Hi Christian,
This is indeed a corner case that is not well handled.
The original reason for that was that we assumed that you either use the
PacketFence dhcpd for all or none of your networks.
If it’s all, then we should be receiving the ACKs.
If it’s none, then we needed to listen for DHCPREQUEST packets.
We try to process the minimum number of packets required to do the job, because
in a large network that job quickly becomes expensive.
So in your case I can suggest a few ideas to fix it.
1. You could use the PacketFence dhcpd server on all your networks (if that is
possible for you).
2. You could try using the UDP reflector
(https://code.google.com/p/udp-reflector/
<https://code.google.com/p/udp-reflector/>) to send a copy of the ACKs to
PacketFence.
3. You could patch PacketFence to handle the DHCPREQUESTS in those networks.
4. Look into using OMAPI to have PacketFence query your dhcp server for the
leases.
I believe option 3 would be fastest to implement.
You could try this patch:
diff --git a/lib/pf/dhcp/processor.pm b/lib/pf/dhcp/processor.pm
index 5b6f6a8..36ee6fe 100644
--- a/lib/pf/dhcp/processor.pm
+++ b/lib/pf/dhcp/processor.pm
@@ -274,7 +274,7 @@ sub parse_dhcp_request {
# We check if we are running without dhcpd
# This means we don't see ACK so we need to act on requests
- if((!$self->{running_w_dhcpd} &&
!isenabled($Config{network}{force_listener_update_on_ack})) &&
(defined($client_ip) && defined($client_mac))){
+ if((!isenabled($Config{network}{force_listener_update_on_ack})) &&
(defined($client_ip) && defined($client_mac))){
$self->handle_new_ip($client_mac, $client_ip, $lease_length);
}
Let us know if it helps.
We’ll have to think of the best way of handling that particular case in the
future.
Regards,
--
Louis Munro
lmu...@inverse.ca :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
> On Nov 25, 2015, at 18:10 , Christian Hanster <christian-hans...@gmx.de>
> wrote:
>
> Hi Louis,
>
> It’s me again and I found the problem finally. It has to do with the
> rewritten dhcplistener in the new release.
>
> The new listener configuration is checking, if there is a dhcp server running
> on the interface. If this is the case then it will not work with dhcp-request
> packages. In my special case the problem was that I had running the dhcp
> server on the interface (inlinel2) but not for the inlinel3 network. So the
> listener was not processing the Request packages. It might be a bug but I do
> not know how to fix it because the pfdhcplistener is running on interface
> level. For me it worked when I switched off the dhcp-server on the interface.
> Probably I will let the dhcp be done by an other server in this network...
>
> The problem is in line 332ff. in file processor.pm (Tag 5.5.0):
> https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/dhcp/processor.pm
>
> <https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/dhcp/processor.pm>
>
> Thank you for your help!
>
> Kind regards
> Christian
>> On 25 Nov 2015, at 22:41, Christian Hanster <christian-hans...@gmx.de
>> <mailto:christian-hans...@gmx.de>> wrote:
>>
>> Hi Louis,
>>
>> No there are no lines with DHCPACK or OFFER. This is, because there are no
>> such packets coming (seen in Tcpdump). Our setup is the following: remote
>> client — LAN— router (with dnsmasq and a relay to PF) =VPN-Tunnel=
>> VPN-Server —LAN— PF-Server
>>
>> So PF is not offering any leases to the remote clients but gets information
>> from the dnsmasq which is configured as a relay. PF is configured as
>> inlinel3 for the remote clients.
