DHCP routing bug (FreeRadius DHCP reply to Default Gateway)
Pavel Malev
pavel at webcom.net.ua
Mon Sep 28 02:06:17 CEST 2009
Hello!
I have Freeradius 2.1.6 on freebsd6.2.
Freebsd have Default Gateway:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.2.150 UGS 0 7922 rl1
Default Gateway have mac-address:
? (192.168.2.150) at 00:30:48:35:31:32 on rl1 [ethernet]
Freeradius receive DHCP-Discover:
[tcpdump]
02:28:25.754215 00:0c:f1:4e:42:36 > ff:ff:ff:ff:ff:ff, ethertype IPv4
(0x0800), length 348: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
Request from 00:0c:f1:4e:42:36, length: 306
After authorization Freeradius send reply to Default Gateway(!), not to clinet:
[tcpdump]
02:28:25.766341 00:30:4f:21:b4:73 > 00:30:48:35:31:32, ethertype IPv4
(0x0800), length 342: 192.168.2.252.67 > 255.255.255.255.68:
BOOTP/DHCP, Reply, length: 300
If I delete Default Gateway - FreeRadius dont send anything.
If I put "interface = rl1" in the listen{} section, I get error:
/usr/local/etc/raddb/radiusd.conf[56]: System does not support binding
to interfaces. Delete this line from the configuration file.
FreeRadiusd debug messages:
Received DHCP-Discover of id 2083766121 from 0.0.0.0:68 to 0.0.0.0:67
DHCP-Opcode = Client-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 0
DHCP-Transaction-Id = 2083766121
DHCP-Number-of-Seconds = 0
DHCP-Flags = 0
DHCP-Client-IP-Address = 0.0.0.0
DHCP-Your-IP-Address = 0.0.0.0
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 0.0.0.0
DHCP-Client-Hardware-Address = 00:0c:f1:4e:42:36
DHCP-Message-Type = DHCP-Discover
DHCP-Auto-Config = 1
DHCP-Client-Identifier = 00:0c:f1:4e:42:36
DHCP-Requested-IP-Address = 169.254.184.172
DHCP-Hostname = "computer-4cacfb"
DHCP-Vendor-Class-Identifier = "MSFT 5.0"
DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Domain-Name
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers
DHCP-Parameter-Request-List = DHCP-NETBIOS-Node-Type
DHCP-Parameter-Request-List = DHCP-NETBIOS
DHCP-Parameter-Request-List = DHCP-Perform-Router-Discovery
DHCP-Parameter-Request-List = DHCP-Static-Routes
DHCP-Parameter-Request-List = 249
DHCP-Parameter-Request-List = DHCP-Vendor
DHCP-Vendor = 0xdc00
Trying sub-section dhcp DHCP-Discover {...}
+- entering group DHCP-Discover {...}
expand: %{Packet-Dst-IP-Address} -> 0.0.0.0
++[reply] returns noop
rlm_perl: mac: 00:0c:f1:4e:42:36
rlm_perl: DB result: 192.168.2.1
rlm_perl: Added pair DHCP-Your-IP-Address = 0.0.0.0
rlm_perl: Added pair DHCP-Message-Type = DHCP-Discover
rlm_perl: Added pair DHCP-Vendor-Class-Identifier = MSFT 5.0
rlm_perl: Added pair DHCP-Hop-Count = 0
rlm_perl: Added pair DHCP-Number-of-Seconds = 0
rlm_perl: Added pair DHCP-Client-IP-Address = 0.0.0.0
rlm_perl: Added pair DHCP-Gateway-IP-Address = 0.0.0.0
rlm_perl: Added pair DHCP-Hardware-Type = Ethernet
rlm_perl: Added pair DHCP-Flags = 0
rlm_perl: Added pair DHCP-Hardware-Address-Length = 6
rlm_perl: Added pair DHCP-Hostname = computer-4cacfb
rlm_perl: Added pair DHCP-Opcode = Client-Message
rlm_perl: Added pair DHCP-Transaction-Id = 2083766121
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-Subnet-Mask
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-Domain-Name
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-Router-Address
