Re: DHCP reply don't go out
Maybe i've found something that can help us to solve the problem.
Here's FreeRadius DHCP reply (from dhcpdump):
---
TIME: 2013-02-12 15:13:10.426
IP: 172.20.1.2 (0:c:29:eb:3e:86) > 172.20.1.20 (0:4:13:71:11:65)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 44d8b628
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 172.20.1.20
SIADDR: 172.20.1.2
GIADDR: 0.0.0.0
CHADDR: 00:04:13:71:11:65:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
OPTION: 1 ( 4) Subnet mask 255.255.255.0
OPTION: 3 ( 4) Routers 172.20.1.1
OPTION: 4 ( 4) Time server 172.20.1.2
OPTION: 6 ( 4) DNS server172.20.1.2
OPTION: 12 ( 13) Host name voip.unisi.it
OPTION: 15 ( 13) Domainnamevoip.unisi.it
OPTION: 42 ( 4) NTP servers 172.20.1.2
OPTION: 51 ( 4) IP address leasetime 7200 (2h)
OPTION: 54 ( 4) Server identifier 172.20.1.2
OPTION: 66 ( 17) TFTP server name tftp://172.20.1.2
---
and this is the ISC DHCP Server reply (that i use in production on the
same machine):
---
TIME: 2013-02-12 15:19:42.168
IP: 172.20.1.2 (0:c:29:eb:3e:86) > 172.20.1.20 (cc:ef:48:5e:8f:e4)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 5ace8683
SECS: 0
FLAGS: 0
CIADDR: 172.20.1.20
YIADDR: 172.20.1.20
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: cc:ef:48:5e:8f:e4:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
OPTION: 54 ( 4) Server identifier 172.20.1.2
OPTION: 51 ( 4) IP address leasetime 7200 (2h)
OPTION: 1 ( 4) Subnet mask 255.255.255.0
OPTION: 3 ( 4) Routers 172.20.1.1
OPTION: 42 ( 4) NTP servers 172.20.1.2
OPTION: 6 ( 4) DNS server172.20.1.2
OPTION: 15 ( 13) Domainnamevoip.unisi.it
OPTION: 58 ( 4) T13600 (60m)
OPTION: 59 ( 4) T26300 (1h45m)
OPTION: 66 ( 17) TFTP server name tftp://172.20.1.2
OPTION: 2 ( 4) Time offset 7200 (2h)
---
I'm pointing on CIADDR and SIADDR.
Maybe something wrong in my policy.conf ?
[...]
# Assign compatibility data to request for sqlippool
dhcp_sqlippool.post-auth {
# Do some minor hacks to the request so that it looks
# like a RADIUS request to the SQL IP Pool module.
update control {
Pool-Name = "main_pool"
}
update request {
User-Name = "DHCP-%{DHCP-Client-Hardware-Address}"
Calling-Station-Id = "%{DHCP-Client-Hardware-Address}"
NAS-IP-Address =
"%{%{DHCP-Gateway-IP-Address}:-127.0.0.1}"
Acct-Status-Type = Start
}
# Call the actual module
#
# Uncomment this in order to really call it!
dhcp_sqlippool
# fail
# Convert Framed-IP-Address to DHCP, but only if we
# actually allocated an address.
if (ok) {
update reply {
DHCP-Your-IP-Address =
"%{reply:Framed-IP-Address}"
}
}
}
}
Thanks, Michele
On 12/02/2013 12:33, Russell Mike wrote:
> Is there any layer 3 device between client and dhcp server? Then you
> need dhcp relay agent,if that is not the case chk firewall.
> Thanks
>
> On Tuesday, February 12, 2013, Michele Pinassi wrote:
>
> Hi all,
>
> i've just installed a FreeRadius server 2.2.0 with DHCP support because
> i need a dhcp server that use MySQL ad a backend.