>>
>> the networks.conf is therefore:
>> [192.168.2.0]
>> dns=192.168.2.254
>> dhcp_start=192.168.2.10
>> gateway=192.168.2.250
>> domain-name=inlinel2.endoo.eu <http://inlinel2.endoo.eu/>
>> nat_enabled=enabled
>> named=enabled
>> dhcp_max_lease_time=3600
>> fake_mac_enabled=disabled
>> dhcpd=enabled
>> dhcp_end=192.168.2.246
>> type=inlinel2
>> netmask=255.255.255.0
>> dhcp_default_lease_time=3600
>>
>> [10.1.13.0]
>> next_hop=192.168.2.2
>> domain-name=inlinel3.endoo.eu <http://inlinel3.endoo.eu/>
>> name=inlinel3.endoo.eu <http://inlinel3.endoo.eu/>
>> nat_enabled=1
>> named=enabled
>> dhcpd=disabled
>> fake_mac_enabled=0
>> type=inlinel3
>> netmask=255.255.255.0
>>
>> The dhcp.conf:
>> # dhcpd configuration
>> # This file is manipulated on PacketFence's startup before being given to
>> dhcpd
>> authoritative;
>> ddns-update-style none;
>> ignore client-updates;
>> log-facility local6;
>>
>> # OMAPI for IP <-> MAC lookup
>> omapi-port 7911;
>> key pf_omapi_key {
>> algorithm HMAC-MD5;
>> secret "ghkxVADMEeYe8ikHCjkyu7hQ2abIA/SbcH8Ep6a4FGs=";
>> };
>> omapi-key pf_omapi_key;
>>
>>
>> failover peer "192.168.2.0/24" {
>> secondary;
>> address 192.168.2.250;
>> port 647;
>> peer address 192.168.2.251;
>> peer port 647;
>> max-response-delay 30;
>> max-unacked-updates 10;
>> load balance max seconds 3;
>> }
>>
>>
>> subnet 192.168.2.0 netmask 255.255.255.0 {
>> option routers 192.168.2.250;
>> option subnet-mask 255.255.255.0;
>> option domain-name "inlinel2.endoo.eu <http://inlinel2.endoo.eu/>";
>> option domain-name-servers 192.168.2.254;
>> pool {
>> failover peer "192.168.2.0/24";
>> range 192.168.2.10 192.168.2.246;
>> default-lease-time 3600;
>> max-lease-time 3600;
>> }
>> }
>>
>>
>> The dhcpd is only relevant for the local network at the server side but not
>> for the remote clients. There are also no DHCP Server errors on the server.
>>
>> The point is, that it worked well with the old PF version.
>> pfdhcplistener.log (old, when it worked):
>> Nov 22 15:29:55 pfdhcplistener(11373) INFO: DHCPREQUEST from
>> 00:25:4b:cd:f4:64 (10.1.13.78) (main::parse_dhcp_request)
>> Nov 22 15:29:55 pfdhcplistener(11373) WARN: Unable to match MAC address to
>> IP '10.1.13.78' (pf::iplog::ip2mac)
>> Nov 22 15:29:55 pfdhcplistener(11373) INFO: 00:25:4b:cd:f4:64 requested an
>> IP with the following informations: last_dhcp = 2015-11-22
>> 15:29:55,computername = Christians-MBP,dhcp_fingerprint =
>> 1,3,6,15,119,95,252,44,46,dhcp_vendor = (main::listen_dhcp)
>>
>> It does not seem to be that different…
>>
>> Kind regards
>> Christian Hanster
>>> On 25 Nov 2015, at 20:35, Louis Munro <lmu...@inverse.ca
>>> <mailto:lmu...@inverse.ca>> wrote:
>>>
>>> Hi Christian,
>>> Is this all that is in the pfdhcplistener log?
>>> No lines with DHCPACK or DHCPOFFER?
>>>
>>> Which dhcp server is offering leases in the VLAN?
>>> The PF dhcp service, or do you have another server providing that service?
>>>
>>> Are there any dhcpd errors in /var/log/messages?
>>>
>>> Please post your conf/network.conf and var/conf/dhcpd.conf files.
>>>
>>> Regards,
>>> --
>>> Louis Munro
>>> lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
>>> <http://www.inverse.ca/>
>>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
>>> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>>>
>>>> On Nov 25, 2015, at 13:37 , Christian Hanster <christian.hans...@me.com
>>>> <mailto:christian.hans...@me.com>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> thanks for the response!
