<div dir="ltr">Dear All.<br><br>I Have 3 Virtualbox guest OS, arranged with internal-network as :<br><br>Freeradius <--X--> dhcprelay <--Y--> client<br><br><br><br>1. Internal networks:  <br>a. X is 'tftprelay'  <br>b. Y is 'tftpclient'<br><br>1. Freeradius act as DHCP server, with interface facing dhcprelay.<br>IP address : 10.10.254.1<br><br>2. Dhcprelay using dnsmasq 2.80.<br>also enabled for packet forwarding.<br><br>IP Address:  <br>a. Facing FreeRadius 10.10.254.2  <br>b. Facing client 10.10.253.1<br><br>3. Client is just plain debian server.  <br>enp0s8 is interface at network-Y where dnsmas is listening<br><br><br>4. ping test from freeradius to dhcprelay at network-Y<br><br>root@tftpserver:~# ping 10.10.253.1<br>PING 10.10.253.1 (10.10.253.1) 56(84) bytes of data.<br>64 bytes from <a href="http://10.10.253.1">10.10.253.1</a>: icmp_seq=1 ttl=64 time=1.08 ms<br>64 bytes from <a href="http://10.10.253.1">10.10.253.1</a>: icmp_seq=2 ttl=64 time=0.900 ms<br>64 bytes from <a href="http://10.10.253.1">10.10.253.1</a>: icmp_seq=3 ttl=64 time=1.07 ms<br>64 bytes from <a href="http://10.10.253.1">10.10.253.1</a>: icmp_seq=4 ttl=64 time=0.904 ms<br>64 bytes from <a href="http://10.10.253.1">10.10.253.1</a>: icmp_seq=5 ttl=64 time=1.15 ms<br><br>5. Test from client with : dhclient -d  enp0s8  <br>I got:<br><br><br>a. at dhcprelay (dnsmasq log)<br><br>Jun 25 06:23:47 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1<br>Jun 25 06:23:54 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1<br>Jun 25 06:24:08 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1<br>Jun 25 06:24:26 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1<br>Jun 25 06:24:41 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1<br><br>b. Freeradius. Looks like it can receive and response from/to dnsmasq:<br><br>...  <br>(14) Received code 1025 Id 24307805 from <a href="http://10.10.253.1:67">10.10.253.1:67</a> to <a href="http://10.10.254.1:67">10.10.254.1:67</a> length 300 <br>(14)   DHCP-Opcode = Client-Message<br>(14)   DHCP-Hardware-Type = Ethernet<br>(14)   DHCP-Hardware-Address-Length = 6<br>(14)   DHCP-Hop-Count = 1<br>(14)   DHCP-Transaction-Id = 24307805<br>(14)   DHCP-Number-of-Seconds = 58<br>(14)   DHCP-Flags = 0<br>(14)   DHCP-Client-IP-Address = 0.0.0.0<br>(14)   DHCP-Your-IP-Address = 0.0.0.0<br>(14)   DHCP-Server-IP-Address = 0.0.0.0<br>(14)   DHCP-Gateway-IP-Address = 10.10.253.1<br>(14)   DHCP-Client-Hardware-Address = 08:00:27:84:51:1b<br>(14)   DHCP-Message-Type = DHCP-Discover<br>(14)   DHCP-Hostname = "bakalandebian"<br>(14)   DHCP-Parameter-Request-List = DHCP-Subnet-Mask<br>(14)   DHCP-Parameter-Request-List = DHCP-Broadcast-Address<br>(14)   DHCP-Parameter-Request-List = DHCP-Time-Offset<br>(14)   DHCP-Parameter-Request-List = DHCP-Router-Address<br>(14)   DHCP-Parameter-Request-List = DHCP-Domain-Name<br>(14)   DHCP-Parameter-Request-List = DHCP-Domain-Name-Server<br>(14)   DHCP-Parameter-Request-List = DHCP-Domain-Search<br>(14)   DHCP-Parameter-Request-List = DHCP-Hostname<br>(14)   DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers<br>(14)   DHCP-Parameter-Request-List = DHCP-NETBIOS<br>(14)   DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size<br>(14)   DHCP-Parameter-Request-List = DHCP-Classless-Static-Route<br>(14)   DHCP-Parameter-Request-List = DHCP-NTP-Servers<br>(14)   DHCP-Client-Identifier = 0xff2784511b000100012867cc8108002784511b<br>(14)   DHCP-Network-Subnet = <a href="http://10.10.253.1/32">10.10.253.1/32</a><br>Trying sub-section dhcp DHCP-Discover {...}<br>(14)   dhcp DHCP-Discover {<br>rlm_rest (rest): 0 of 0 connections in use.  