Re: DHCP reply don't go out
Maybe i've found something that can help us to solve the problem. Here's FreeRadius DHCP reply (from dhcpdump): --- TIME: 2013-02-12 15:13:10.426 IP: 172.20.1.2 (0:c:29:eb:3e:86) > 172.20.1.20 (0:4:13:71:11:65) OP: 2 (BOOTPREPLY) HTYPE: 1 (Ethernet) HLEN: 6 HOPS: 0 XID: 44d8b628 SECS: 0 FLAGS: 0 CIADDR: 0.0.0.0 YIADDR: 172.20.1.20 SIADDR: 172.20.1.2 GIADDR: 0.0.0.0 CHADDR: 00:04:13:71:11:65:00:00:00:00:00:00:00:00:00:00 SNAME: . FNAME: . OPTION: 53 ( 1) DHCP message type 5 (DHCPACK) OPTION: 1 ( 4) Subnet mask 255.255.255.0 OPTION: 3 ( 4) Routers 172.20.1.1 OPTION: 4 ( 4) Time server 172.20.1.2 OPTION: 6 ( 4) DNS server172.20.1.2 OPTION: 12 ( 13) Host name voip.unisi.it OPTION: 15 ( 13) Domainnamevoip.unisi.it OPTION: 42 ( 4) NTP servers 172.20.1.2 OPTION: 51 ( 4) IP address leasetime 7200 (2h) OPTION: 54 ( 4) Server identifier 172.20.1.2 OPTION: 66 ( 17) TFTP server name tftp://172.20.1.2 --- and this is the ISC DHCP Server reply (that i use in production on the same machine): --- TIME: 2013-02-12 15:19:42.168 IP: 172.20.1.2 (0:c:29:eb:3e:86) > 172.20.1.20 (cc:ef:48:5e:8f:e4) OP: 2 (BOOTPREPLY) HTYPE: 1 (Ethernet) HLEN: 6 HOPS: 0 XID: 5ace8683 SECS: 0 FLAGS: 0 CIADDR: 172.20.1.20 YIADDR: 172.20.1.20 SIADDR: 0.0.0.0 GIADDR: 0.0.0.0 CHADDR: cc:ef:48:5e:8f:e4:00:00:00:00:00:00:00:00:00:00 SNAME: . FNAME: . OPTION: 53 ( 1) DHCP message type 5 (DHCPACK) OPTION: 54 ( 4) Server identifier 172.20.1.2 OPTION: 51 ( 4) IP address leasetime 7200 (2h) OPTION: 1 ( 4) Subnet mask 255.255.255.0 OPTION: 3 ( 4) Routers 172.20.1.1 OPTION: 42 ( 4) NTP servers 172.20.1.2 OPTION: 6 ( 4) DNS server172.20.1.2 OPTION: 15 ( 13) Domainnamevoip.unisi.it OPTION: 58 ( 4) T13600 (60m) OPTION: 59 ( 4) T26300 (1h45m) OPTION: 66 ( 17) TFTP server name tftp://172.20.1.2 OPTION: 2 ( 4) Time offset 7200 (2h) --- I'm pointing on CIADDR and SIADDR. Maybe something wrong in my policy.conf ? [...] # Assign compatibility data to request for sqlippool dhcp_sqlippool.post-auth { # Do some minor hacks to the request so that it looks # like a RADIUS request to the SQL IP Pool module. update control { Pool-Name = "main_pool" } update request { User-Name = "DHCP-%{DHCP-Client-Hardware-Address}" Calling-Station-Id = "%{DHCP-Client-Hardware-Address}" NAS-IP-Address = "%{%{DHCP-Gateway-IP-Address}:-127.0.0.1}" Acct-Status-Type = Start } # Call the actual module # # Uncomment this in order to really call it! dhcp_sqlippool # fail # Convert Framed-IP-Address to DHCP, but only if we # actually allocated an address. if (ok) { update reply { DHCP-Your-IP-Address = "%{reply:Framed-IP-Address}" } } } } Thanks, Michele On 12/02/2013 12:33, Russell Mike wrote: > Is there any layer 3 device between client and dhcp server? Then you > need dhcp relay agent,if that is not the case chk firewall. > Thanks > > On Tuesday, February 12, 2013, Michele Pinassi wrote: > > Hi all, > > i've just installed a FreeRadius server 2.2.0 with DHCP support because > i need a dhcp server that use MySQL ad a backend. > > My network topology is: > > eth0 inet addr:193.205.4.xxx [PUBLIC] > eth1 inet addr:172.20.1.2 [PRIVATE] > > all dhcp requests and reply should come from eth1. Here is freeradius -X > dump: > > FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20 > 2012 at 13:37:59 > Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A > PARTICULAR PURPOSE. > You may redistribute copies of FreeRADIUS under the terms of the > GNU General Public License v2. > Starting - re
Re: DHCP reply don't go out
