DHCP relay IP and gateway IP, possible bad logic?

Alan DeKok aland at deployingradius.com
Mon Mar 4 16:54:54 CET 2013


Igor Smitran wrote:
> On 03/01/2013 04:12 PM, Alan DeKok wrote:
>> Can you supply the debug output?
> When set that freeradius sends IP, NETMASK, DNS... *WITHOUT DEFAULT
> GATEWAY*:

  The point of asking for debug output is to see what the server is doing.

  I'm not sure what the rest of your message means.  The server defaults
to copying the giaddr from the request to the reply.  This is so that
the reply can use the giaddr as the destination IP.  If you use Perl to
update the giaddr to something else... then the reply will be sent there.

  i.e. if you want to use the correct giaddr, don't change it.

> *This packet is sent to RELAY_IP*

  The point of me asking for debug output is to see *why* this is
happening.  When you only look at the packets, you ignore the one piece
of information which will help you solve the problem.

> So, when freeradius sees *DHCP-Gateway-IP-Address *inside reply offer he
> uses it as destination where to send reply which is wrong. He should use
> RELAY IP instead no matter what's inside BOOTREPLY.*

  Where is the server getting the updated DHCP-Gateway-IP-Address from?
 Not the source code.  It doesn't change it.  Not the default config.
It doesn't change it.

  So... until you show debug output, this largely looks like you edited
the configuration and broke it.  Don't do that.

  The only real bug I can see is that the offer has a non-zero giaddr
field.  This is wrong, as the packet is already unicast to the giaddr.
The DHCP specs say that the giaddr in reply packets (offer, etc.) should
be zero.

  I'll go fix that.

  Please also try with the v2.x.x branch from git.  It contains some
minor updates to the debug output which clarify what it's doing.

  Alan DeKok.


More information about the Freeradius-Users mailing list