>
> My network topology is:
>
> eth0 inet addr:193.205.4.xxx [PUBLIC]
> eth1 inet addr:172.20.1.2 [PRIVATE]
>
> all dhcp requests and reply should come from eth1. Here is freeradius -X
> dump:
>
> FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20
> 2012 at 13:37:59
> Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - re
Re: DHCP reply don't go out
Thanks Russel for you prompt reply but i thing that's not a network issue. I'm trying FreeRadius as an alternative for ISC DHCPD server that run on the same server (and the same clients) perfectly. Any other hint ? Michele On 12/02/2013 12:33, Russell Mike wrote: > Is there any layer 3 device between client and dhcp server? Then you > need dhcp relay agent,if that is not the case chk firewall. > Thanks > -- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053 Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DHCP reply don't go out
'%{NAS-IP-Address}', pool_key = '%{Calling-Station-Id}',
callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}',
calledstationid = 'Freeradius-DHCP', expiry_time = GREATEST(
IF(ISNULL(expiry_time),'-00-00 00:00:00',expiry_time), NOW() +
INTERVAL 7200 SECOND) WHERE framedipaddress = '172.20.1.20' AND (
(callingstationid = '%{Calling-Station-Id}') OR (expiry_time < NOW() OR
expiry_time IS NULL) ) -> UPDATE radippool SET nasipaddress =
'0.0.0.0', pool_key = '00:04:13:71:11:65', callingstationid =
'00:04:13:71:11:65', username = 'DHCP-00:04:13:71:11:65',
calledstationid = 'Freeradius-DHCP', expiry_time = GREATEST(
IF(ISNULL(expiry_time),'-00-00 00:00:00',expiry_time), NOW() +
INTERVAL 7200 SECOND) WHERE framedipaddress = '172.20.1.20' AND (
(callingstationid = '00:04:13:71:11:65') OR (expiry_time < NOW() OR
expiry_time IS NULL) )
[dhcp_sqlippool] Allocated IP 172.20.1.20 [140114ac]
[dhcp_sqlippool]expand: COMMIT -> COMMIT
rlm_sql (sql): Released sql socket id: 4
[dhcp_sqlippool]expand: DHCP: Allocated IP: %{reply:Framed-IP-Address}
from %{control:Pool-Name} (did %{Called-Station-Id} cli
%{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> DHCP:
Allocated IP: 172.20.1.20 from main_pool (did cli 00:04:13:71:11:65
port user DHCP-00:04:13:71:11:65)
DHCP: Allocated IP: 172.20.1.20 from main_pool (did cli
00:04:13:71:11:65 port user DHCP-00:04:13:71:11:65)
+++[dhcp_sqlippool] returns ok
+++? if (ok)
? Evaluating (ok) -> TRUE
+++? if (ok) -> TRUE
+++- entering if (ok) {...}
expand: %{reply:Framed-IP-Address} -> 172.20.1.20
++++[reply] returns ok
+++- if (ok) returns ok
++- policy dhcp_sqlippool.post-auth returns ok
++[ok] returns ok
} # server dhcp
DHCP-Subnet-Mask = 255.255.0.0
DHCP-Router-Address = 172.20.1.1
DHCP-Time-Server = 172.20.1.2
DHCP-Domain-Name-Server = 172.20.1.2
DHCP-Hostname = "voip.unisi.it"
DHCP-Domain-Name = "voip.unisi.it"
DHCP-NTP-Servers = 172.20.1.2
DHCP-IP-Address-Lease-Time = 7200
DHCP-DHCP-Server-Identifier = 172.20.1.2
DHCP-TFTP-Server-Name = "tftp://172.20.1.2";
Sending DHCP-Offer of id 022e173c from 255.255.255.255:67 to 172.20.1.20:68
Finished request 0.
Cleaning up request 0 ID 36575036 with timestamp +2
Going to the next request
Ready to process requests.
but TCPDUMP (and the phone, that didn't receive the reply) say:
10:40:34.484198 IP (tos 0x0, ttl 128, id 0, offset 0, flags [none],
proto UDP (17), length 346)
0.0.0.0.bootpc > 255.255.255.255.bootps: [no cksum] BOOTP/DHCP,
Request from 00:04:13:71:11:65 (oui Unknown), length 318, xid 0x22e173c,
Flags [none] (0x)
Client-Ethernet-Address 00:04:13:71:11:65 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 15:
Subnet-Mask, Default-Gateway, Time-Server, Domain-Name-Server
Hostname, Domain-Name, NTP, Vendor-Option
Lease-Time, TFTP, BF, Option 120
Option 125, Option 132, Option 133
Vendor-Class Option 60, length 7: "snom760"
Hostname Option 12, length 14: "snom760-711165"
T125 Option 125, length 30:
0,3561,6401,1584,12336,13361,13058,1591,12593,12598,13571,1907,28271,27959,13872
END Option 255, length 0
any hint ?
Thanks, Michele
--
Michele Pinassi
Responsabile Telefonia di Ateneo
Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi
di Siena
tel: 0577.(23)2169 - fax: 0577.(23)2053
Per trovare una soluzione rapida ai tuoi problemi tecnici
consulta le FAQ di Ateneo, http://www.faq.unisi.it
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
