DHCP - Allow multiple MAC addresses to be assigned the same IP address #6252
Comments
|
This would be a welcome addition. I often have lamented the lack of this functionality in OPNsense! |
|
I'd love this feature, I have several devices with wifi+eth interfaces (only 1 active at the same time) and would love to be able to configure OPNsense DHCP server to assign the same IP to multiple MACs. It's something I used for years with dnsmasq, and it would be good to replicate that config via OPNsense UI. |
|
Removing the unique constraint on IP address shouldn't be very difficult, I expect you only need to remove this line core/src/www/services_dhcp_edit.php Line 151 in 1ca149f The question is what the side affects are, it helps if more people test. Often these simple changes cause a lot of noise for others later one, which is why we should be careful and try to exclude unwanted behavior. |
|
Thank you, @AdSchellevis! I actually commented out the whole if statement because I want/need the whole entry duplicated but, so far, it's working as desired. Your caution is well taken and I'll post back here if I run into any problems. |
I don't know if that's the correct approach: we want to add additional MACs to the same IP, but we don't want same MACs/CIDs to different IPs. What happens when you comment out only the IP check? Doesn't it allow you to add another MAC bind to the same IP? That is what we're looking for, right? |
I'm pretty sure it isn't but it got me where I want to go and it's only in my local installation so I see no harm.
I get the error message from that if statement and I can't save the new entry. An even better outcome, IMO, would be if I could add a 2nd MAC to the SAME entry thus creating a list of MACs. I just tried changing the original entry to 54:13:79:b6:e9:7a,9c:ef:d5:fb:be:7d as this is how it's done in dnsmasq.conf on my old (and decommissioned) Linux firewall box but the page won't accept it and I get the error "A valid MAC address must be specified." This is what I currently have:
|
|
Yes, I agree, the mac input field should allow adding more MACs, comma separated...that would be the ideal solution. Problem seems to be that ISC DHCP wants two separate records, instead of one with multiple MACs. I'll wait for a proper solution... |
|
It wouldn’t be too hard to implement this, but having isc-dhcp EoL’ed with no real replacement option (only full rewrites so far) I’m questioning adding complexity here. E.g. a DHCP section for Dnsmasq was being discussed before. But still in early research phase. |
|
Dnsmasq replacing ISC DHCP would be awesome: it's very reliable, lightweight and widely used piece of software. And it's also an excellent DNS proxy. Hope it will become the default DHCP+DNS service for OPNsense. :) |
|
It used to be main DNS, but full resolver makes more sense as a default so that will remain Unbound territory. |
|
Didn't know it was the default. Well, for DNS at least we have a choice... |
I'd like this too. At one point I tried using the built-in dnsmasq service in place of isc-dhcp precisely because of the multiple MAC issue but I couldn't get it to accept the lines with multiple MACs that I had in my Linux dnsmasq.conf, for some reason that I can't recall now, so I went back to isc-dhcp. I can certainly try this again but now that the loooong winter is finally losing it's grip I'm preferring to be away from keyboards.
I agree with this too. I'd not used Unbound before migrating to OPNsense (used dnsmasq for DNS as well as DHCP on my Linux f/w) and now that I am I like it better this way, especially because I also have a pi-hole as my internal DNS server. |
|
This issue has been automatically timed-out (after 180 days of inactivity). For more information about the policies for this repository, If someone wants to step up and work on this issue, |
Franco, what was the outcome of the discussion? not planned? |
|
Hello I am not to be giving a tecnical statement but a "wish" statement: We are testing to migrate our Sophos UTM 9.7 configuration (due to problems with virtio NIC drivers and/or vmxnet3 NIC drivers of UTM 9.7 on PROXMOX) and the availability of WireGuard on OPNsense to an OPNSense installation 23.7. So far configuration on OPNSense was OK. Now we are "sticking" at this problem as in our Sophos UTM 9 configuration we have many static DHCP definitions, where we have used at least two MAC addresses to the same IP (mostly for Laptops). In Sophos UTM 9.7 WebGUI it is possible to assigne as many MAC addresses to the same IP as you want. As this is not possible in OPNsense, neither defining an additional record with the same IP but a different MAC-address (or having the possiblity to overwrite the warning in the WebGUI) seems that we have to stop at this point (temporarily) our aims to migrate to OPNsense. That "is to bad" because the starting testing on OPNsense where very encouraging. Many thanks and best regards, |
|
@relume just to be sure you are talking about this error? "This Hostname, IP, MAC address or Client identifier already exists." Cheers, |
|
Yes this is correct. If this error message ("This Hostname, IP, MAC address or Client identifier already exists.") could be changed to an (optional) warning message with the possibility to overwrite it by saving/applying a record entry with different MAC address but same IP address (ideally also with optional same Client identifier) would be a nice "workaround" in order the WebGUI can be used and "cli work" can be avoided to enter static mappings for same IPs. best regards, André |
|
To be honest it looks like this is a bug report... Code in question: core/src/www/services_dhcp_edit.php Lines 149 to 155 in ae2b9e3 pfSense ticket https://redmine.pfsense.org/issues/8220 quote:
I'll fix this now then :) |
fichtner
added
bug
|
@fichtner Many thanks for this fast fix! It works perfect. Have a nice day, André |
|
@relume splendid, thanks for testing! |
IPs and host names can be duplicated just fine. (cherry picked from commit 8a216d6)
|
Maybe update the tooltip text to indicate how to enter multiple MACs? I assume it's comma-separated as previously discussed.
