[Dnsmasq-discuss] dnsmasq dhcp relay not relaying response from upstream to client

Geert Stappers stappers at stappers.nl
Fri Jun 25 21:12:41 UTC 2021


On Fri, Jun 25, 2021 at 11:30:18AM +0700, Bino Oetomo wrote:
> Dear All.
> 
> I Have 3 Virtualbox guest OS, arranged with internal-network as :
> 
> Freeradius <--X--> dhcprelay <--Y--> client
 
( I have seen better ASCII-art )


> 1. Internal networks:
> a. X is 'tftprelay'
> b. Y is 'tftpclient'

That got me confused.  After "transmit error correction":

} a. X is 'dhcprelay'
} b. Y is 'dhcpclient'
 

> 1. Freeradius act as DHCP server, with interface facing dhcprelay.
> IP address : 10.10.254.1
> 
> 2. Dhcprelay using dnsmasq 2.80.
> also enabled for packet forwarding.

Probably  IP forwarding
 

> IP Address:
> a. Facing FreeRadius 10.10.254.2
> b. Facing client 10.10.253.1
> 
> 3. Client is just plain debian server.
> enp0s8 is interface at network-Y where dnsmas is listening
> 
> 
> 4. ping test from freeradius to dhcprelay at network-Y
> 
> root at tftpserver:~# ping 10.10.253.1
> PING 10.10.253.1 (10.10.253.1) 56(84) bytes of data.
> 64 bytes from 10.10.253.1: icmp_seq=1 ttl=64 time=1.08 ms
> 64 bytes from 10.10.253.1: icmp_seq=2 ttl=64 time=0.900 ms

OK


> 5. Test from client with : dhclient -d  enp0s8
> I got:
> 
> 
> a. at dhcprelay (dnsmasq log)
> 
> Jun 25 06:23:47 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1
> Jun 25 06:23:54 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1
> Jun 25 06:24:08 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1
> Jun 25 06:24:26 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1
> Jun 25 06:24:41 dhcprelay dnsmasq-dhcp[1366]: DHCP relay 10.10.253.1 -> 10.10.254.1
> 
> b. Freeradius. Looks like it can receive and response from/to dnsmasq:
> 
> ...
> (14) Received code 1025 Id 24307805 from 10.10.253.1:67 to 10.10.254.1:67 length 300
> (14)   DHCP-Opcode = Client-Message
> (14)   DHCP-Hop-Count = 1
> (14)   DHCP-Transaction-Id = 24307805
> (14)   DHCP-Gateway-IP-Address = 10.10.253.1
The relay

> (14)   DHCP-Client-Hardware-Address = 08:00:27:84:51:1b
> (14)   DHCP-Message-Type = DHCP-Discover
> (14)   DHCP-Hostname = "bakalandebian"
> (14)   DHCP-Client-Identifier = 0xff2784511b000100012867cc8108002784511b
> (14)   DHCP-Network-Subnet = 10.10.253.1/32


> Trying sub-section dhcp DHCP-Discover {...}
> (14)   dhcp DHCP-Discover {
> rlm_rest (rest): 0 of 0 connections in use.  You  may need to increase "spare"
> rlm_rest (rest): Opening additional connection (3), 1 of 5 pending slots used
> rlm_rest (rest): Connecting to "http://127.0.0.1:8888/djenroll/freeradius/"
> rlm_rest (rest): Reserved connection (3)
> (14) rest: Expanding URI components
> (14) rest: EXPAND http://127.0.0.1:8888
> (14) rest:    --> http://127.0.0.1:8888
> (14) rest: EXPAND /djenroll/freeradius/
> (14) rest:    --> /djenroll/freeradius/
> (14) rest: Sending HTTP POST to "http://127.0.0.1:8888/djenroll/freeradius/"
> (14) rest: Encoding attribute "DHCP-Client-Identifier"
> (14) rest: Returning 1009 bytes of JSON data (buffer full or chunk exceeded)
> (14) rest: Processing response header
> (14) rest:   Status : 100 (Continue)
> (14) rest: Continuing...
> (14) rest: Processing response header
> (14) rest:   Status : 200 (OK)
> (14) rest:   Type   : json (application/json)
> (14) rest: Adding reply:REST-HTTP-Status-Code += "200"
> (14) rest: Parsing attribute "reply:DHCP-IP-Address-Lease-Time"
> (14) rest: EXPAND 7200
> (14) rest:    --> 7200
> (14) rest: DHCP-IP-Address-Lease-Time := 7200
> (14) rest: Parsing attribute "reply:DHCP-Client-IP-Address"
> (14) rest: EXPAND 255.255.255.255
> (14) rest:    --> 255.255.255.255
> (14) rest: DHCP-Client-IP-Address := 255.255.255.255
> (14) rest: Parsing attribute "reply:DHCP-Your-IP-Address"
> (14) rest: EXPAND 10.10.253.3
> (14) rest:    --> 10.10.253.3

For the client

> (14) rest: DHCP-Your-IP-Address := 10.10.253.3
> (14) rest: Parsing attribute "reply:DHCP-Subnet-Mask"
> (14) rest: EXPAND 255.255.255.0
> (14) rest:    --> 255.255.255.0
> (14) rest: DHCP-Subnet-Mask := 255.255.255.0
> (14) rest: Parsing attribute "reply:DHCP-Router-Address"
> (14) rest: EXPAND 10.10.253.1
> (14) rest:    --> 10.10.253.1

The relay

> (14) rest: DHCP-Router-Address := 10.10.253.1
> (14) rest: Parsing attribute "reply:DHCP-Domain-Name-Server"
> (14) rest: EXPAND 8.8.8.8
> (14) rest:    --> 8.8.8.8
> (14) rest: DHCP-Domain-Name-Server := 8.8.8.8
> (14) rest: Parsing attribute "reply:DHCP-Message-Type"
> (14) rest: EXPAND DHCP-Offer
> (14) rest:    --> DHCP-Offer
> (14) rest: DHCP-Message-Type := DHCP-Offer
> (14) rest: Parsing attribute "reply:DHCP-Gateway-IP-Address"
> (14) rest: EXPAND 10.10.253.1
> (14) rest:    --> 10.10.253.1
> (14) rest: DHCP-Gateway-IP-Address := 10.10.253.1
> (14) rest: Parsing attribute "reply:DHCP-DHCP-Server-Identifier"
> (14) rest: EXPAND 255.255.255.255
> (14) rest:    --> 255.255.255.255
> (14) rest: DHCP-DHCP-Server-Identifier := 255.255.255.255
> rlm_rest (rest): Released connection (3)
> (14)     [rest.authorize] = updated
> (14)   } # dhcp DHCP-Discover = updated
> (14) DHCP: Reply will be unicast to giaddr from original packet
> (14) Sent code 1026 Id 24307805 from 10.10.254.1:67 to 10.10.253.1:67 length 0
> (14)   DHCP-Relay-IP-Address = 10.10.253.1
> (14)   DHCP-Client-Identifier = 0xff2784511b000100012867cc8108002784511b
> (14)   DHCP-IP-Address-Lease-Time = 7200
> (14)   DHCP-Client-IP-Address = 255.255.255.255
> (14)   DHCP-Your-IP-Address = 10.10.253.3
> (14)   DHCP-Subnet-Mask = 255.255.255.0
> (14)   DHCP-Router-Address = 10.10.253.1
> (14)   DHCP-Domain-Name-Server = 8.8.8.8
> (14)   DHCP-Message-Type = DHCP-Offer
> (14)   DHCP-Gateway-IP-Address = 10.10.253.1
> (14)   DHCP-DHCP-Server-Identifier = 255.255.255.255
> (14)   DHCP-Opcode = Server-Message
> (14)   DHCP-Hardware-Type = Ethernet
> (14)   DHCP-Hardware-Address-Length = 6
> (14)   DHCP-Hop-Count = 1
> (14)   DHCP-Transaction-Id = 24307805
> (14)   DHCP-Flags = 0
> (14)   DHCP-Client-Hardware-Address = 08:00:27:84:51:1b
> DHCP-Opcode = Server-Message
> DHCP-Hardware-Type = Ethernet
> DHCP-Hardware-Address-Length = 6
> DHCP-Hop-Count = 1
> DHCP-Transaction-Id = 24307805

The same transaction ID,  indicates  "retransmit"


   <snip/>
> 
> 
> 
> 
> c. But at Client side:
> 
> Listening on LPF/enp0s8/08:00:27:84:51:1b
> Sending on   LPF/enp0s8/08:00:27:84:51:1b
> Sending on   Socket/fallback
> DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 6
> DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 15
> DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 21
> DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 8
> DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 10
> DHCPDISCOVER on enp0s8 to 255.255.255.255 port 67 interval 1
> No DHCPOFFERS received.
> No working leases in persistent database - sleeping.
> 
> 
> My question is:
> I'm sure that freeradius sent the response,

Carefull ...


> but how to know if dnsmasq is receiving that response?
 
  ... use networksniffer at **server** to verify that
       the network packets actual do leave 'freeradius'
       at the correct network interface.

Next step will be netsniffing at the DHCP relay computer.

https://en.wikipedia.org/wiki/Network_Packet_Sniffer


> my dnsmasq configuration
> 
> port=0
> interface=enp0s9
> log-dhcp
> dhcp-relay=10.10.253.1,10.10.254.1

Manual page dnsmasq snippet:
   --dhcp-relay=<local address>,<server address>[,<interface]

So the 'dhcp-relay=10.10.253.1,10.10.254.1' looks good ...


> 
> my freeradus dhcp server configuration:
> 
> server dhcp {
> listen {
> type = dhcp
>         ipaddr = 10.10.254.1
>         src_ipaddr = 10.10.254.1
>     port = 67
>     broadcast = no
>    performance {
>    skip_duplicate_checks = no
>    }
> }
> dhcp DHCP-Discover {
>     rest.authorize
> }
> 
> dhcp DHCP-Request {
>     rest.authorize
> }
> dhcp DHCP-Decline {
> update reply {
>       &DHCP-Message-Type = DHCP-Do-Not-Respond
> }
> reject
> }
> dhcp DHCP-Inform {
> dhcp_common
> ok
> }
> dhcp DHCP-Release {
> rest.authorize
> }
> dhcp DHCP-Lease-Query {
> if (&DHCP-Client-Hardware-Address) {
> 
> }
> elsif (&DHCP-Your-IP-Address) {
> 
> }
> elsif (&DHCP-Client-Identifier) {
> }
> else {
> update reply {
> &DHCP-Message-Type = DHCP-Lease-Unknown
> }
> ok
> return
> }
> if (notfound) {
> update reply {
> &DHCP-Message-Type = DHCP-Lease-Unknown
> }
> ok
> return
> }
> update reply {
> &DHCP-Message-Type = DHCP-Lease-Unassigned
> }
> }
> 
> }
> 
> So kindly please help me to fix this problem

That was recieved as

  Kindly help me with diagnosing a problem.


Already started   :-)


Regards
Geert Stappers
ADA Coin wallet DdzFFzCqrhsmqj9cvCvEcpq7D97cqSVmKKB8wEAzyAxYP76PwhFZBi1qyz9e38heFdQ2twPhmaWusS2XogsBgz5Mx7DYxtN4W9TnPEPW
-- 
Silence is hard to parse



More information about the Dnsmasq-discuss mailing list