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-NETBIOS-Node-Type
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-NETBIOS
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-Perform-Router-Discovery
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-Static-Routes
rlm_perl: Added pair DHCP-Parameter-Request-List = 249
rlm_perl: Added pair DHCP-Parameter-Request-List = DHCP-Vendor
rlm_perl: Added pair DHCP-Client-Hardware-Address = 00:0c:f1:4e:42:36
rlm_perl: Added pair DHCP-Server-IP-Address = 0.0.0.0
rlm_perl: Added pair DHCP-Requested-IP-Address = 169.254.184.172
rlm_perl: Added pair DHCP-Auto-Config = 1
rlm_perl: Added pair DHCP-Vendor = 0xdc00
rlm_perl: Added pair DHCP-Client-Identifier = 00:0c:f1:4e:42:36
rlm_perl: Added pair DHCP-Your-IP-Address = 192.168.2.1
rlm_perl: Added pair DHCP-DHCP-Server-Identifier = 192.168.2.252
rlm_perl: Added pair DHCP-Subnet-Mask = 255.255.255.0
rlm_perl: Added pair DHCP-Gateway-IP-Address = 192.168.2.150
rlm_perl: Added pair DHCP-IP-Address-Lease-Time = 86400
rlm_perl: Added pair DHCP-Router-Address = 192.168.2.150
++[perl] returns ok
++? if (ok)
? Evaluating (ok) -> TRUE
++? if (ok) -> TRUE
++- entering if (ok) {...}
+++[reply] returns ok
++- if (ok) returns ok
++ ... skipping else for request 0: Preceding "if" was taken
++[ok] returns ok
Sending -1022 of id 2083766121 from 0.0.0.0:67 to 0.0.0.0:68
DHCP-Opcode = Server-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 0
DHCP-Transaction-Id = 2083766121
DHCP-Number-of-Seconds = 0
DHCP-Flags = 0
DHCP-Client-IP-Address = 0.0.0.0
DHCP-Your-IP-Address = 192.168.2.1
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 0.0.0.0
DHCP-Client-Hardware-Address = 00:0c:f1:4e:42:36
DHCP-Server-Host-Name = ""
DHCP-Boot-Filename = ""
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 192.168.2.150
DHCP-NTP-Servers = 192.168.2.150
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 192.168.2.252
Finished request 0.
Cleaning up request 0 ID 2083766121 with timestamp +18
Going to the next request
Ready to process requests.
radiusd.conf:
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/${name}.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
ipaddr = *
port = 67
type = dhcp
# interface = rl1
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
<skiped>
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = no
thread pool {
<skiped>
}
client any {
ipaddr = 0.0.0.0
netmask = 0
dhcp = yes
}
dhcp DHCP-Discover {
update reply {
DHCP-DHCP-Server-Identifier = "%{Packet-Dst-IP-Address}"
}
perl
if (ok) {
update reply {
DHCP-Message-Type = DHCP-Offer
DHCP-NTP-Servers = 193.111.126.2
}
}
else {
update reply {
DHCP-Message-Type = 0
}
}
ok
}
dhcp DHCP-Request {
update reply {
DHCP-DHCP-Server-Identifier = "%{Packet-Dst-IP-Address}"
}
perl
if (ok) {
update reply {
DHCP-Message-Type = DHCP-ACK
DHCP-NTP-Servers = 1.1.1.1
}
}
elsif (notfound) {
update reply {
DHCP-Message-Type = DHCP-NAK
}
}
else {
update reply {
DHCP-Message-Type = 0
}
}
linelog
ok
}
dhcp DHCP-Release {
handled
}
dhcp DHCP-Inform {
handled
}
dhcp {
handled
}
modules {
perl {
module = ${raddbdir}/check.pl
}
$INCLUDE ${confdir}/modules/
}
Is it possible to fix?
Thank you, sorry for my English.
Best regards, Pavel Malev
More information about the Freeradius-Users
mailing list