Issue with DHCP with Wireless card

Hugh McLenaghan hughmcl at hotmail.com
Thu Mar 13 02:08:35 CET 2014 

I think i've got it.

Ok, I now know what the problem is.

When i set this up before I didn't have an IPSEC VPN set up and I got it working.
When I came back to work on it, I had set up an IPSEC VPN in the meantime.  Now freeradius wasn't working for DHCP, however ISC DHCPD WAS working.   So i was assuming it was completely an issue with freeradius.  It does have an issue causing the problem, however it has at least identified WHY things are broken for me!

Here's what I've got.

The Pi is set up with an IPSEC VPN to a remote server.   A client connects to the Pi's wireless network (getting an IP Address).   ALL traffic from that client needs to go across the VPN (since the network at the other side will control internet access for the clients).

So i have 2 rules in my ipsec-tools.conf file:-

spdadd 10.199.100.0/28 0.0.0.0/0 any -P out ipsec
    esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require;
spdadd 0.0.0.0/0 10.199.100.0/28 any -P in ipsec
   esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require;

So all traffic from the WLAN (10.199.100.0/28) needs to go across the VPN, hence the above rules.


NOW, what's happening is that the freeradius DHCP server is sending the reply packets FROM 0.0.0.0 to the 10.199.100.x network.   Now since 0.0.0.0 -> 10.199.100.x fits in the 2nd rule above, what is happening is that it's trying to process the packet as an encrypted esp packet and dropping it.  So the packets NEVER reach the interface.

Ok, the reason that the ISC DHCP server works is that the reply packets are being sent from the IP address of the WLAN0 interface: 10.199.100.1, so the reply would be:  10.199.100.1 -> 10.199.100.x. since it's the same network, the above rules aren't being implemented.

So I guess to fully fix the freeradius DHCP we need to try to get the SRC address of the reply packets coming from the Interface IP and not from 0.0.0.0


If I can help in any way, PLEASE let me know.  I'd like to get this resolved, since the features in freeradius are worth it :)     Well done on all the features, it's a great product.


           Hugh






----------------------------------------
> From: hughmcl at hotmail.com
> To: freeradius-users at lists.freeradius.org
> Subject: RE: Issue with DHCP with Wireless card
> Date: Wed, 12 Mar 2014 19:02:30 -0500
>
> Thanks.   I'm wondering if it's something wrong with my build.   I can't think of what else it could be.  Going to try another dhcp config file just in case something is wrong with mine.
>
> I tried it on another Pi and I'm seeing the same results.   No DHCP response.  So it's got to be something on my end, just not sure what yet.   It's driving me crazy :)
>
>
> Thanks for all your testing though.  Nice to know this is a very active group.
>
>
>           Hugh
>
>
>
>
> ----------------------------------------
>> Date: Wed, 12 Mar 2014 22:57:32 +0000
>> From: mcn4 at leicester.ac.uk
>> To: freeradius-users at lists.freeradius.org
>> Subject: Re: Issue with DHCP with Wireless card
>>
>> On Wed, Mar 12, 2014 at 04:42:44PM -0500, Hugh McLenaghan wrote:
>>> Yeah. Strange thing is that I'm sure I had it working at one
>>> point. Doesn't really make sense to me. It appears to be doing
>>> what it's supposed to be, but for some reason the packet isn't
>>> being sent out by the card or being seen on the card/interface.
>>>
>>> Going to try it on another Pi to see if somehow some library somewhere got mixed up.
>>
>> OK, that was a long build - about 45 minutes from configure to
>> installed...!
>>
>> Unfortunately, it proves nothing. FreeRADIUS will quite happily
>> serving DHCP on either eth0 or wlan0 on the Pi.
>>
>> O/S here is a slightly not up to date raspbian (Linux raspberrypi
>> 3.6.11+ #456 PREEMPT Mon May 20 17:42:15 BST 2013 armv6l
>> GNU/Linux, Debian 7.1) Same wlan card that worked on the desktop
>> PC.
>>
>> I assume you have no firewall running?
>>
>> Apart from that, I'm not sure there's much more I can check, with
>> it working fine here :(
>>
>> Cheers,
>>
>> Matthew
>>
>>
>>> ----------------------------------------
>>>> Date: Wed, 12 Mar 2014 21:14:22 +0000
>>>> From: mcn4 at leicester.ac.uk
>>>> To: freeradius-users at lists.freeradius.org
>>>> Subject: Re: Issue with DHCP with Wireless card
>>>>
>>>> On Wed, Mar 12, 2014 at 02:44:37PM -0500, Hugh McLenaghan wrote:
>>>>> I'm hoping that the issue is something simple I've done wrong or missing.
>>>>
>>>> Doesn't help much, but I just tested with a WLAN card in my Linux
>>>> desktop (TP-LINK TL-WN772N, Atheros AR9271) and it worked straight
>>>> away; assigned an IP to my tablet, and saw the packets in tcpdump.
>>>>
>>>> It also worked on a Netgear WLAN card, also supposedly the same
>>>> chipset, though it's not a good card. When a DHCP Discover got
>>>> through, though, the Offer was successfully sent.
>>>>
>>>> I'll see if I can dig out the Pi to test, but this may take a
>>>> while as I've not fired it up for a bit.
>>>>
>>>> So it doesn't look like a problem with DHCP over a wireless
>>>> interface in general.
>>>>
>>>> Matthew
>>>>
>>>>
>>>>> ----------------------------------------
>>>>>> Date: Wed, 12 Mar 2014 14:00:07 -0400
>>>>>> From: aland at deployingradius.com
>>>>>> To: freeradius-users at lists.freeradius.org
>>>>>> Subject: Re: Issue with DHCP with Wireless card
>>>>>>
>>>>>> Hugh McLenaghan wrote:
>>>>>>> Starting FreeRADIUS:Wed Mar 12 11:10:22 2014 : Info: radiusd: FreeRADIUS Version 3.1.0 (git #b71e353), for host armv6l-unknown-linux-gnu, built on Mar 12 2014 at 01:50:59
>>>>>>
>>>>>> Please use v3.0.2 branch. The "master" branch is undergoing heavy
>>>>>> development. And also use "radiusd -X". Using "-Xx" doesn't help.
>>>>>>
>>>>>> Are you running this as root? The DHCP code requires that for proper
>>>>>> operation. You should also set the "interface" entry in the listen
>>>>>> section for dhcp. That will tell it to receive / send packets on the
>>>>>> correct interface.
>>
>> --
>> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>>
>> Systems Specialist, Infrastructure Services,
>> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>>
>> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list