DHCP relay - wrong interface for relayed packet
Alan DeKok
aland at deployingradius.com
Thu Jul 7 19:26:05 UTC 2022
On Jul 7, 2022, at 1:07 PM, Paul Thornton <paul at prt.org> wrote:
> So close - but no cigar. The relay now gets the OFFER and passes it on - to the incorrect destination port.
>
> Sending DHCP-Offer Id 29d33634 from 0.0.0.0:1067 to 255.255.255.255:1067
Arguably the server *should* send packets to port 67, no matter what the source port.
> Of course, another horrible hack might be "If I'm processing an OFFER or an ACK, and it comes in on the alternative port, please send it back to the originl client on port 68". Or is it meant to be 67. As you say, we're talking DHCP...
You can make it use port 67 by the following:
update reply {
Packet-Dst-Port := 67
}
It will then send the packets to port 67 instead of 1067.
We should arguably also support RFC 8357, which defines a "Remember Relay-Port" option. If the option exists, the reply should be sent to the UDP source port of the packet.
FreeRADIUS has always done that, because hard-coding port 67 is stupid.
Alan DEKok.
More information about the Freeradius-Users
mailing list