pfSense Support Subscription

Author Topic: DHCPd with multiple ipv4 subnets outside of local interface network. (300US$)  (Read 31474 times)

0 Members and 1 Guest are viewing this topic.

Offline deathnite

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Im in the same boat. Im sharing my internet connection to a family down the road over a wireless bridge. They cant afford to get internet into their house, and the kids need it for school. This is a routed network over a wireless bridge so I cant extend the interface over to their house to hand out IP's.

I need to turn off my old server to save power (its getting kinda expensive to run just for DHCP).

I'd love to know if this is getting committed in 2.2 as well

I'd also like to donate but not sure I can afford the larger dollar amounts already provided.

Thanks

Offline MnM

  • Newbie
  • *
  • Posts: 20
  • Karma: +1/-0
    • View Profile
Same here - just running a home setup but cant afford the large sums other ppl can donate :( I can squeeze $25 and help the cause but not sure if is acceptable.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Any donation is acceptable for this bounty.

I'll try to push it to 2.2 again soon.

Offline deathnite

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Awesome.

Ive sent the bounty to marcellocoutinho@gmail.com

Cheers

Cam

Offline MnM

  • Newbie
  • *
  • Posts: 20
  • Karma: +1/-0
    • View Profile
I have also sent the bounty to  marcellocoutinho@gmail.com

Please PM me the instructions and where to get the files from.

Offline MnM

  • Newbie
  • *
  • Posts: 20
  • Karma: +1/-0
    • View Profile
deathnite: did u get the instructions and files? I am still waiting :(

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
I`ll send it right now

Sorry for the long delay.

And thanks for your donation. :)

Offline MnM

  • Newbie
  • *
  • Posts: 20
  • Karma: +1/-0
    • View Profile
:) Thank you marcelloc!

Offline deathnite

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Thanks Mate,

This is a ripper. All my vlans across and working fine. (onto url filtering next)

One bug I did pickup
on the page https://192.168.0.1/status_dhcp_leases.php, when I want to "add a static mapping for this MAC address" for any IP address in the 192.168.1.0/24 range for example.

I click on the button "add a static mapping for this MAC address" it redirects to  the page https://192.168.0.1/services_dhcp.php and throws the error "The DHCP Server can only be enabled on interfaces configured with static IP addresses. Only interfaces configured with a static IP will be shown."

This only happens for the addition pools which do not belong to the same interface.

this rocks otherwise.. cheers..Cam

Offline MnM

  • Newbie
  • *
  • Posts: 20
  • Karma: +1/-0
    • View Profile
I am still trying to get this to work as I need it...not much luck :(

Below, I will describe my setup, how it works now and perhaps anyone has an idea to make my setup work with this DHCPd addon?

Pfsesnse 2.1.4

Two physical internal NICs - LAN = 192.168.0.0 and Guests 172.20.0.0
Both LAN and Guests plugged into the same switch.

LAN
Enable DHCP server on LAN interfaceto
Deny unknown clients
All other normal settings plus
Enable Static ARP Entries
Then I have a few DCHP Static Mappings for the interface

Guests
Enable DHCP server on GUEST interface
All other normal settings plus

Now, as the setup above by itself didnt give me what I needed, I modified dhcpd.conf manually with the required settings and then modified /etc/inc/services.inc to write the pfsense dhcpd config to dhcpd.conf.auto (so it doesnt overwrite my config when it reboots) as per below:

 /* write dhcpd.conf */
        if (!@file_put_contents("{$g['dhcpd_chroot_path']}/etc/dhcpd.conf.auto", $dhcpdconf)) {
                printf(gettext("Error: cannot open dhcpd.conf in services_dhcpdv4_configure().%s"), "\n");
                unset($dhcpdconf);
                return 1;

My dhcpd.conf looks like:

max-lease-time 43200;
default-lease-time 86400;
ddns-update-style interim;

log-facility local4;

# DPI Network
shared-network DPI {
        # Guests
        subnet 172.20.0.0 netmask 255.255.255.0 {
                authoritative;
                allow unknown-clients;
                # don't let clients update A records for ddns;
                ignore client-updates;
                range 172.20.0.10 172.20.0.30;
                max-lease-time 86400;
                default-lease-time 43200;
                option subnet-mask 255.255.255.0;
                option broadcast-address 172.20.0.255;
                option domain-name "guest.domain.tld";
                option domain-name-servers 172.20.0.254;
                option routers 172.20.0.254;
                option ntp-servers 172.20.0.254;
                allow unknown-clients;
                }
        # DPI
        subnet 192.168.0.0 netmask 255.255.255.0 {
                authoritative;
                deny unknown-clients;

                range 192.168.0.1 192.168.0.9;
                max-lease-time 864000;
                default-lease-time 432000;
                option subnet-mask 255.255.255.0;
                option broadcast-address 192.168.0.255;
                option domain-name "dpi.com";
                option domain-name-servers 192.168.0.254;
                option routers 192.168.0.254;
                option ntp-servers 192.168.0.254;
                host NAS {
                        hardware ethernet 00:02:b3:0c:28:54;
                        fixed-address 192.168.0.5;
                        }
                deny unknown-clients;

