I've finally found a working scenario for dealing with the broken
Windows DHCP client which doesn't obey RFC3442, specifically this:
"If the DHCP server returns both a Classless Static Routes option and
a Router option, the DHCP client MUST ignore the Router option."
Windows, apparently (and according to my tests) does not ignore the
Router option and therefore you can end up with 2 default gateways.
However, my config seems a bit cumbersome and so I'm wondering if
there is a more elegant solution.
I'm also dealing with Kea-2.4.1 as that is what is currently available
with OpenBSD, hopefully that will get bumped up when 2.4.1 goes EOL
next month.
Here's a snippet of the config in question:
=========================================
"client-classes": [
{
"name": "windoze",
"test": "substring(option[60].hex,0,4) == 'MSFT'",
"option-data": [
{
"name": "release",
"code": 2,
"space": "vendor-encapsulated-options-space",
"data": "00000001"
},
{
"name": "nbt",
"code": 1,
"space": "vendor-encapsulated-options-space",
"data": "00000002"
},
{
"name": "vendor-encapsulated-options"
}
]
},
{
"name": "no_win_id1",
"test": "not(substring(option[60].hex,0,4) == 'MSFT')",
"only-if-required": true,
"option-data": [
{
"name": "routers",
"data": "172.27.12.254"
}
]
}
],
"subnet4": [
{
"id": 1,
"subnet": "172.27.12.0/24",
"reservations-in-subnet": true,
"pools": [ { "pool": "172.27.12.240 - 172.27.12.248" } ],
"require-client-classes": [ "no_win_id1" ],
"option-data": [
{
"code": 121,
"data": "24, 192, 168, 77, 172, 27, 12, 254, 24, 192,
168, 88, 172, 27, 12, 254, 24
, 192, 168, 111, 172, 27, 12, 254, 24, 192, 168, 222, 172, 27, 12,
254, 0, 172, 27, 12, 1"
}
],
<?include "/etc/kea/id1_res.conf"?>
},
=========================================
Basically what I've done is set the subnet up to, by default, deliver
only the Classless-Static-Routes which by itself is fine with Windows,
and then if the system is not Windows the Router option gets added.
This allows systems that follow the RFC to work properly, if they
accept the Classless Static Routes, they ignore the Router option
(every 'nix type system I've tested, unlike Windows) and if they don't
accept the Classless Static Routes they use the Router option (a
printer for example).
Doing it this way requires multiple "no_win_idX" classes for different
subnets whereas if the subnet could contain both the Router option and
the Classless-Static-Routes option but only send the Classless part
for Windows and both parts for other systems I could use just one
"no_win" class, which I would consider more elegant, but I haven't
seen a way to do this.
Thank you!
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
