DHCP NAT (and Relay) and Static Addressing based on Option82/Circuit ID

Martin Edge medge at emersion.com
Tue Nov 22 07:23:49 CET 2016


I'm working through setting up FreeRADIUS to behave as a DHCP Server so that it can read and respond to DHCP Packets (including Option 82 info).

I'm making progress - however I am facing a few roadblocks that I would like some guidance on if possible.

*Packets forwarded from an internal network which are translated out to us and carry a DHCP-Relay-IP-Address*
DHCP Requests that are being sent to us include a Relay-IP-Address - and implicitly the DHCP module seems to use this as an authority and attempts to return the packet to the Relay IP, not the source of the packet. I was able to comment out in the source (3.0.12) - "modules/proto_dhcp/dhcpd.c" on line 497 (where it sets a new destination IP address) - and the packet was returned to the originator. Obviously this is not the way I should be doing this - so any suggestions are welcome.

*DHCP IP Addressing from SQLIPool*
I have the radippool (via dhcp_sqlippool) process able to extract an IP address based on the Circuit ID (Option 82) contained within the DHCP Packet.

The challenge I have, is the IP addresses I am allocating (for the same provider, but we will also have multiple providers who use our system) - has different gateways based on the location of the service and the IP allocated. From what I can ascertain looking at the source code, the DHCP Pool functionality presently only deals with the returning of the Framed-IP-Address.

Looking at "modules/rlm_sqlippool/rlm_sqlippool.c" (line 580) - there is an object called 'inst' with a property called framed_ip_address. This is used to build a 'vp' and adds it to the reply.

How would one go about providing database driven gateway/dns settings?

Is there a way? Or is the only option to add support for additional properties in the code for this? (I would need to isolate where the framed_ip_address is mapped to Framed-IP-Address to follow the similar behaviour.

Hope you can help!

Martin Edge
Chief Technical Officer

[Description: Description: Emersion Logo]
Emersion saves you time and money, by providing an easy to use, secure and scalable
billing, provisioning & operational support system delivered as a service in the cloud.

Emersion Software Systems Pty Ltd
Twitter: .......... @EmersionBilling

This communication may contain CONFIDENTIAL or copyright information of Emersion Software Systems Pty Ltd (ABN 28 119 061 791). If you are not an intended recipient, you MUST NOT read, print, keep, forward, copy, use, save, retransmit or rely on this communication or any attachments, and any such action is unauthorised and prohibited. If you have received this communication in error, please reply to this e-mail to notify the sender of its incorrect delivery, and then delete both it and your reply. Emersion does not guarantee the integrity of any emails or any attached files. The views or opinions expressed are the author's own and may not reflect the views or opinions of Emersion. Thank you.

More information about the Freeradius-Users mailing list