Thanks Russel for you prompt reply but i thing that's not a network issue. I'm trying FreeRadius as an alternative for ISC DHCPD server that run on the same server (and the same clients) perfectly. Any other hint ? Michele On 12/02/2013 12:33, Russell Mike wrote: > Is there any layer 3 device between client and dhcp server? Then you > need dhcp relay agent,if that is not the case chk firewall. > Thanks > -- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053 Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DHCP reply don't go out
'%{NAS-IP-Address}', pool_key = '%{Calling-Station-Id}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', calledstationid = 'Freeradius-DHCP', expiry_time = GREATEST( IF(ISNULL(expiry_time),'-00-00 00:00:00',expiry_time), NOW() + INTERVAL 7200 SECOND) WHERE framedipaddress = '172.20.1.20' AND ( (callingstationid = '%{Calling-Station-Id}') OR (expiry_time < NOW() OR expiry_time IS NULL) ) -> UPDATE radippool SET nasipaddress = '0.0.0.0', pool_key = '00:04:13:71:11:65', callingstationid = '00:04:13:71:11:65', username = 'DHCP-00:04:13:71:11:65', calledstationid = 'Freeradius-DHCP', expiry_time = GREATEST( IF(ISNULL(expiry_time),'-00-00 00:00:00',expiry_time), NOW() + INTERVAL 7200 SECOND) WHERE framedipaddress = '172.20.1.20' AND ( (callingstationid = '00:04:13:71:11:65') OR (expiry_time < NOW() OR expiry_time IS NULL) ) [dhcp_sqlippool] Allocated IP 172.20.1.20 [140114ac] [dhcp_sqlippool]expand: COMMIT -> COMMIT rlm_sql (sql): Released sql socket id: 4 [dhcp_sqlippool]expand: DHCP: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> DHCP: Allocated IP: 172.20.1.20 from main_pool (did cli 00:04:13:71:11:65 port user DHCP-00:04:13:71:11:65) DHCP: Allocated IP: 172.20.1.20 from main_pool (did cli 00:04:13:71:11:65 port user DHCP-00:04:13:71:11:65) +++[dhcp_sqlippool] returns ok +++? if (ok) ? Evaluating (ok) -> TRUE +++? if (ok) -> TRUE +++- entering if (ok) {...} expand: %{reply:Framed-IP-Address} -> 172.20.1.20 ++++[reply] returns ok +++- if (ok) returns ok ++- policy dhcp_sqlippool.post-auth returns ok ++[ok] returns ok } # server dhcp DHCP-Subnet-Mask = 255.255.0.0 DHCP-Router-Address = 172.20.1.1 DHCP-Time-Server = 172.20.1.2 DHCP-Domain-Name-Server = 172.20.1.2 DHCP-Hostname = "voip.unisi.it" DHCP-Domain-Name = "voip.unisi.it" DHCP-NTP-Servers = 172.20.1.2 DHCP-IP-Address-Lease-Time = 7200 DHCP-DHCP-Server-Identifier = 172.20.1.2 DHCP-TFTP-Server-Name = "tftp://172.20.1.2"; Sending DHCP-Offer of id 022e173c from 255.255.255.255:67 to 172.20.1.20:68 Finished request 0. Cleaning up request 0 ID 36575036 with timestamp +2 Going to the next request Ready to process requests. but TCPDUMP (and the phone, that didn't receive the reply) say: 10:40:34.484198 IP (tos 0x0, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 346) 0.0.0.0.bootpc > 255.255.255.255.bootps: [no cksum] BOOTP/DHCP, Request from 00:04:13:71:11:65 (oui Unknown), length 318, xid 0x22e173c, Flags [none] (0x) Client-Ethernet-Address 00:04:13:71:11:65 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Parameter-Request Option 55, length 15: Subnet-Mask, Default-Gateway, Time-Server, Domain-Name-Server Hostname, Domain-Name, NTP, Vendor-Option Lease-Time, TFTP, BF, Option 120 Option 125, Option 132, Option 133 Vendor-Class Option 60, length 7: "snom760" Hostname Option 12, length 14: "snom760-711165" T125 Option 125, length 30: 0,3561,6401,1584,12336,13361,13058,1591,12593,12598,13571,1907,28271,27959,13872 END Option 255, length 0 any hint ? Thanks, Michele -- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053 Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html