Re: [Kea-users] option 54
Hi, I recommend upgrading to Kea 1.3 (or 1.4 in a couple of weeks), which already have this feature: https://kea.isc.org/docs/kea-guide.html#dhcp4-serverid Kind Regards, Marcin Siodelski ISC On 11.05.2018 10:58, Itay Rozenberg wrote: > > After the client gets the address from the dhcp server ,its renewing it > directly to kea, i need it to renew it via the relay > > > Original message > From: "Chaigneau, Nicolas" <nicolas.chaign...@capgemini.com> > Date: 5/11/18 11:44 (GMT+02:00) > To: itay cohen <icohen9...@gmail.com>, kea-users@lists.isc.org > Subject: Re: [Kea-users] option 54 > > > Option 54 is set automatically by the server (to the IP address on which the > packet was received, I think). > > It cannot be an arbitrary value, it is used by clients in DHCPREQUEST > messages. The server will ignore such messages with an option 54 that does > not match its configuration (even if they are unicast to him) because it > indicates that the client is trying to communicate with another server. > > What are you trying to do exactly ? > > > Regards, > Nicolas. > > De : Kea-users [mailto:kea-users-boun...@lists.isc.org] De la part de itay > cohen > Envoyé : vendredi 11 mai 2018 02:35 > À : kea-users@lists.isc.org > Objet : [Kea-users] option 54 > > hi all > > i'm using kea-1.2.0 > > i'm trying to set > "option-data": [ > { "name": "routers", "data": " 10.0.0.1" }, > { "name": "dhcp-server-identifier", "data": > "10.0.0.1" } > ], > now, when kea is trying to send the packet back its being Dropped with this > message, > [kea-dhcp4.bad-packets/19941] DHCP4_PACKET_DROP_0007 [hwtype=1 > a8:11:fc:98:fe:dd], cid=[ff:fc:98:fe:dd:00:03:00:01:a8:11:fc:98:fe:dd], > tid=0x4a68f6e1: failed to process packet: Option 54 already present in this > message. > > any thoughts ? > > thank you, > Itay > > > > This message contains information that may be privileged or confidential and > is the property of the Capgemini Group. It is intended only for the person to > whom it is addressed. If you are not the intended recipient, you are not > authorized to read, print, retain, copy, disseminate, distribute, or use this > message or any part thereof. If you receive this message in error, please > notify the sender immediately and delete all copies of this message. > > [Banner]<https://www.partner.co.il/partnerfiber?PartnerCampaignId=191088_source=Signature_medium=Banner_campaign=FiberApril18> > Powered by U-BTech > XTRABANNER<http://www.u-btech.com/products/xtrabanner/poweredby> > > Please do not enrich emails sent to > me<mailto:xban...@orange.co.il?subject=Please%20do%20not%20enrich%20emails%20sent%20to%20me%20%5BRemoval%20Code%3A%20DNE42%5D=Please%20do%20not%20enrich%20emails%20sent%20to%20me> > > > This message contains information that may be confidential or privileged. > If you are not the intended recipient, you may not use, copy or disclose > to anyone any of the information in this message. If you have received > this message and are not the intended recipient, kindly notify the sender > and delete this message from your computer. > > > > ___ > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] option 54
After the client gets the address from the dhcp server ,its renewing it directly to kea, i need it to renew it via the relay Original message From: "Chaigneau, Nicolas" <nicolas.chaign...@capgemini.com> Date: 5/11/18 11:44 (GMT+02:00) To: itay cohen <icohen9...@gmail.com>, kea-users@lists.isc.org Subject: Re: [Kea-users] option 54 Option 54 is set automatically by the server (to the IP address on which the packet was received, I think). It cannot be an arbitrary value, it is used by clients in DHCPREQUEST messages. The server will ignore such messages with an option 54 that does not match its configuration (even if they are unicast to him) because it indicates that the client is trying to communicate with another server. What are you trying to do exactly ? Regards, Nicolas. De : Kea-users [mailto:kea-users-boun...@lists.isc.org] De la part de itay cohen Envoyé : vendredi 11 mai 2018 02:35 À : kea-users@lists.isc.org Objet : [Kea-users] option 54 hi all i'm using kea-1.2.0 i'm trying to set "option-data": [ { "name": "routers", "data": " 10.0.0.1" }, { "name": "dhcp-server-identifier", "data": "10.0.0.1" } ], now, when kea is trying to send the packet back its being Dropped with this message, [kea-dhcp4.bad-packets/19941] DHCP4_PACKET_DROP_0007 [hwtype=1 a8:11:fc:98:fe:dd], cid=[ff:fc:98:fe:dd:00:03:00:01:a8:11:fc:98:fe:dd], tid=0x4a68f6e1: failed to process packet: Option 54 already present in this message. any thoughts ? thank you, Itay This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. [Banner]<https://www.partner.co.il/partnerfiber?PartnerCampaignId=191088_source=Signature_medium=Banner_campaign=FiberApril18> Powered by U-BTech XTRABANNER<http://www.u-btech.com/products/xtrabanner/poweredby> Please do not enrich emails sent to me<mailto:xban...@orange.co.il?subject=Please%20do%20not%20enrich%20emails%20sent%20to%20me%20%5BRemoval%20Code%3A%20DNE42%5D=Please%20do%20not%20enrich%20emails%20sent%20to%20me> This message contains information that may be confidential or privileged. If you are not the intended recipient, you may not use, copy or disclose to anyone any of the information in this message. If you have received this message and are not the intended recipient, kindly notify the sender and delete this message from your computer. ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] option 54
