DHCP Client Configuration: How to properly set vivso-suboptions?
-
@teunbruijnen
Can you make a packet trace of the ISP device receiving a DHCP address ?
Typically a "managed switch" , with a "mirror port" , and a wireshark on the mirror port.That would make your life much easier.
/Bingo
-
@bingo600 hi, thanks a lot for your reply.
I do not have access to a managed switch so don't think I'll be able to do a packet trace of the ISP device receiving a DHCP address. Unless there is a way to achieve this result with a laptop! -
@teunbruijnen @bingo600 I managed to figure out how to set the option-125. It took some brute-forcing and I am honestly very surprised it isn't shared in a clear way somewhere else. So here's to hoping it will show up in the search results for someone else who needs help setting option 125 haha.
Here's how to configure option (125) V-I Vendor Specific Information:
Apparenly you need to call "option-125", and afterwards a hexadecimal value. I literally copied and pasted the hexadecimal values of the option 125 suboptions from the ISP device :)
-
Nicely done
I also was about to give some hints
https://psaintemarie.github.io/blog/unifi-bytel-ftth-france/
https://github.com/psaintemarie/unifi-bytelThat might have lead you to the same
Via this
https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#optionsYou can see that Opt 125 is "RFC" defined here
https://www.rfc-editor.org/rfc/rfc3925.html/Bingo
Edit : For completeness these were my intermediate worknotes
/etc/inc/interfaces.inc function interface_dhcp_configure $send_options = ""; if ($ifcfg['adv_dhcp_send_options'] != '') { $options = DHCP_Config_Option_Split($ifcfg['adv_dhcp_send_options']); foreach ($options as $option) { $send_options .= "\tsend " . trim($option) . ";\n"; } } $request_options = ""; if ($ifcfg['adv_dhcp_request_options'] != '') { $request_options = "\trequest {$ifcfg['adv_dhcp_request_options']};\n"; } $required_options = ""; if ($ifcfg['adv_dhcp_required_options'] != '') { $required_options = "\trequire {$ifcfg['adv_dhcp_required_options']};\n"; } /usr/local/sbin/pfSense-dhclient-script -
From here
https://askubuntu.com/questions/949214/set-vendor-encapsulated-options-code-125-with-isc-dhcpd-4-3-fails
It would seem that your opt 125 is defined here and is 0x28 (40 dec) bytes long.
/Bingo
-
@bingo600 Yes, exactly! Props to finding all of that info :D It took me a few hours more hahaha.
Sadly, having set the option-125 suboptions just like the ISP device still doesn't give my WAN interface a public IP address. I am not sure where to look anymore. Do you have any advice?
-
You mention you have "Cloned the pfSense WAN Mac address" to be the same as your ISP router correct ?
Have you set your WAN to be ...
I see both Vlan100 and Vlan200 mentioned.I'd give Vlan 100 a shot first.
/Bingo
-
@bingo600 yes, exactly.
All of the guides I found say that to get an IP you need to clone the mac address, use vlan100 (or vlan200 on older posts) and set a vendor class identifier (BYGTELIAD on the newer vlan100)I tried both vlan100 & vlan200. Swapping over the vendor class identifiers too, you never know (:
No success, sadly -
@teunbruijnen
Now is the time to "dust off the credit card" and get a managed switch for packet capture.This is my favorite cheap 8-port
https://www.amazon.fr/D-Link-DGS-1100-08V2-administrable-fonctionnalit%C3%A9s-ventilateur/dp/B08MWL25PM/DONT' get TP-LINK
/Bingo
-
These could smell of DHCP parameters <option number , length>
See
https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#options0x37 (55 dec) , Len 0x0b (dec 11) = Opt 55 - Parameter Request List
0x3c ( 60 dec) , Len 0x09 (dec 9) = Opt 60 - Class Identifier
0x3d (61 dec) , Len 0x07 (dec 7) = Opt 61 - Client Identifier
0x7d (125 dec) , Len 0x28 (dec 40) = Opt 125 - Vendor-Identifying Vendor-Specific Information
Parameter Request List
0x01 Subnet mask
0x1c Broadcast addr
0x03 Router
0x33 IP Address Lease Time
0x3a DHCP Renewal (T1) Time
0x3b DHCP Renewal (T2) Time
0x0f The DNS domain name of the client
0x0c Hostname string
0x06 DNS Server addresses
0x2a NTP Server Addresses
0x48 WWW Server AddressesDecoding of the above is rather crazy to do by hand - Wireshark would do the m for you ... But i could
/Bingo
Edit: Similar Thread
https://forum.netgate.com/topic/102195/fios-wan-dhcp-setup-for-g1100-fios-quantum-router-with-pfsense-no-bridging -
@bingo600 lol, you are like a networking wizard! That is awesome.
You've helped me out a ton already, thanks a lot for your kind & insightful replies. It's been hard trying to crack this on my own, I'm not that experience with networking.
I guess I really do need to take a peek at what's happening "on the other side", to understand why the DHCP request of the ISP device IS getting an IP and why the DHCP request of the netgate device is not.
Wouldn't it be possible to use the ports I have on the SG-1100 to achieve this?! -
@bingo600 lol I set up a bridge between 2 ports.
Thought it was possible to simply route the traffic from 1 port to another with a bridge and then sniff the traffic on the bridge. However, traffic on the interfaces was suspiciously low again.
The only packets I got were these:
I guess I didn't do it right. I thought it wasn't that hard, that seems to be a recurring theme with me & networking :') -
@teunbruijnen said in DHCP Client Configuration: How to properly set vivso-suboptions?:
@bingo600 lol I set up a bridge between 2 ports.
I guess I didn't do it right. I thought it wasn't that hard, that seems to be a recurring theme with me & networking :')
Don't give up ... We have all been there.
Get the "right tool for the job" - Aka The switchI have no experience with the Netgate 1100 , or any of the ones w. built in switches.
/Bingo
-
@bingo600 Thanks for the encouragement! Putting it on ice until I get the "right tool for the job" :)
-
@bingo600 hello mr bingo. After one month, an order came through and I'm finally able to properly 'tap' the line (between SOHO router & modem).
I can now see the exact difference between the DHCP Discover packet the Netgate router sends out(which does not get accepted), and the DHCP Discover packet the SOHO router sends out(which gets accepted).
I can see the DHCP packet from the SOHO router has a 'header' (is this the right term?) : 802.1Q Virtual LAN, PRI: 6, DEI: 0, ID: 100.
Left is Netgate, right is SOHO
This header is not included in the request from the Netgate router. If I'm not mistaken, it seems that I have made a mistake in setting up the VLAN !
-
@teunbruijnen
Vlan info seems to be : Vlan 100 , PRI ?? (Priority)This seems to indicate that the WAN/ISP line is running as a 802.1Q tagged interface , and that answer is sent with Vlan Tag 100.
How was your Wan interface setup ?
Screenshots please ??/Bingo
-
@bingo600 Thanks for the reply! Indeed..
WAN interface:
And the VLAN:
Thanks for the support Bingo!!
-
-
@bingo600 Sadly it does not work :(( with the exact setup I've shared above, the DHCP Discover packet does not send out the 802.1Q Virtual LAN info. Do you have any ideas?
-
@teunbruijnen
I have no experience with the 1100's, and their built in switch-ports.How is the little mirror-port switch setup in the "Vlan 802.1Q section" ?
You are using the excactly same setup for sniffing ISP and pfSense ?
You have not put any of the ports in a specific vlan ?Maybe JP can help here, he seems to know about the embedded switch-ports.
@johnpozWe're trying to replace an ISP router with a pfSense, right now we seem to be stuck with sending the dhcp requests from pfSense, with "Vlan 100 tag" - pfSense is a 1100, and OP has bought a little switch with mirroring capabilities in order to debug the functioning ISP DPCP request vs the non functioning pfSense request.
https://forum.netgate.com/post/1011969Right now the issue seems to be that the 1100 pfSense WAN interface packages are not tagged w. Vlan100, according to the Wireshark Trace.
I have never used a pfSense w. builtin switchports, and it could be that i'm missing something there.