You  may need to increase "spare"<br>rlm_rest (rest): Opening additional connection (3), 1 of 5 pending slots used<br>rlm_rest (rest): Connecting to "<a href="http://127.0.0.1:8888/djenroll/freeradius/">http://127.0.0.1:8888/djenroll/freeradius/</a>"<br>rlm_rest (rest): Reserved connection (3)<br>(14) rest: Expanding URI components<br>(14) rest: EXPAND <a href="http://127.0.0.1:8888">http://127.0.0.1:8888</a><br>(14) rest:    --> <a href="http://127.0.0.1:8888">http://127.0.0.1:8888</a><br>(14) rest: EXPAND /djenroll/freeradius/<br>(14) rest:    --> /djenroll/freeradius/<br>(14) rest: Sending HTTP POST to "<a href="http://127.0.0.1:8888/djenroll/freeradius/">http://127.0.0.1:8888/djenroll/freeradius/</a>"<br>(14) rest: Encoding attribute "DHCP-Opcode"<br>(14) rest: Encoding attribute "DHCP-Hardware-Type"<br>(14) rest: Encoding attribute "DHCP-Hardware-Address-Length"<br>(14) rest: Encoding attribute "DHCP-Hop-Count"<br>(14) rest: Encoding attribute "DHCP-Transaction-Id"<br>(14) rest: Encoding attribute "DHCP-Number-of-Seconds"<br>(14) rest: Encoding attribute "DHCP-Flags"<br>(14) rest: Encoding attribute "DHCP-Client-IP-Address"<br>(14) rest: Encoding attribute "DHCP-Your-IP-Address"<br>(14) rest: Encoding attribute "DHCP-Server-IP-Address"<br>(14) rest: Encoding attribute "DHCP-Gateway-IP-Address"<br>(14) rest: Encoding attribute "DHCP-Client-Hardware-Address"<br>(14) rest: Encoding attribute "DHCP-Network-Subnet"<br>(14) rest: Encoding attribute "DHCP-Hostname"<br>(14) rest: Encoding attribute "DHCP-Message-Type"<br>(14) rest: Encoding attribute "DHCP-Parameter-Request-List"<br>(14) rest: Encoding attribute "DHCP-Client-Identifier"<br>(14) rest: Returning 1009 bytes of JSON data (buffer full or chunk exceeded)<br>(14) rest: Processing response header<br>(14) rest:   Status : 100 (Continue)<br>(14) rest: Continuing...<br>(14) rest: Processing response header<br>(14) rest:   Status : 200 (OK)<br>(14) rest:   Type   : json (application/json)<br>(14) rest: Adding reply:REST-HTTP-Status-Code += "200"<br>(14) rest: Parsing attribute "reply:DHCP-IP-Address-Lease-Time"<br>(14) rest: EXPAND 7200<br>(14) rest:    --> 7200<br>(14) rest: DHCP-IP-Address-Lease-Time := 7200<br>(14) rest: Parsing attribute "reply:DHCP-Client-IP-Address"<br>(14) rest: EXPAND 255.255.255.255<br>(14) rest:    --> 255.255.255.255<br>(14) rest: DHCP-Client-IP-Address := 255.255.255.255<br>(14) rest: Parsing attribute "reply:DHCP-Your-IP-Address"<br>(14) rest: EXPAND 10.10.253.3<br>(14) rest:    --> 10.10.253.3<br>(14) rest: DHCP-Your-IP-Address := 10.10.253.3<br>(14) rest: Parsing attribute "reply:DHCP-Subnet-Mask"<br>(14) rest: EXPAND 255.255.255.0<br>(14) rest:    --> 255.255.255.0<br>(14) rest: DHCP-Subnet-Mask := 255.255.255.0<br>(14) rest: Parsing attribute "reply:DHCP-Router-Address"<br>(14) rest: EXPAND 10.10.253.1<br>(14) rest:    --> 10.10.253.1<br>(14) rest: DHCP-Router-Address := 10.10.253.1<br>(14) rest: Parsing attribute "reply:DHCP-Domain-Name-Server"<br>(14) rest: EXPAND 8.8.8.8<br>(14) rest:    --> 8.8.8.8<br>(14) rest: DHCP-Domain-Name-Server := 8.8.8.8<br>(14) rest: Parsing attribute "reply:DHCP-Message-Type"<br>(14) rest: EXPAND DHCP-Offer<br>(14) rest:    --> DHCP-Offer<br>(14) rest: DHCP-Message-Type := DHCP-Offer<br>(14) rest: Parsing attribute "reply:DHCP-Gateway-IP-Address"<br>(14) rest: EXPAND 10.10.253.1<br>(14) rest:    --> 10.10.253.1<br>(14) rest: DHCP-Gateway-IP-Address := 10.10.253.1<br>(14) rest: Parsing attribute "reply:DHCP-DHCP-Server-Identifier"<br>(14) rest: EXPAND 255.255.255.255<br>(14) rest:    --> 255.255.255.255<br>(14) rest: DHCP-DHCP-Server-Identifier := 255.255.255.255<br>rlm_rest (rest): Released connection (3)<br>(14)     [rest.authorize] = updated<br>(14)   } # dhcp DHCP-Discover = updated<br>(14) DHCP: Reply will be unicast to giaddr from original packet<br>(14) Sent code 1026 Id 24307805 from <a href="http://10.10.254.1:67">10.10.254.1:67</a> to <a href="http://10.10.253.1:67">10.10.253.1:67</a> length 0 <br>(14)   DHCP-Relay-IP-Address = 10.10.253.1<br>(14)   DHCP-Client-Identifier = 0xff2784511b000100012867cc8108002784511b<br>(14)   DHCP-IP-Address-Lease-Time = 7200<br>(14)   DHCP-Client-IP-Address = 255.255.255.255<br>(14)   DHCP-Your-IP-Address = 10.10.253.3<br>(14)   DHCP-Subnet-Mask = 