DHCP send option not sent

[nemric]

nemric: in your case the discover is never answered. have you had your VLAN parent assigned and enabled? it looks like the outgoing package is never received by the other end.

  vlan is assigned to a parent but as I don't need it the parent is disabled, that's my 21.7 config

[franco]

Sure, now enable it. It will properly enforce hardware checksum settings (defaulting to off).


Cheers,
Franco

[nemric]

Hi,
So, I did it, and that didn't work but I have a clue !

you won't believe this. turned on capture. re saved WAN. now its shows an IP

Like Nivek, I turned on capture in promiscuous mode and I get an IP !

I was working with the live OS and the new dhclient from 22.1 (not the one you ask me to download)

[franco]

The plot thickens... there is also a promisc option in WAN parent setting... Did you previously spoof the MAC on the VLAN?


Cheers,
Franco

[franco]

https://github.com/opnsense/changelog/blob/8e903676527cc2f0eb6caa1695fe50ef885d1612/community/22.1/22.1#L193

[nemric]

English is not my native language so I'm not sure about this point.

The wan (em1) interface is disabled on 21.7 and have no mac spoofing in its conf
The vlan100 which parent is em1/wan (em1_vlan100) use the spoofed mac address in its config (Mac adress : This field can be used to spoof the MAC address of the interface. Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank if unsure. This may only be required e.g. with certain cable connections on a WAN interface.)

[edit] The mac address sent by dhclient is the good one, see it in the .cap file

[nivek1612]

Ok so I had a spoofed mac address on my VLAN interface.

If I add this mac address to the VLAN parent interface as well I get an IP address and all is working well.

Now to find out why ipv6 is broken Franco :-)

[nemric]

If I add this mac address to the VLAN parent interface as well I get an IP address and all is working well.

Is that how it should work ? What if you have another vlan with spoofed mac with the same parent ?

[franco]

Is that how it should work ? What if you have another vlan with spoofed mac with the same parent ?

Yes, because previously the MAC was flushed from the VLAN to all siblings and parent which prevented the use of multiple MAC addresses across VLANs of the same parent.

https://github.com/opnsense/core/issues/5297

Similar things happened to media settings and hardware offloading features as they would overlap per sibling but only one could win in the system configuration.

That being said if you want to change the MAC of a VLAN you can do that but the parent will still see the traffic first and discard a wrong MAC so it either needs that same MAC address (automatic prior to 22.1 but clobbering all siblings as well as parent) or the promiscuous mode flag (new in 22.1)


Cheers,
Franco

[nemric]

Well, I don't understand everything as it become a bit technical...

The option I've choosen, as I'm writing through a 22.1 live os :

• enable wan interface, without any "IPv4-6 Configuration Type" (set to "none")
• enable Promiscuous mode on wan interface
• leave vlan interface with spoofed mac as is

let me know if you find my choice is fine or if you think I should have set the same mac on wan and vlan

[franco]

Correct, although the promiscuous mode is for grabbing all traffic potentially slowing the NIC down. You only need this when you try to emulate multiple MAC addresses across VLANs over the parent.

I just tried in a fresh VM moving the spoofed MAC from the VLAN to the parent (deleting it from the VLAN) and the system automatically assigns the spoofed MAC to the VLANs. That would likely be the most common way to configure it on 22.1 and forward.


Cheers,
Franco

[nemric]

Thanks a lot @Franco for the time you spent for us 

[franco]

No problem. Next up tomorrow is the other issue that Kev was seeing with the firewall not setting the VLAN priority from the firewall for DHCPv6...


Cheers,
Franco

[s4rs]

Thanks a lot @Franco for the time you spent for us 

what are the proper steps in setting the spoof mac address on the parent? I don't see how to do it in the GUI.

[franco]

Go to Interfaces: Assignments and select the VLAN parent and create a new interface with it. Go to the interface configuration and enable it. After that you can set media settings there and MAC address to spoof. Save. Last remove MAC from VLAN(s) and save + apply. It might need a reboot to reorder the MAC addresses when they were set upside down previously.


Cheers,
Franco