Explained Example DHCP option 121/249

lonifer2000

Hi folks,

I feel like I should share this because the appropriate syntax for this DHCP option (121 or 249) was very unclear. Even from this thread https://forum.pfsense.org/index.php?topic=26755.0

It drove me insane trying to figure this out, but finally got it.

It appears as though, when using string as an option for these DHCP options, the data is read from right to left.  Not to say that you need to list everything backwards.  But it only makes "sense" (hehe) because zeros in your IP address, which are listed in hex, are ignored.  Additionally, multiple routes must be entered in the same field, one after another.

To do the hex, you can use printf to convert from hex to dec and dec to hex like so:

printf "%x\n" 192
c0

printf "%d\n" 0xc0
192

For example:
If you need to create a dhcp option 121 or 249 for 10.0.0.0/8 via 172.16.10.1

This is wrong –> 08:0a:00:00:00:ac:10:0a:01 this will yield a route statement like this
10.0.0.0/8 via 0.0.0.172

This is correct –> 08:0a:ac:10:0a:01 this will yield a route statement like this
10.0.0.0/8 via  172.16.10.1

If you send multiple static routes to your DHCP clients do it this way:
number 121  type string      value  08:0a:ac:10:0a:7e:0c:ac:10:ac:10:0a:7e:10:c0:a8:ac:10:0a:7e

This will yield the following routes:
10.0.0.0/8 via  172.16.10.126
172.16.0.0/12 via 172.16.10.126
192.168.0.0/16 via 172.16.10.126

Hope it helps the next guy/gal.  :)

-Lonifer2000

benlow-ad8

This has nothing to do with reading backwards or arbitrarily ignoring zeros.

RFC 3442 provides the message format, which is basically a list of destination networks and the corresponding gateway - and where the destination network uses a "compact encoding".

The "compact encoding" is one octet specifying the network mask length (e.g. 8 for a /8, 23 for a /23) followed by only the significant octets of the network address. Then follows the four octets of the gateway IP address. Repeat for each route.

In the example in this post, the destination network is 10.0.0.0/8 which would encode as a mask of 8, followed by the significant bits of the network, 10. In decimal 8.10, or in hex, 0x08:0x0a. Then follows the router address as four octets.

Another example encoding, from the RFC: a subnet of 10.229.0.128/25 would result in 25.10.229.0.128 (decimal; converting to hex is left as an exercise for the reader). So in this case all four octets must be given and the "compact encoding" doesn't really buy anything.

jtm200

A quickie python script to help anyone (hint: need to paste lowercase characters into the pfsense dialog)

#!/usr/bin/env python3
import sys
for arg in sys.argv[1:]:
    print(f"{int(arg):02x}:", end="")

An example use for route 192.168.55.0/24 using gateway 192.168.3.2.

$ ./hex.py 24 192 168 55 192 168 3 2
18:c0:a8:37:c0:a8:03:02:

In pfsense Admin UI, at DHCP Server / LAN section Additional BOOTP/DHCP Options, add a line Option entry with field values

• 121 (Number)
• String (Type)
• 18:c0:a8:7c:c0:a8:08:7c (Value - no quotes)

then Save

I recommend packet capturing a response from the DHCP Server then review in Wireshark. Find the response packet with Protocol value DHCP. The Wireshark protocol parser will identify errors for you (with detailed error messages).

Thanks both for posting this info. You saved me much time. Thought I add a few suggestions in case it helps anyone.