255.255.255.0<br>(14)   DHCP-Router-Address = 10.10.253.1<br>(14)   DHCP-Domain-Name-Server = 8.8.8.8<br>(14)   DHCP-Message-Type = DHCP-Offer<br>(14)   DHCP-Gateway-IP-Address = 10.10.253.1<br>(14)   DHCP-DHCP-Server-Identifier = 255.255.255.255<br>(14)   DHCP-Opcode = Server-Message<br>(14)   DHCP-Hardware-Type = Ethernet<br>(14)   DHCP-Hardware-Address-Length = 6<br>(14)   DHCP-Hop-Count = 1<br>(14)   DHCP-Transaction-Id = 24307805<br>(14)   DHCP-Flags = 0<br>(14)   DHCP-Client-Hardware-Address = 08:00:27:84:51:1b<br>     DHCP-Opcode = Server-Message<br>  DHCP-Hardware-Type = Ethernet<br> DHCP-Hardware-Address-Length = 6<br>      DHCP-Hop-Count = 1<br>    DHCP-Transaction-Id = 24307805<br>        DHCP-Number-of-Seconds = 0<br>    DHCP-Flags = 0<br>        DHCP-Client-IP-Address = 255.255.255.255<br>      DHCP-Your-IP-Address = 10.10.253.3<br>    DHCP-Server-IP-Address = 0.0.0.0<br>      DHCP-Gateway-IP-Address = 10.10.253.1<br> DHCP-Client-Hardware-Address = 08:00:27:84:51:1b<br>      DHCP-Server-Host-Name = ""<br>  DHCP-Boot-Filename = ""<br>     DHCP-Subnet-Mask = 255.255.255.0<br>      DHCP-Router-Address = 10.10.253.1<br>     DHCP-Domain-Name-Server = 8.8.8.8<br>     DHCP-IP-Address-Lease-Time = 7200<br>     DHCP-DHCP-Server-Identifier = 255.255.255.255<br> DHCP-Client-Identifier = 0xff2784511b000100012867cc8108002784511b<br>Sending DHCP-Offer Id 0172e85d from <a href="http://10.10.254.1:67">10.10.254.1:67</a> to <a href="http://10.10.253.1:67">10.10.253.1:67</a><br>(14) Finished request<br>(14) Cleaning up request packet ID 24307805 with timestamp +182<br>Ready to process requests<br> <br><br><br><br>c. But at Client side:<br><br>Listening on LPF/enp0s8/08:00:27:84:51:1b<br>Sending on   LPF/enp0s8/08:00:27:84:51:1b<br>Sending on   Socket/fallback<br>DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 6<br>DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 15<br>DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 21<br>DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 8<br>DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 10<br>DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 1<br>No DHCPOFFERS received.<br>No working leases in persistent database - sleeping.<br><br><br>My question is:  <br>I'm sure that freeradius sent the response, but how to know if dnsmasq is receiving that response?  <br><br>my dnsmasq configuration<br><br>port=0<br>interface=enp0s9<br>log-dhcp<br>dhcp-relay=10.10.253.1,10.10.254.1<br><br>my freeradus dhcp server configuration:<br><br>server dhcp {<br>listen {<br>         type = dhcp<br>        ipaddr = 10.10.254.1<br>        src_ipaddr = 10.10.254.1<br>         port = 67<br>           broadcast = no<br>            performance {<br>               skip_duplicate_checks = no<br>          }<br>}<br>dhcp DHCP-Discover {<br>    rest.authorize<br>}<br><br>dhcp DHCP-Request {<br>    rest.authorize<br>}<br>dhcp DHCP-Decline {<br>        update reply {<br>               &DHCP-Message-Type = DHCP-Do-Not-Respond<br>        }<br>     reject<br>}<br>dhcp DHCP-Inform {   <br>      dhcp_common<br>   ok<br>}<br>dhcp DHCP-Release {<br>    rest.authorize<br>}<br>dhcp DHCP-Lease-Query {<br>    if (&DHCP-Client-Hardware-Address) {<br>              <br>      }<br>     elsif (&DHCP-Your-IP-Address) {<br>           <br>      }<br>     elsif (&DHCP-Client-Identifier) {           <br>      }<br>     else {<br>                update reply {<br>                        &DHCP-Message-Type = DHCP-Lease-Unknown<br>           }<br>             ok<br>            return<br>        }<br>     if (notfound) {<br>               update reply {<br>                        &DHCP-Message-Type = DHCP-Lease-Unknown<br>           }<br>             ok<br>            return<br>        }<br>     update reply {<br>                &DHCP-Message-Type = DHCP-Lease-Unassigned<br>        }<br>}<br><br>}<br><br>So kindly please help me to fix this problem<br><br>Sincerely<br>-bino-<br></div>