Hi Louis,
No there are no lines with DHCPACK or OFFER. This is, because there are no such
packets coming (seen in Tcpdump). Our setup is the following: remote client —
LAN— router (with dnsmasq and a relay to PF) =VPN-Tunnel= VPN-Server —LAN—
PF-Server
So PF is not offering any leases to the remote clients but gets information
from the dnsmasq which is configured as a relay. PF is configured as inlinel3
for the remote clients.
the networks.conf is therefore:
[192.168.2.0]
dns=192.168.2.254
dhcp_start=192.168.2.10
gateway=192.168.2.250
domain-name=inlinel2.endoo.eu
nat_enabled=enabled
named=enabled
dhcp_max_lease_time=3600
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.2.246
type=inlinel2
netmask=255.255.255.0
dhcp_default_lease_time=3600
[10.1.13.0]
next_hop=192.168.2.2
domain-name=inlinel3.endoo.eu
name=inlinel3.endoo.eu
nat_enabled=1
named=enabled
dhcpd=disabled
fake_mac_enabled=0
type=inlinel3
netmask=255.255.255.0
The dhcp.conf:
# dhcpd configuration
# This file is manipulated on PacketFence's startup before being given to dhcpd
authoritative;
ddns-update-style none;
ignore client-updates;
log-facility local6;
# OMAPI for IP <-> MAC lookup
omapi-port 7911;
key pf_omapi_key {
algorithm HMAC-MD5;
secret "ghkxVADMEeYe8ikHCjkyu7hQ2abIA/SbcH8Ep6a4FGs=";
};
omapi-key pf_omapi_key;
failover peer "192.168.2.0/24" {
secondary;
address 192.168.2.250;
port 647;
peer address 192.168.2.251;
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.250;
option subnet-mask 255.255.255.0;
option domain-name "inlinel2.endoo.eu";
option domain-name-servers 192.168.2.254;
pool {
failover peer "192.168.2.0/24";
range 192.168.2.10 192.168.2.246;
default-lease-time 3600;
max-lease-time 3600;
}
}
The dhcpd is only relevant for the local network at the server side but not for
the remote clients. There are also no DHCP Server errors on the server.
The point is, that it worked well with the old PF version. pfdhcplistener.log
(old, when it worked):
Nov 22 15:29:55 pfdhcplistener(11373) INFO: DHCPREQUEST from 00:25:4b:cd:f4:64
(10.1.13.78) (main::parse_dhcp_request)
Nov 22 15:29:55 pfdhcplistener(11373) WARN: Unable to match MAC address to IP
'10.1.13.78' (pf::iplog::ip2mac)
Nov 22 15:29:55 pfdhcplistener(11373) INFO: 00:25:4b:cd:f4:64 requested an IP
with the following informations: last_dhcp = 2015-11-22 15:29:55,computername =
Christians-MBP,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor =
(main::listen_dhcp)
It does not seem to be that different…
Kind regards
Christian Hanster
> On 25 Nov 2015, at 20:35, Louis Munro <[email protected]> wrote:
>
> Hi Christian,
> Is this all that is in the pfdhcplistener log?
> No lines with DHCPACK or DHCPOFFER?
>
> Which dhcp server is offering leases in the VLAN?
> The PF dhcp service, or do you have another server providing that service?
>
> Are there any dhcpd errors in /var/log/messages?
>
> Please post your conf/network.conf and var/conf/dhcpd.conf files.
>
> Regards,
> --
> Louis Munro
> [email protected] <mailto:[email protected]> :: www.inverse.ca
> <http://www.inverse.ca/>
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>
>> On Nov 25, 2015, at 13:37 , Christian Hanster <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> Hi,
>>
>> thanks for the response!
>> So after some more testing I found out, that I have to restart the
>> pfdhcplistener manually. Then it is recognising the traffic. I do not what
>> is then different because the pfdhcplistener is running before too…
>>
>> Now the problem is, that PF recognises the new Mac-address but did not
>> define an IP Adress. Output of pfdhcplistener:
>> Nov 25 18:24:45 pfqueue(51123) INFO: [mac:[undef]] DHCPREQUEST from
>> d4:33:a3:ed:f2:a5 (10.1.13.239) with lease of 7776000 seconds
>> (pf::dhcp::processor::parse_dhcp_request)
>> Nov 25 18:24:47 pfqueue(51123) INFO: [mac:d4:33:a3:ed:f2:a5]
>> d4:33:a3:ed:f2:a5 requested an IP with the following informations: last_dhcp
>> = 2015-11-25 18:24:45,computername = Christians-MBP,dhcp_fingerprint =
>> 1,3,6,15,119,95,252,44,46,dhcp_vendor =
>> (pf::dhcp::processor::process_packet)
>>
>> So now I see node entries, but the captive portal says that the node cannot
>> be found in the database, because PF does not store a value for the
>> IP-Adress in the DB when it detects it.
>>> On 25 Nov 2015, at 18:09, Louis Munro <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>>
>>> An active/active or active/passive cluster?
>>> Inline is not supported in active/active. Not everything can be replicated.
>> I run it as an active/active cluster. I followed the installation guide from
>> the packtefence website, but have a replicated DB server on an other host. I
>> did not know that inline is not supported. It was not stated anywhere in the
>> guide… Is there an easy way to change it to active/passive?
>>>
>>> Are all PacketFence services running?
>>> Especially pfqueue, redis_queue and obviously the pfdhcplistener?
>> Services are all running but it is only listening for dhcp when I restart
>> pfdhcplistener via “pfcmd service pfdhcplistener restart” manually.
>>> Are dhcp requests being received on the interface?
>>> What does this report?
>>>
>>> # tcpdump -tnl -i eth0 port bootpc or port bootps
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
>> IP 10.1.13.1.67 > 192.168.2.254.67: BOOTP/DHCP, Request from
>> d4:33:a3:ed:f2:a5, length 300
>>
>> I hope you can help me with it because I’m really clueless at the moment…
>>
>> Kind regards
>> Christian Hanster
>>
>>>
>>>
>>>
>>>
>>> Regards,
>>> --
>>> Louis Munro
>>> [email protected] <mailto:[email protected]> :: www.inverse.ca
>>> <http://www.inverse.ca/>
>>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
>>> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>>> ------------------------------------------------------------------------------
>>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>>> Give your users amazing mobile app experiences with Intel(R) XDK.
>>> Use one codebase in this all-in-one HTML5 development environment.
>>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>>> OSs.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>>
>>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>>> PacketFence-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>> ------------------------------------------------------------------------------
>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>> Give your users amazing mobile app experiences with Intel(R) XDK.
>> Use one codebase in this all-in-one HTML5 development environment.
>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>
>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
