Hi Louis,
It’s me again and I found the problem finally. It has to do with the rewritten
dhcplistener in the new release.
The new listener configuration is checking, if there is a dhcp server running
on the interface. If this is the case then it will not work with dhcp-request
packages. In my special case the problem was that I had running the dhcp server
on the interface (inlinel2) but not for the inlinel3 network. So the listener
was not processing the Request packages. It might be a bug but I do not know
how to fix it because the pfdhcplistener is running on interface level. For me
it worked when I switched off the dhcp-server on the interface. Probably I will
let the dhcp be done by an other server in this network...
The problem is in line 332ff. in file processor.pm (Tag 5.5.0):
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/dhcp/processor.pm
<https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/dhcp/processor.pm>
Thank you for your help!
Kind regards
Christian
> On 25 Nov 2015, at 22:41, Christian Hanster <[email protected]> wrote:
>
> Hi Louis,
>
> No there are no lines with DHCPACK or OFFER. This is, because there are no
> such packets coming (seen in Tcpdump). Our setup is the following: remote
> client — LAN— router (with dnsmasq and a relay to PF) =VPN-Tunnel= VPN-Server
> —LAN— PF-Server
>
> So PF is not offering any leases to the remote clients but gets information
> from the dnsmasq which is configured as a relay. PF is configured as inlinel3
> for the remote clients.
>
> the networks.conf is therefore:
> [192.168.2.0]
> dns=192.168.2.254
> dhcp_start=192.168.2.10
> gateway=192.168.2.250
> domain-name=inlinel2.endoo.eu <http://inlinel2.endoo.eu/>
> nat_enabled=enabled
> named=enabled
> dhcp_max_lease_time=3600
> fake_mac_enabled=disabled
> dhcpd=enabled
> dhcp_end=192.168.2.246
> type=inlinel2
> netmask=255.255.255.0
> dhcp_default_lease_time=3600
>
> [10.1.13.0]
> next_hop=192.168.2.2
> domain-name=inlinel3.endoo.eu <http://inlinel3.endoo.eu/>
> name=inlinel3.endoo.eu <http://inlinel3.endoo.eu/>
> nat_enabled=1
> named=enabled
> dhcpd=disabled
> fake_mac_enabled=0
> type=inlinel3
> netmask=255.255.255.0
>
> The dhcp.conf:
> # dhcpd configuration
> # This file is manipulated on PacketFence's startup before being given to
> dhcpd
> authoritative;
> ddns-update-style none;
> ignore client-updates;
> log-facility local6;
>
> # OMAPI for IP <-> MAC lookup
> omapi-port 7911;
> key pf_omapi_key {
> algorithm HMAC-MD5;
> secret "ghkxVADMEeYe8ikHCjkyu7hQ2abIA/SbcH8Ep6a4FGs=";
> };
> omapi-key pf_omapi_key;
>
>
> failover peer "192.168.2.0/24" {
> secondary;
> address 192.168.2.250;
> port 647;
> peer address 192.168.2.251;
> peer port 647;
> max-response-delay 30;
> max-unacked-updates 10;
> load balance max seconds 3;
> }
>
>
> subnet 192.168.2.0 netmask 255.255.255.0 {
> option routers 192.168.2.250;
> option subnet-mask 255.255.255.0;
> option domain-name "inlinel2.endoo.eu <http://inlinel2.endoo.eu/>";
> option domain-name-servers 192.168.2.254;
> pool {
> failover peer "192.168.2.0/24";
> range 192.168.2.10 192.168.2.246;
> default-lease-time 3600;
> max-lease-time 3600;
> }
> }
>
>
> The dhcpd is only relevant for the local network at the server side but not
> for the remote clients. There are also no DHCP Server errors on the server.
>
> The point is, that it worked well with the old PF version. pfdhcplistener.log
> (old, when it worked):
> Nov 22 15:29:55 pfdhcplistener(11373) INFO: DHCPREQUEST from
> 00:25:4b:cd:f4:64 (10.1.13.78) (main::parse_dhcp_request)
> Nov 22 15:29:55 pfdhcplistener(11373) WARN: Unable to match MAC address to IP
> '10.1.13.78' (pf::iplog::ip2mac)
> Nov 22 15:29:55 pfdhcplistener(11373) INFO: 00:25:4b:cd:f4:64 requested an IP
> with the following informations: last_dhcp = 2015-11-22 15:29:55,computername
> = Christians-MBP,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor =
> (main::listen_dhcp)
>
> It does not seem to be that different…
>
> Kind regards
> Christian Hanster
>> On 25 Nov 2015, at 20:35, Louis Munro <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> Hi Christian,
>> Is this all that is in the pfdhcplistener log?
>> No lines with DHCPACK or DHCPOFFER?
>>
>> Which dhcp server is offering leases in the VLAN?
>> The PF dhcp service, or do you have another server providing that service?
>>
>> Are there any dhcpd errors in /var/log/messages?
>>
>> Please post your conf/network.conf and var/conf/dhcpd.conf files.
>>
>> Regards,
>> --
>> Louis Munro
>> [email protected] <mailto:[email protected]> :: www.inverse.ca
>> <http://www.inverse.ca/>
>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
>> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>>
>>> On Nov 25, 2015, at 13:37 , Christian Hanster <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> Hi,
>>>
>>> thanks for the response!
>>> So after some more testing I found out, that I have to restart the
>>> pfdhcplistener manually. Then it is recognising the traffic. I do not what
>>> is then different because the pfdhcplistener is running before too…
>>>
>>> Now the problem is, that PF recognises the new Mac-address but did not
>>> define an IP Adress. Output of pfdhcplistener:
>>> Nov 25 18:24:45 pfqueue(51123) INFO: [mac:[undef]] DHCPREQUEST from
>>> d4:33:a3:ed:f2:a5 (10.1.13.239) with lease of 7776000 seconds
>>> (pf::dhcp::processor::parse_dhcp_request)
>>> Nov 25 18:24:47 pfqueue(51123) INFO: [mac:d4:33:a3:ed:f2:a5]
>>> d4:33:a3:ed:f2:a5 requested an IP with the following informations:
>>> last_dhcp = 2015-11-25 18:24:45,computername =
>>> Christians-MBP,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor =
>>> (pf::dhcp::processor::process_packet)
>>>
>>> So now I see node entries, but the captive portal says that the node cannot
>>> be found in the database, because PF does not store a value for the
>>> IP-Adress in the DB when it detects it.
>>>> On 25 Nov 2015, at 18:09, Louis Munro <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>>
>>>> An active/active or active/passive cluster?
>>>> Inline is not supported in active/active. Not everything can be
>>>> replicated.
>>> I run it as an active/active cluster. I followed the installation guide
>>> from the packtefence website, but have a replicated DB server on an other
>>> host. I did not know that inline is not supported. It was not stated
>>> anywhere in the guide… Is there an easy way to change it to active/passive?
>>>>
>>>> Are all PacketFence services running?
>>>> Especially pfqueue, redis_queue and obviously the pfdhcplistener?
>>> Services are all running but it is only listening for dhcp when I restart
>>> pfdhcplistener via “pfcmd service pfdhcplistener restart” manually.
>>>> Are dhcp requests being received on the interface?
>>>> What does this report?
>>>>
>>>> # tcpdump -tnl -i eth0 port bootpc or port bootps
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>>> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
>>> IP 10.1.13.1.67 > 192.168.2.254.67: BOOTP/DHCP, Request from
>>> d4:33:a3:ed:f2:a5, length 300
>>>
>>> I hope you can help me with it because I’m really clueless at the moment…
>>>
>>> Kind regards
>>> Christian Hanster
>>>
>>>>
>>>>
>>>>
>>>>
>>>> Regards,
>>>> --
>>>> Louis Munro
>>>> [email protected] <mailto:[email protected]> :: www.inverse.ca
>>>> <http://www.inverse.ca/>
>>>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
>>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>)
>>>> and PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>>>> ------------------------------------------------------------------------------
>>>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>>>> Give your users amazing mobile app experiences with Intel(R) XDK.
>>>> Use one codebase in this all-in-one HTML5 development environment.
>>>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>>>> OSs.
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>>>
>>>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> <mailto:[email protected]>
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>> ------------------------------------------------------------------------------
>>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>>> Give your users amazing mobile app experiences with Intel(R) XDK.
>>> Use one codebase in this all-in-one HTML5 development environment.
>>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>>> OSs.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>>
>>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>>> PacketFence-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> ------------------------------------------------------------------------------
>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>> Give your users amazing mobile app experiences with Intel(R) XDK.
>> Use one codebase in this all-in-one HTML5 development environment.
>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>
>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
