Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No DHCP for OS X clients (probably Linux as well), Windows work fine

    OpenVPN
    2
    6
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shpokas
      last edited by

      Hi, there,
      I have two similar pfSense v2.2.2 installations with OpenVPN bridged to LAN.
      OpenVPN is configured to forward DHCP requests to LAN DHCP server.
      In one installation this works perfectly with all client OS'es, Windows, OS X and Linux, no issues here.
      In the other one Windows clients get DHCP addresses, OS X do not get DHCP addresses. If I set IP address manually on OS X, all works.

      I have done some wiresharking and I see that OS X client never receives DHCPOFFER from server. Server keeps sending DHCPOFFER and client keeps sending DHCPDISCOVER packets. But Windows works OK. Why??

      So I could blame all sorts of network stuff in between client and server or maybe OS implementation specifics, BUT:

      1. windows clients work fine in the same setup;
      2. same OS X clients work fine with the other pfSense installation.

      Now I am confused. Any hints greatly appreciated.
      Thanks for your time,
      shpokas

      1 Reply Last reply Reply Quote 0
      • S
        shpokas
        last edited by

        Packet capture shows that windows client sends broadcast message and dhcp server replies with broadcast - all works, dhcp address received.
        OS X client sends unicast request message and dhcp server replies with unicast - this reply never reaches OS X client.
        How do I enable unicast messages to go through pfSense back to dhcp client?

        1 Reply Last reply Reply Quote 0
        • S
          shpokas
          last edited by

          Well, it's not pfSense's DHCP server, I have ISC DHCP server in LAN.
          True, as you said, with pfSense DHCP server all clients work, tried that, too.

          But now it seems that unicasted packets from LAN DHCP server do not make through bridge.
          Broadcast packets do. Is there a way to debug this? I do not see any related entries in firewall log.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            OpenVPN bridges are not a recommended configuration.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • S
              shpokas
              last edited by

              I can even see those packets from DHCP servers on the pfSense bridge interface, packet capture file attached. Note, pcap renamed to jpg.
              I have two redundant DHCP servers setup as per ISC docs.

              Server 10.67.20.31 is offering IP address 10.67.20.104
              Server 10.67.20.34 is offering IP address 10.67.20.137

              But why these packets never reach DHCP client machine?

              pfsense.jpg

              1 Reply Last reply Reply Quote 0
              • S
                shpokas
                last edited by

                Continuing my monologue…
                A bit more of experiment reveals that if DHCP relay is enabled then OS X DHCP client works with internal DHCP server, too.
                But I have a DHCP server running on DMZ interface and I cannot run DHCP relay.
                I will continue this topic in DHCP/DNS forum as it seems more appropriate.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.