|
|
It’s very simple: just add another static lease. Cheers, |
So instead of multiple macs for the same IP we can add multiple static leases with same IP but different macs, correct? Is this available in latest release? Thanks Franco. |
|
@alexdelprete yes. It's in both 23.7.1 and 23.4.2 (if someone is looking for this on the business edition) |
|
@fichtner thanks a lot. Are you still considering dnsmasq as a replacement to ISC DHCP? |
|
We will likely replace dhcrelay with maintained alternatives for 24.1. Replacing DHCP itself comes later. Still not entirely sure what to do. |
So you're not convinced about dnsmasq yet. What's not convincing, if I might ask? |
|
Lack of features already in production use, first and foremost HA. Also dhcrelay is a lot less code than dhcpd to handle. |
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
I have 2 use cases for a single IP address being reserved/assigned to 2 different MAC addresses, both "belonging" to the same host/device.
#1. I have a laptop with a crappy, but functioning, internal wireless interface. For better performance, I have added a USB wireless interface. The USB interface is preferred but may not always be inserted so the internal interface has to function in it's absence. I have a script that runs on the laptop every few minutes and shuts down the internal interface if the USB interface is present.
#2. A few of my home automation devices can connect to either an AP or an extender associated with it. The extender alters the device's MAC address by replacing the first 3 bytes, thus creating the need for 2 MAC addresses to be assigned the desired IP address.
Describe the solution you like
#1. I want both interfaces to have the same IP as only one of them will be up at a time and having 2 IP addresses unnecessarily complicates other parts of my network operations.
#2. I want the end device to have the same IP address whether it connects directly to the AP or to its associated extender.
Describe alternatives you considered
#1. For the time being, I have statically assigned the same IP to both interfaces but that negates a big advantage of using DHCP in the first place.
#2. I have no suitable alternative because some of the devices are very difficult to physically get to so static assignments are highly undesirable. The devices are now connecting to only the AP, possibly missing out on a better connection through the extender.
Additional context
I sought a solution via the forum, https://forum.opnsense.org/index.php?action=post;topic=31906.0;last_msg=154253
In that topic you'll see that I found that ISC DHCPD can be configured (https://serverfault.com/questions/578796/how-can-i-set-one-hostname-and-ip-for-multiple-macs-in-dhcpd-isc-dhcpd-4-1-1-p1) to behave as I desire but that the OPNsense GUI has no accommodation for it.
I did not try manually adding the entries cited in the above linked article because it seems very likely that it would have undesirable, potentially disastrous, effects.
Prior to switching to OPNsense a few months ago I was using iptables on a Linux box for my firewall and I also had dnsmasq on the same box for all of my DHCP needs. Assigning a single IP address to multiple MAC addresses worked flawlessly there. I briefly tried using the dnsmasq service in OPNsense but found that, for reasons I don't recall at the moment, I was unable to accomplish my goal so I went back to using ISC DHCP.
I have considered attempting a pull request to add the desired capability. I, for the near term anyway, have decided against the effort because a) my web programming skills are nearly non-existent, b) I'm quite new to both OPNsense and BSD, c) I'm struggling to get a simple app in C, a language I have a good deal of familiarity with, working with the sysctl API.
The text was updated successfully, but these errors were encountered: