DHCP send option not sent

Started by nemric, January 27, 2022, 09:22:44 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 6
User actions
January 31, 2022, 02:38:22 PM #45
Quote from: franco on January 31, 2022, 01:08:42 PM
nemric: in your case the discover is never answered. have you had your VLAN parent assigned and enabled? it looks like the outgoing package is never received by the other end.

::) vlan is assigned to a parent but as I don't need it the parent is disabled, that's my 21.7 config
January 31, 2022, 02:48:13 PM #46
Sure, now enable it. It will properly enforce hardware checksum settings (defaulting to off).


Cheers,
Franco
January 31, 2022, 03:31:02 PM #47
Hi,
So, I did it, and that didn't work but I have a clue !

Quote from: nivek1612you won't believe this. turned on capture. re saved WAN. now its shows an IP

Like Nivek, I turned on capture in promiscuous mode and I get an IP !

I was working with the live OS and the new dhclient from 22.1 (not the one you ask me to download)
January 31, 2022, 03:42:57 PM #48
The plot thickens... there is also a promisc option in WAN parent setting... Did you previously spoof the MAC on the VLAN?


Cheers,
Franco
January 31, 2022, 03:47:43 PM #49
January 31, 2022, 04:44:25 PM #50 Last Edit: January 31, 2022, 04:46:41 PM by nemric
English is not my native language so I'm not sure about this point.

The wan (em1) interface is disabled on 21.7 and have no mac spoofing in its conf
The vlan100 which parent is em1/wan (em1_vlan100) use the spoofed mac address in its config (Mac adress : This field can be used to spoof the MAC address of the interface. Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank if unsure. This may only be required e.g. with certain cable connections on a WAN interface.)

[edit] The mac address sent by dhclient is the good one, see it in the .cap file
January 31, 2022, 04:48:37 PM #51
Ok so I had a spoofed mac address on my VLAN interface.

If I add this mac address to the VLAN parent interface as well I get an IP address and all is working well.

Now to find out why ipv6 is broken Franco :-)
OPNsense 24.7.* on Qotom i5-5250U with AAISP FTTP 900/120
OPNsense 24.7.* on Qotom i7-4500U with Orange FR FTTP 1000/400

Team Rebellion Member
One of Marjohns TESTERS :-)
January 31, 2022, 04:54:06 PM #52
Quote from: nivek1612 on January 31, 2022, 04:48:37 PM
If I add this mac address to the VLAN parent interface as well I get an IP address and all is working well.

Is that how it should work ? What if you have another vlan with spoofed mac with the same parent ?
January 31, 2022, 05:45:56 PM #53
Quote from: nemric on January 31, 2022, 04:54:06 PM
Is that how it should work ? What if you have another vlan with spoofed mac with the same parent ?

Yes, because previously the MAC was flushed from the VLAN to all siblings and parent which prevented the use of multiple MAC addresses across VLANs of the same parent.

https://github.com/opnsense/core/issues/5297

Similar things happened to media settings and hardware offloading features as they would overlap per sibling but only one could win in the system configuration.

That being said if you want to change the MAC of a VLAN you can do that but the parent will still see the traffic first and discard a wrong MAC so it either needs that same MAC address (automatic prior to 22.1 but clobbering all siblings as well as parent) or the promiscuous mode flag (new in 22.1)


Cheers,
Franco
January 31, 2022, 07:21:01 PM #54
Well, I don't understand everything as it become a bit technical...

The option I've choosen, as I'm writing through a 22.1 live os :

  • enable wan interface, without any "IPv4-6 Configuration Type" (set to "none")
  • enable Promiscuous mode on wan interface
  • leave vlan interface with spoofed mac as is

let me know if you find my choice is fine or if you think I should have set the same mac on wan and vlan
January 31, 2022, 07:43:04 PM #55
Correct, although the promiscuous mode is for grabbing all traffic potentially slowing the NIC down. You only need this when you try to emulate multiple MAC addresses across VLANs over the parent.

I just tried in a fresh VM moving the spoofed MAC from the VLAN to the parent (deleting it from the VLAN) and the system automatically assigns the spoofed MAC to the VLANs. That would likely be the most common way to configure it on 22.1 and forward.


Cheers,
Franco
January 31, 2022, 07:50:19 PM #56
Thanks a lot @Franco for the time you spent for us  ;)
January 31, 2022, 07:54:43 PM #57
No problem. Next up tomorrow is the other issue that Kev was seeing with the firewall not setting the VLAN priority from the firewall for DHCPv6...


Cheers,
Franco
January 31, 2022, 08:00:32 PM #58
Quote from: nemric on January 31, 2022, 07:50:19 PM
Thanks a lot @Franco for the time you spent for us  ;)

what are the proper steps in setting the spoof mac address on the parent? I don't see how to do it in the GUI.
January 31, 2022, 08:06:14 PM #59
Go to Interfaces: Assignments and select the VLAN parent and create a new interface with it. Go to the interface configuration and enable it. After that you can set media settings there and MAC address to spoof. Save. Last remove MAC from VLAN(s) and save + apply. It might need a reboot to reorder the MAC addresses when they were set upside down previously.


Cheers,
Franco
Print
Go Up Pages 1 2 3 4 5 6
User actions