Page MenuHomeVyOS Platform
Create Task
Maniphest T2562

VyOS can't be used as a DHCP server for a DHCP relay
Closed, ResolvedPublicBUG
Actions

Description

The layout is simple:

  • VyOS: 10.10.51.1/30, has DHCP server for 10.10.200.0/24
  • Switch: 10.10.51.2/30, 10.10.200.1/24 -> router for that subnet and dhcp relay to VyOS

There are a few major issues right now.

  1. We force the use of shared-network. This will make it impossible for VyOS to be a DHCP Server for a relay
  2. We require too much information from the CLI to allow this setup to work

In the follow config, I've inserted comments to show what needs to happen:

 ### This line needs to be deleted.  Otherwise isc-dhcp won't start up and complain about the 10.10.200.0/24 not existing on any interface
shared-network VPNSUBNET {    

 ### The CLI won't let you create a line that looks like this, because there's no DHCP ranges or mappings. But to be a DHCP server for a relay, it needs to exist thusly, on the interface that's facing the device doing the relay.
    subnet 10.10.51.0 netmask 255.255.255.0 { }  

    subnet 10.10.200.0 netmask 255.255.255.0 {
        option domain-name-servers 10.3.1.254, 10.3.1.253;
        option routers 10.10.200.1;
        default-lease-time 86400;
        max-lease-time 86400;
        range 10.10.200.100 10.10.200.200;
    }
 ### As the closing bracket, this line needs to be deleted.
}

When fixed, I think this should be backport candidate

Details

Difficulty level
Normal (likely a few hours)
Version
1.3, 1.2
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedFEATURE REQUESTc-poT3100 Migrate DHCP/DHCPv6 server to get_config_dict()
 ResolvedBUGc-poT2562 VyOS can't be used as a DHCP server for a DHCP relay

Event Timeline

kroy created this task.Jun 7 2020, 8:04 PM
kroy updated the task description. (Show Details)
kroy updated the task description. (Show Details)
kroy updated the task description. (Show Details)
kroy updated the task description. (Show Details)Jun 7 2020, 8:08 PM
kroy updated the task description. (Show Details)
kroy updated the task description. (Show Details)
pasik added a subscriber: pasik.Jun 8 2020, 1:49 PM
kroy added a comment.Jun 18 2020, 1:17 AM

Revising this since I nailed down the issue.

The problems here are two-fold:

  • Our systemd unit doesn't pass in any interfaces into dhcp4. Because of this, you need a line like subnet 10.10.51.0 netmask 255.255.255.0 {}. I'll probably just add an node for listen-address or something like that, and explain it's for relaying.
  • This line needs to be modified slightly. To use VyOS as a server for a DHCP relay, the address doesn't necessarily need to be attached. Meaning this will probably be an either/or with the first item.

So the question is, do I make this listen address 10.10.51.0/24 or something like subnet 10.10.51.0/24 relay. Seems like the second might be a little cleaner.

c-po merged a task: T3101: Support configuration of DHCP scopes even when there is no locally attached subnet.Dec 1 2020, 3:07 PM
c-po added a parent task: T3100: Migrate DHCP/DHCPv6 server to get_config_dict().
c-po added a subscriber: c-po.
c-po claimed this task.Dec 4 2020, 5:49 PM
c-po triaged this task as Normal priority.
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po added a comment.Dec 6 2020, 12:25 PM

Taking the following configuration as a pool serving relays:

set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'vyos.net'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start '192.168.0.9'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop '192.168.0.254'

Will require a new node listen-address to be set which acts as the interim subnet {} definition described above.

set service dhcp-server listen-address '1.1.1.1'
vyos@vyos# commit
[ service dhcp-server ]
listen-address "1.1.1.1" not configured on any interface
set service dhcp-server listen-address '172.18.201.10'

This will render:

### Autogenerated by dhcp_server.py ###

# For options please consult the following website:
# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html
#
# log-facility local7;


ddns-update-style none;
option rfc3442-static-route code 121 = array of integer 8;
option windows-static-route code 249 = array of integer 8;
option wpad-url code 252 = text;

# Failover configuration

# DHCP server serving relay subnet, we need a connector to the real world
# Connected subnet statement for listen-address 172.18.201.10
subnet 172.18.201.0 netmask 255.255.255.0 { }

# Shared network configration(s)
shared-network LAN {
    subnet 192.168.0.0 netmask 255.255.255.0 {
        option domain-name-servers 192.168.0.1;
        option routers 192.168.0.1;
        option domain-name "vyos.net";
        default-lease-time 200;
        max-lease-time 200;
        range 192.168.0.9 192.168.0.254;
    }
    on commit {
        set shared-networkname = "LAN";
    }
}
c-po changed the task status from Open to In progress.Dec 6 2020, 12:58 PM
c-po changed the task status from In progress to Needs testing.Dec 8 2020, 4:52 PM
c-po closed this task as Resolved.Dec 8 2020, 6:18 PM
erkin set Issue type to Bug (incorrect behavior).Aug 30 2021, 5:42 AM
erkin removed a subscriber: Active contributors.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 12:21 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.