Option 54 is set automatically by the server (to the IP address on which the packet was received, I think). It cannot be an arbitrary value, it is used by clients in DHCPREQUEST messages. The server will ignore such messages with an option 54 that does not match its configuration (even if they are unicast to him) because it indicates that the client is trying to communicate with another server. What are you trying to do exactly ? Regards, Nicolas. De : Kea-users [mailto:kea-users-boun...@lists.isc.org] De la part de itay cohen Envoyé : vendredi 11 mai 2018 02:35 À : kea-users@lists.isc.org Objet : [Kea-users] option 54 hi all i'm using kea-1.2.0 i'm trying to set "option-data": [ { "name": "routers", "data": " 10.0.0.1" }, { "name": "dhcp-server-identifier", "data": "10.0.0.1" } ], now, when kea is trying to send the packet back its being Dropped with this message, [kea-dhcp4.bad-packets/19941] DHCP4_PACKET_DROP_0007 [hwtype=1 a8:11:fc:98:fe:dd], cid=[ff:fc:98:fe:dd:00:03:00:01:a8:11:fc:98:fe:dd], tid=0x4a68f6e1: failed to process packet: Option 54 already present in this message. any thoughts ? thank you, Itay This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] option 54 in subnet definition
Ok, thanx. Just wanted to be sure that i didn't misconfigured the server. So far i have manage to bypass the problem by creating buffer_receive and pkt_send hooks. pkt_send is changing server-id when sent to client (based on some conditions). buffer_receive is changing it back to server private ip. Otherwise the packet would be dropped because of foreign identifier error. Igor On 12/16/2016 10:45 AM, Francis Dupont wrote: We know the address given is server-identifier should get more control, there are some tickets about this (and as far as I know no time to deal with them soon...). Regards Francis DupontIgor Smitran writes: Hi list, Did any of you tried to set custom server-identifier in a subnet? In case you wonder why would one do that: Server is in a private network, behind firewall. There is a dhcp relay that forwards all requests to dhcp server. But, when server leases a public ip to a cpe device then cpe device is not able to renew it's lease because it is not able to send unicast packet to dhcp server private ip. Here comes ASA to rescue. There is a NAT on a public ip that forwards all dhcp packets to private ip of dhcp server. So, DHCP server needs to change his server-identifier in order to tell the client that he can renew his lease by using public ip. But, this doesn;t work, server still sends his private IP in option 54. {"subnet": "PUBLIC/26", "renew-timer": 300, "rebind-timer" : 525, "pools": [ { "pool": "FIRST_PUBLIC_IP - LAST_PUBLIC_IP" } ], "option-data" : [ { "name" : "dhcp-server-identifier", "code" : 54, "space" : "dhcp4", "csv-format" : true, "data" : "PUBLIC_IP_ASA_NAT" }, ... ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] option 54 in subnet definition
We know the address given is server-identifier should get more control, there are some tickets about this (and as far as I know no time to deal with them soon...). Regards Francis DupontIgor Smitran writes: > Hi list, > > Did any of you tried to set custom server-identifier in a subnet? > > In case you wonder why would one do that: > > Server is in a private network, behind firewall. There is a dhcp relay > that forwards all requests to dhcp server. > > But, when server leases a public ip to a cpe device then cpe device is > not able to renew it's lease because it is not able to send unicast > packet to dhcp server private ip. > > Here comes ASA to rescue. There is a NAT on a public ip that forwards > all dhcp packets to private ip of dhcp server. > > So, DHCP server needs to change his server-identifier in order to tell > the client that he can renew his lease by using public ip. > > But, this doesn;t work, server still sends his private IP in option 54. > > {"subnet": "PUBLIC/26", > "renew-timer": 300, > "rebind-timer" : 525, > "pools": [ { "pool": "FIRST_PUBLIC_IP - LAST_PUBLIC_IP" } ], > "option-data" : [ > { > "name" : "dhcp-server-identifier", > "code" : 54, > "space" : "dhcp4", > "csv-format" : true, > "data" : "PUBLIC_IP_ASA_NAT" > }, > > ... > > ___ > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] option 54 in subnet definition
Hi list, Did any of you tried to set custom server-identifier in a subnet? In case you wonder why would one do that: Server is in a private network, behind firewall. There is a dhcp relay that forwards all requests to dhcp server. But, when server leases a public ip to a cpe device then cpe device is not able to renew it's lease because it is not able to send unicast packet to dhcp server private ip. Here comes ASA to rescue. There is a NAT on a public ip that forwards all dhcp packets to private ip of dhcp server. So, DHCP server needs to change his server-identifier in order to tell the client that he can renew his lease by using public ip. But, this doesn;t work, server still sends his private IP in option 54. {"subnet": "PUBLIC/26", "renew-timer": 300, "rebind-timer" : 525, "pools": [ { "pool": "FIRST_PUBLIC_IP - LAST_PUBLIC_IP" } ], "option-data" : [ { "name" : "dhcp-server-identifier", "code" : 54, "space" : "dhcp4", "csv-format" : true, "data" : "PUBLIC_IP_ASA_NAT" }, ... ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users