>>>> So after some more testing I found out, that I have to restart the
>>>> pfdhcplistener manually. Then it is recognising the traffic. I do not what
>>>> is then different because the pfdhcplistener is running before too…
>>>>
>>>> Now the problem is, that PF recognises the new Mac-address but did not
>>>> define an IP Adress. Output of pfdhcplistener:
>>>> Nov 25 18:24:45 pfqueue(51123) INFO: [mac:[undef]] DHCPREQUEST from
>>>> d4:33:a3:ed:f2:a5 (10.1.13.239) with lease of 7776000 seconds
>>>> (pf::dhcp::processor::parse_dhcp_request)
>>>> Nov 25 18:24:47 pfqueue(51123) INFO: [mac:d4:33:a3:ed:f2:a5]
>>>> d4:33:a3:ed:f2:a5 requested an IP with the following informations:
>>>> last_dhcp = 2015-11-25 18:24:45,computername =
>>>> Christians-MBP,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor =
>>>> (pf::dhcp::processor::process_packet)
>>>>
>>>> So now I see node entries, but the captive portal says that the node
>>>> cannot be found in the database, because PF does not store a value for the
>>>> IP-Adress in the DB when it detects it.
>>>>> On 25 Nov 2015, at 18:09, Louis Munro <lmu...@inverse.ca
>>>>> <mailto:lmu...@inverse.ca>> wrote:
>>>>>
>>>>>
>>>>> An active/active or active/passive cluster?
>>>>> Inline is not supported in active/active. Not everything can be
>>>>> replicated.
>>>> I run it as an active/active cluster. I followed the installation guide
>>>> from the packtefence website, but have a replicated DB server on an other
>>>> host. I did not know that inline is not supported. It was not stated
>>>> anywhere in the guide… Is there an easy way to change it to active/passive?
>>>>>
>>>>> Are all PacketFence services running?
>>>>> Especially pfqueue, redis_queue and obviously the pfdhcplistener?
>>>> Services are all running but it is only listening for dhcp when I restart
>>>> pfdhcplistener via “pfcmd service pfdhcplistener restart” manually.
>>>>> Are dhcp requests being received on the interface?
>>>>> What does this report?
>>>>>
>>>>> # tcpdump -tnl -i eth0 port bootpc or port bootps
>>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>>>> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
>>>> IP 10.1.13.1.67 > 192.168.2.254.67: BOOTP/DHCP, Request from
>>>> d4:33:a3:ed:f2:a5, length 300
>>>>
>>>> I hope you can help me with it because I’m really clueless at the moment…
>>>>
>>>> Kind regards
>>>> Christian Hanster
>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>> --
>>>>> Louis Munro
>>>>> lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca
>>>>> <http://www.inverse.ca/>
>>>>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
>>>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>)
>>>>> and PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>>>>> ------------------------------------------------------------------------------
>>>>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>>>>> Give your users amazing mobile app experiences with Intel(R) XDK.
>>>>> Use one codebase in this all-in-one HTML5 development environment.
>>>>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>>>>> OSs.
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>>>>
>>>>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>>>>> PacketFence-users mailing list
>>>>> PacketFence-users@lists.sourceforge.net
>>>>> <mailto:PacketFence-users@lists.sourceforge.net>
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>> ------------------------------------------------------------------------------
>>>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>>>> Give your users amazing mobile app experiences with Intel(R) XDK.
>>>> Use one codebase in this all-in-one HTML5 development environment.
>>>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>>>> OSs.
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>>>
>>>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>> <mailto:PacketFence-users@lists.sourceforge.net>
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>
>>> ------------------------------------------------------------------------------
>>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>>> Give your users amazing mobile app experiences with Intel(R) XDK.
>>> Use one codebase in this all-in-one HTML5 development environment.
>>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>>> OSs.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>>
>>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> <mailto:PacketFence-users@lists.sourceforge.net>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> ------------------------------------------------------------------------------
>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>> Give your users amazing mobile app experiences with Intel(R) XDK.
>> Use one codebase in this all-in-one HTML5 development environment.
>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
>>
>> <http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________>
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