                range 192.168.0.10 192.168.0.15;
                max-lease-time 86400;
                default-lease-time 43200;
                option subnet-mask 255.255.255.0;
                option broadcast-address 192.168.0.255;
                option domain-name "dpi.com";
                option domain-name-servers 192.168.0.254;
                option routers 192.168.0.254;
                option ntp-servers 192.168.0.254;
                host ps3 {
                        hardware ethernet a8:e3:ee:7b:ec:b0;
                        fixed-address 192.168.0.10;
                        }
                deny unknown-clients;

                range 192.168.0.20 192.168.0.25;
                option subnet-mask 255.255.255.0;
                option broadcast-address 192.168.0.255;
                option domain-name "dpi.com";
                option domain-name-servers 192.168.0.254;
                option routers 192.168.0.254;
                option ntp-servers 192.168.0.254;
                host oppo93 {
                        hardware ethernet 00:22:de:89:5c:76;
                        fixed-address 192.168.0.20;
                        }
                host dunemax {
                        hardware ethernet 00:16:e8:69:81:e3;
                        fixed-address 192.168.0.21;
                        }
                host wdhub1 {
                        hardware ethernet 00:90:a9:a9:13:55;
                        fixed-address 192.168.0.22;
                        }
                host wdhub2 {
                        hardware ethernet 00:90:a9:a8:68:b5;
                        fixed-address 192.168.0.23;
                        }
                host jvc {
                        hardware ethernet 00:80:88:11:D7:D6;
                        fixed-address 192.168.0.24;
                        }
                host yamaha {
                        hardware ethernet 00:a0:de:4c:a6:89;
                        fixed-address 192.168.0.25;
                        }
                host lg {
                        hardware ethernet 3c:cd:93:11:95:8b;
                        fixed-address 192.168.0.26;
                        }
                deny unknown-clients;



The above works exactly as I wanted:

A known (defined) device will get an IP form the 192.168.0.0 range.
If an unknown device tries to get and IP address, since its MAC is not defined anywhere it will receive an IP from the 172.20.0.0 network.

This way any guests coming to visit can get a wireless or a wired connection form any Access Point or network point in the house (that's why I am not using VLANs) on the different network than my main network.
Because I have enabled static ARP entries on the LAN interface, guests will not be able to use the LAN interface even if manually entering a 192.168.0.0 (LAN) network address - they will only be able to use the GUESTS NIC and network only.

Now the issue is this - every-time there is an update, I have to manually reconfigure  /etc/inc/services.inc then copy my config back to dhcpd.conf
When I get new devices in the house I have manually add them to the dhcpd.conf
Since i am re-directing the output to dchpd.cong.auto the DHCPD logs are not a real representation of what is happening

So I though that with the new code from marcelloc I can get it to work like I have it now and have the added bonus of a GUI to change stuff. But I could not get it to work at all like above :(

pehaps I was wrong the new code form marcelloc doesn't support my configuration? (when i implemented it, it removed ll my custom config as it overwrites the file that I was modifying so basically it was like a normal config).

If anyone has any ideas what to try in the new config form marcelloc to achieve my existing config I am all ears :)

Thanks
« Last Edit: August 19, 2014, 07:12:06 pm by MnM »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Two physical internal NICs - LAN = 192.168.0.0 and Guests 172.20.0.0
Both LAN and Guests plugged into the same switch.

It's not a best practice. The best way is to have a segment for guest and another for lan.


Guests
Enable DHCP server on LAN interface
All other normal settings plus
Guest network on Lan interface?

There are many access points with ap isolation feature and multiple ssids. You can create a guest wifi with if enabled with only one network mask on your network.

The code implements multiple subnets for dhcp but these networks dhcp request on normal situations, came from dhcp relays but not on the same network segment.

Offline MnM

  • Newbie
  • *
  • Posts: 20
  • Karma: +1/-0
    • View Profile

Guest network on Lan interface?


Sorry type meant Guest interface.

Thanks for replying. I have a guest wifi on my access point (isolated) - however if I don't run the above configuration I can offer the same for people that come visiting and they plug in their devices into an RJ45 wall socket.

With the setup as it is above I can look after wifi and RJ45 wall socket guests (most of them are actually RJ45 wall sockets as they are teenagers visiting my teenage sons and play games - hence why not so much wifi). The RJ45 wall sockets I have normally have switches in them so my sosn pc, ps3, sound, tv etc are also plugged in to the same network - thats why no vlans cant vlan all the other devices plugging to the same RJ45 wall socket).

Ohh well looks like I will have to stick with manually editing files for now. I was really hoping to have a GUI and make things easier. Not to worry.

Thanks.

Offline haddock

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +1/-0
    • View Profile
I am interested in testing this.

Would a paypal transfer of 30$ be enough?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
I am interested in testing this.

Would a paypal transfer of 30$ be enough?

sure.

Thanks for your interest on donating on this bounty.

Offline haddock

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +1/-0
    • View Profile
Just a question before donating.

Does static dhcp works also for the additional subnets?
So I can manually configure ip / mac for clients in all subnets?