Issue with DHCP with Wireless card

Alan DeKok aland at deployingradius.com
Thu Mar 13 15:27:25 CET 2014


Hugh McLenaghan wrote:
> When i set this up before I didn't have an IPSEC VPN set up and I got it working.
> When I came back to work on it, I had set up an IPSEC VPN in the meantime.  Now freeradius wasn't working for DHCP, however ISC DHCPD WAS working.   So i was assuming it was completely an issue with freeradius.  It does have an issue causing the problem, however it has at least identified WHY things are broken for me!

  OK.  DHCP gets tricky with multiple interfaces.

> So i have 2 rules in my ipsec-tools.conf file:-
> 
> spdadd 10.199.100.0/28 0.0.0.0/0 any -P out ipsec
>     esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require;
> spdadd 0.0.0.0/0 10.199.100.0/28 any -P in ipsec
>    esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require;

  Hmm... DHCP works via broadcast on the local network, and broadcast
traffic isn't routed.

> NOW, what's happening is that the freeradius DHCP server is sending the reply packets FROM 0.0.0.0 to the 10.199.100.x network.

  It's not supposed to do that.  The should be sending a reply FROM it's
own IP address, not 0.0.0.0.  However... if it can't discover the
interfaces IP address, it just uses 0.0.0.0.  ISC DHCP has code to troll
through all of the addresses for an interface, and then uses that.

> So I guess to fully fix the freeradius DHCP we need to try to get the SRC address of the reply packets coming from the Interface IP and not from 0.0.0.0

  Done.  There's more it can do, but that can wait until after 3.0.2.

> If I can help in any way, PLEASE let me know.

  This helps enormously.  I've pushed a fix.  You can either grab the
"v3.0.x" branch from git && re-build, or you can edit your current
configuration, and do:

listen {
	type = dhcp
	ipaddr = *
	src_ipaddr = 10.199.100.1  # add this
}


  I've also added documentation for the src_ipaddr configuration ite,

> I'd like to get this resolved, since the features in freeradius are worth it :)     Well done on all the features, it's a great product.

  Thanks.  We try hard to make FreeRADIUS crush ISC DHCPd. :)

  Alan DeKok.


More information about the Freeradius-Users mailing list