[Solved] DHCRelay issue with multiple DHCP servers

linux203

I have two servers running isc-dhcp-server in a failover/load balancing mode. I've setup DHCRelay on both pfSense nodes to send to both DHCP servers. A CARP VIP is the gateway for both the vlan with the clients and the vlan with the DHCP servers. On both the master and backup nodes, I see send_packet: Permission denied errors. Using tcpdump, I can see packets received by the first server, but nothing is received by the second server.

I am at a loss for the cause or where to look next.

Captive Portal is not in use. Most Google searches indicate a problem with Captive Portal.

DHCP Servers are 192.168.2.30 and 192.168.2.31 and are both connected to vtnet0.200

Both nodes are 2.4.3-RELEASE-p1 (amd64) built on Thu May 10 15:02:52 CDT 2018 FreeBSD 11.1-RELEASE-p10

[2.4.3-RELEASE][root@<redacted>]/root: ps -ax | grep dhcrelay
242 - Ss 0:00.14 /usr/local/sbin/dhcrelay -i vtnet0.100 -i vtnet0.216 -i vtnet0.232 -i vtnet0.400 -i vtnet0.200 192.168.2.30 192.168.2.31

Primary node:
May 31 23:34:00 dhcrelay send_packet: Permission denied
May 31 23:33:57 dhcrelay Sending on Socket/fallback
May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.100/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.100/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.216/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.216/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.232/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.232/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.400/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.400/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.200/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.200/92:b2:3d:95:f3:81
May 31 23:33:57 dhcrelay For info, please visit https://www.isc.org/software/dhcp/
May 31 23:33:57 dhcrelay All rights reserved.
May 31 23:33:57 dhcrelay Copyright 2004-2018 Internet Systems Consortium.
May 31 23:33:57 dhcrelay Internet Systems Consortium DHCP Relay Agent 4.3.6-P1

Backup node:
May 31 23:41:25 dhcrelay send_packet: Permission denied
May 31 23:41:22 dhcrelay send_packet: Permission denied
May 31 23:41:18 dhcrelay send_packet: Permission denied
May 31 23:41:18 dhcrelay Sending on Socket/fallback
May 31 23:41:18 dhcrelay Sending on BPF/vtnet0.216/b6:ba:f0:02:c2:68
May 31 23:41:18 dhcrelay Listening on BPF/vtnet0.216/b6:ba:f0:02:c2:68
May 31 23:41:18 dhcrelay Sending on BPF/vtnet0.232/b6:ba:f0:02:c2:68
May 31 23:41:18 dhcrelay Listening on BPF/vtnet0.232/b6:ba:f0:02:c2:68
May 31 23:41:18 dhcrelay Sending on BPF/vtnet0.400/b6:ba:f0:02:c2:68
May 31 23:41:18 dhcrelay Listening on BPF/vtnet0.400/b6:ba:f0:02:c2:68
May 31 23:41:18 dhcrelay Sending on BPF/vtnet0.200/b6:ba:f0:02:c2:68
May 31 23:41:18 dhcrelay Listening on BPF/vtnet0.200/b6:ba:f0:02:c2:68
May 31 23:41:18 dhcrelay For info, please visit https://www.isc.org/software/dhcp/
May 31 23:41:18 dhcrelay All rights reserved.
May 31 23:41:18 dhcrelay Copyright 2004-2018 Internet Systems Consortium.
May 31 23:41:18 dhcrelay Internet Systems Consortium DHCP Relay Agent 4.3.6-P1

linux203

PEBKAC.

The subnet mask on the CARP VIP was /27, should have been /26. The broadcast IP for 192.168.0.0/27 is 192.168.2.31. 192.168.2.31 is the IP of the second DHCP server.

Corrected the mask on the VIP and voila, it works.