
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
spyderdyne
Newbie
Posts: 1
Karma: 0
Re: DHCPv4 and multiple subnets
«
Reply #27 on:
October 23, 2021, 03:00:50 pm »
Quote from: mimugmail on November 06, 2020, 05:47:20 am
You have to Install Freeradius Plugin an use the DHCP service there (prior disable the other one)
<pre> Boo... Hiss...</pre>
Been installing an Ubuntu MaaS Region controller and a pair MaaS Rack Controllers for this instead. You can just run the Rack nodes as LXC container hypervisor VMs. Make sure to set up a Bridge interface first and resume it in <pre>lxd init</pre> and you should be able to keep your lonely little physical interface DHCP4 server for untagged stuff. MaaS will see it, and you will have to decide which rack controller you want to use to manage that "fabric", or you can also dump the basic interface-locked DHCP server as well. I used an older Intel NUC i5 w/16GB RAM for rack + region and then added a LXD container rack controller container inside until I am ready to add the other NUCs to the cluster. R-Pi 4B will also work fine for Maas-Rack, is passable for Rack+Region, and a Model 3B isnt going to blow you away performance-wise, but can run a single rack controller w/o too much trouble.
You don't need to import Images to the region controller(s), but I have some Dell R720s with NVidia Grid (16GB NVRAM EACH!!!) cards that I have been dying to rack and automate PXE on so I can do a Prometheus > Rundeck > Chef > MaaS > LXD > Rancher K3S > Docker thing that I made to fire up crypto-toys whenever resource utilization drops below 45%
It's pretty idiotic, but maybe free money. Who knows.
Since the PF network stack is so jacked, how do you feel about another crappy Ubuntu distro named something cool like "Open-Scarecrow" or something? It would just add NGINX and a CGI like PHP/Node/Grails, a little PostGREs DB for persistence, all the RRDTool stuff, port a few BSD IDS/IPS/Firewall toys over, and drops in an automated rules builder that drops in the faves, and actually attempts to configure your firewall rules across logical boundaries between hops instead of physical hardware?
InterfaceName = Wireless
Is the network ZoneType = Private/Public/Shared
Are devices on this network able to see sensitive data or machines with sensitive data without requiring a login? IF yes GOTO Would you like to require password protection for users attempting to access these devices? IF YES GOTO Captive Portal config...
Do you use this network for secure traffic? (banking/shopping/protected work content or networks/etc.)
Does this network attach to unsecured devices? (firestick/smart tv/voice assistant)
RAISE WARNING => be sure to always use encrypted connections when conducting business over shared-use network zones! <link to docs>
As I continue to catch firewall blocks and passes in the live log, it occurs to me that I shouldn't have to create rule after rule to chase down an automagically generated block rule that I'm not allowed to turn off, because I have a WLAN VLAN subnet and its not technically a LAN, or an unsecured post-apocalyptic hellscape of evil hacker gangs but I would still like to have IP addresses or be able to cast a video to another device sometimes...
Over the past few years I got to see whats hiding behind the curtain at these massive household institutions that hold all our money and identities and proof of who we are, what we have done, and whether we own something or not. It wasn't reassuring at all, and my suspicions that the 20 year veteran in cyber-security is even more clueless (didn't think it possible) than the 20 year veteran in enterprise infrastructure when it comes to staying up to date on current (even the past 5 years...) technology, how threat vectors actually work and how to effectively mitigate them (homeland security successfully gets dummy bombs onto airplanes at an 85% rate still, so why did you have to remove your shoes?) leadership is just playing the numbers game, most of the money we spend is just wasted on things that are no more effective than printing the word security and hanging it on the wall...
I digress. Looking like an epic derailing actually. LOL
Im just very disappointed in the immature state of Open Source security tooling maybe, but vendors with funding are really blatant about bending us over and ramming it in for an annual license on a mid-range firewall to activate the firewall portion, or paying 12 cents more for a network ASIC and charging 3X to 5X more than the adjacent model for it because current "wirespeed technology" is 10Gbps now. Even crippling devices so I have to pay $700 for 2GB of RAM thats slower than what came in the cell phone I just replaced...
Feel free to bump. Not what I intended to post initially, but I don't have to lie down and take it. Neither should you...
I won't accuse anybody of sucking. Just expressing a motive to challenge others to do better?
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
DHCPv4 and multiple subnets