Feature: DHCP server able to handle non-interface configured subnets #1105
Comments
|
👍 |
|
The "problem" with this feature: it requires to mock a subnet block before adding a range. |
Historians at work"but obviously having to have the DHCP server with a presence in every subnet is not ideal, nor often desirable for large networks." Is the understatement of the week. It's an architectural sadness to have to do this! a stuck featureI've been looking into this (or #2238) today, since it also blocks the firewall to serve as a dhcp server in a vlan setup with L3 core switches doing DHCP relay (since you just can't enter or generate the no-brainer lines for the subnet definitions) For what it's worth, the story goes back to at least the year 2006, when the first patches for pfSense had been submitted to support working behind dhcp relay agents. (and they got mostly ignored. They were followed by more patches, that of course met a similar fate) which is a pre-historic featureThis is RFCed functionality available in probably every enterprise switch on the planet... and in dhcpd, of course. Even W2K had it. And whatever it was that made the pfSense guys block this for over a decade, please, please there needs to be a way out of this... It's not super common to be used in a setup where the firewall is also doing DHCP, but there are NOT only windows shops, and most of the threads that have been linked above mention those people switched to a normal linux/unix based dhcp server BECAUSE THEY HAD TO because the feature was missing. Possible ways outUntil then, tbh it would probably be enough to be allow to include a block in the config??? IMO there's two parts of the "problem":
Solving 2. seems a lot more important than finding a nice way to do 1. |
|
I think a simple approach could be to: The logic should write a subnet declaration at least for every subnet on the interfaces it listens on, and only when DHCP server is enabled in the GUI for such subnets and a range is specified should this configuration then be written to the config file. |
|
Fair points, but I would ask anyone with the vision to do this to submit at least a POC as a base for discussion. Some topics drag on forever, mainly because people think they are easily solved while it actually takes considerable work and time active contributors do not have to fix use cases that are not in their immediate work scope. |
|
TBH: This has already cost me all the time I could have spent this year to work on OPNsense (i.e. making a check_mk package. And it was for nothing. |
|
Sure, I can relate. |
|
How much money do I have to throw at this to make it happen? I do not understand why in 2018 such an ancient RFC'd function of DHCP is totally missing from all the *sense projects. I'm serious, give me a $ ballpark so we can get this over with. It's gotten to the point where people are resorting to killing the dhcp daemon on boot just so they can load in a config that does this |
|
Here's what I did:
Ideal solution would be: The important part is the one with first "interface" subnet defined, even though not used. I am not a developer, but this solution was done by guys for pfsense and should be able to be done here as well for workaround. But, best is that Developer of *sense can make it happen within box so that we don't have to do these workaround. root@dhcp2:~# cat /etc/dhcp/dhcpd.conf option definitions common to all supported networks...option domain-name "abc.com"; default-lease-time 3600; log-facility local7; ####Secondary DHCP server###### ################################################################################ This subnet is the one that the DHCP server is in, has to be here in orderthe server to hand out addresses. It won't hand out IPs on that subnet sincethere is nothing between the curly brackets.subnet 10.16.161.0 netmask 255.255.255.240 { } #VLAN - 501 #VLAN - 502 #VLAN - 503 |
|
On bottom of this post, This is the person who posed the solution for linux JRC Dec 20, 2017 at 5:47 PM |
|
Is this still not implemented? |
|
No, do you want to help implement?
… On 5. Oct 2018, at 20:57, N3m3515 ***@***.***> wrote:
Is this still not implemented?
I can`t believe that windows is doing something better than a purposely build networking device.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Since i can`t code very well i don't know how i could help. |
|
I left pfSense hoping that OPNSense had it figured out. I didn't know that it was that difficult to implement this. I guess I will have to stick with my Edgerouter then. |
|
@N3m3515 you can start with the guide by @mimugmail: |
|
I could offer my time, building a new dhcp service as plugin, lets call dhcp-relay with basic stuff borrowed from original one. But for this we would need a different implementation than isc-dhcp AND an working conf example. Then I'll build you one in two weeks for 0 $ :) |
|
Here are just two (I have not used any of them but maybe this list helps you):
|
|
Dnsmasq could do it too. But Michael proposed a nice plan: add a new DHCP plugin for this specific use case. No need to deal with the current complexity of core DHCP IPv4 and IPv6 implementations....
… On 23. Nov 2018, at 17:51, Fabian Franz BSc ***@***.***> wrote:
Here are just two (I have not used any of them but maybe this list helps you):
https://wiki.freeradius.org/features/DHCP (you do already maintain that plugin )
https://kea.isc.org/
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
FreeRadius .. nice! I'll have look :) |
|
I'll start with a PoC tomorrow .. at first only one pool available just to check if and how it works in general: If someone wants to join testing, everyone is very welcome. :) |
|
Here's an idea about what we were talking about earlier.... since isc-dhcp is used in the static code we could add an MVC equivalent and use the rc system for the external network tasks... only thing that may be required is moving the old DHCPv4 / v6 out of the way for rc to not confuse them (e.g. PID). |
|
ATM I'm testing FreeRADIUS .. I already sending replies but the notebook doesn't receive an IP. Sadly I'm not in the office and co-worker is gone to read the logs at the client :) |
|
Ok, it seems to work now with one network. I'll try to add some functionality to allow multiple networks. Hope this is ok for you ... |
|
3 limitations:
|
It would be very nice to be able to use a pair of OPNsense boxes for HA DHCP for setups where DHCP relay is being used and the OPNsense setup is functioning more like a DHCP server appliance than a full firewall, i.e. there is only one configured interface on the OPN side but we would require multiple networks served via the DHCP server.
I am not awaare of any open source or indeed low cost commercial products that provides a nice, simple GUI for DHCPD and HA configuration like we have in OPNsense, but obviously having to have the DHCP server with a presence in every subnet is not idea, nor often desirable for large networks.
The text was updated successfully, but these errors were encountered: