Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP Relay over IPSec VPN

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      markus.schaefer
      last edited by

      Hi,

      I'm trying to get DHCP relay working over IPSec VPN.

      I nearly read all the threads regarding DHCP relay but none of them worked for me.

      This is my setup:

      main site                                                                      remote site

      (DHCP Server)–-(Checkpoint GW)--------IPSec VPN------(DSL Router)---(pfSense)---(Client)
         10.0.0.78           10.0.0.1/24                                     192.168.0.0/24  10.20.0.1/24

      On the pfsense box DHCP relay is activated relaying to the DHCP server ip address.

      $ ps x | grep dhcrelay
        500  ??  Is     0:00.03 /usr/local/sbin/dhcrelay -i fxp0 -i rl0 10.0.0.78

      Static routes of pfsense are as follows

      10.0.0.0/24 10.20.0.1 UGS 0 651 1500 fxp0

      The route has been added as mentioned here (http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP%2C_use_syslog%2C_NTP%2C_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F)

      Okay, the tunnel is up and I can ping from remote to main site and vice versa. Now trying to renew DHCP address on the client. I can see incoming DHCP packets on the Checkpoint but the client runs into timeout.

      A packet capture on the pfsense shows this:

      18:01:08.572759 00:08:02:68:7f:b2 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 128, id 21564, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:XX:XX:XX:XX:XX, length 300, xid 0x43bb0a23, Flags [none] (0x0000)
        Client-Ethernet-Address 00:XX:XX:XX:XX:XX
        Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message Option 53, length 1: Discover
          NOAUTO Option 116, length 1: Y
          Client-ID Option 61, length 7: ether 00:XX:XX:XX:XX:XX
          Requested-IP Option 50, length 4: 169.254.17.98
          Hostname Option 12, length 11: "test"
          Vendor-Class Option 60, length 8: "MSFT 5.0"
          Parameter-Request Option 55, length 12:
            Subnet-Mask, Domain-Name, Default-Gateway, Domain-Name-Server
            Netbios-Name-Server, Netbios-Node, Netbios-Scope, Router-Discovery
            Static-Route, Classless-Static-Route-Microsoft, Vendor-Option, Option 200

      The DHCP server log shows nothing.

      It must be a problem with the pfsense box…other VPNs / DHCP relays with different routers are working perfectly.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.