Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static DHCP addresses not visible over IPSEC

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bmarshallbri
      last edited by

      Hi All,

      I have a problem that I'm pretty sure can be resolved with some simple re-configuration. But I seem to be overlooking something. We're running DHCP on one of our LAN interfaces. We have some RHEL4 servers connected to the subnet with their NIC's configured statically like this:

      DEVICE=eth1
      BOOTPROTO=static
      HWADDR=00:14:85:04:42:47
      IPADDR=10.2.200.41
      NETMASK=255.255.255.0
      ONBOOT=yes
      TYPE=Ethernet

      We do this because these machines have some interfaces configured directly to public IP's and have to have all of their nic's statically assigned. If I configure eth1 to use DHCP it messes up the default gateway in the routing table. We need the gateway for eth0 to be the default gateway for the system in order for it's services to route properly.

      In PFSense I have configured a static DHCP lease in an attempt to get the firewall to be aware of this machine. But that does not seem to do the trick. In the DHCP lease status it always shows the machine to be offline. When plugged in on the local network I can get to these machines. But I think that's because of the switch and ARP requests. So if I create an IPSEC tunnel I can't get to those machines because the DHCP server does not think the machine is there. But I can ping the machine from the PFSense firewall so I do know I can get to it from the LAN interface.

      So I'm a bit stumped at this point. Does anyone have any words of wisdom or configuration suggestions for either the servers interface configuration or the firewall configuration?

      Thanks

      Brian

      1 Reply Last reply Reply Quote 0
      • B
        bmarshallbri
        last edited by

        I should also add that we do have firewall wall rules setup for IPSEC. All systems that are connected vie their DHCP client, show up as online leases and we can get to them and the LAN interface over IPSEC.

        Any ideas?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.