Page MenuHomeVyOS Platform

DHCP-relay agent package replacement
Open, LowPublicFEATURE REQUEST

Description

It's not possible to use DHCP-relay agent over OpenVPN(L3/vtun) uplink beause of ISC DHCP-relay agent limitations/bug.
If I use the vyos DHCP-relay it's necessary to configure the LAN and the uplink interface to DHCP server in dhcp-relay config section. But OpenVPN TUN interfaces can't be used as dhcp-relay interfaces because they has no MAC addresses.

Tools like dnsmasq(>=version 2.67) and dhcp-helper from Simon Kelley use only one interface for dhcp-relay function.

In my lab configuration I use a central VyOS router(r1-core) and 3 site VyOS routers(r1-site1,r1-site2,r1-site3) with OpenVPN uplink connections to central r1-core.
There is is a central DHCP server on r1-core that is reachable from all site over OpenVPN(over L3) and has scopes for the site LANs.
All is working with the included ISC dhcp-relay expect the answer from the DHCP server(DHCP offer packets) dosn't reach the dhcp client.
I have monitored the traffic on the OpenVPN TUN(vtun1) interface and the LAN ethernet interface on the sites for debugging with tshark.
The result was there are the right DHCP offers packets on the TUN interface but nothing expect the DHCP discover packets on the LAN interface.
So at the moment there is no solution to get this configuration to work.

Details

Difficulty level
Hard (possibly days)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

As workaround I used Beta/development build and get it working in my lab with dnsmasq(2.72) from

Version: VyOS 999.201708312137
Built by: [email protected]
Built on: Thu 31 Aug 2017 21:37 UTC
Build ID: 4126462b-bb91-4151-9f19-1e1229de2fdc

I deleted the dhcp-relay section from config and add the following line to /config/scripts/vyatta-postconfig-bootup.script for automatic start after boot

dnsmasq --dhcp-relay=<local interface address>,<dhcp-server address>

for two or more local interface I used

dnsmasq --dhcp-relay=<local interface1 address>,<dhcp-server address> --dhcp-relay=<local interface2 address>,<dhcp-server address>

A newer version of isc-dhcrelay is now available

-iu ifname Specifies an upstream network interface: an interface from which replies from servers and other relay agents will be accepted. Multiple interfaces may be specified by using more than one -iu option. This argument is intended to be used in conjunction with one or more -i or -id arguments.

-id Specifies a downstream network interface: an interface from which requests from clients and other relay agents will be accepted. Multiple interfaces may be specified by using more than one -id option. This argument is intended to be used in conjunction with one or more -i or -iu arguments.

Unknown Object (User) claimed this task.May 9 2020, 10:21 AM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
dmbaturin changed Difficulty level from Unknown (require assessment) to Hard (possibly days).

dhcp-helper is working perfectly fine with GRE tunnels, see my feature request https://phabricator.vyos.net/T3340