• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Solved] DHCRelay issue with multiple DHCP servers

Scheduled Pinned Locked Moved DHCP and DNS
2 Posts 1 Posters 830 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    linux203
    last edited by linux203 Jun 6, 2018, 4:55 AM Jun 1, 2018, 3:50 AM

    I have two servers running isc-dhcp-server in a failover/load balancing mode. I've setup DHCRelay on both pfSense nodes to send to both DHCP servers. A CARP VIP is the gateway for both the vlan with the clients and the vlan with the DHCP servers. On both the master and backup nodes, I see send_packet: Permission denied errors. Using tcpdump, I can see packets received by the first server, but nothing is received by the second server.

    I am at a loss for the cause or where to look next.

    Captive Portal is not in use. Most Google searches indicate a problem with Captive Portal.

    DHCP Servers are 192.168.2.30 and 192.168.2.31 and are both connected to vtnet0.200

    Both nodes are 2.4.3-RELEASE-p1 (amd64) built on Thu May 10 15:02:52 CDT 2018 FreeBSD 11.1-RELEASE-p10

    [2.4.3-RELEASE][root@<redacted>]/root: ps -ax | grep dhcrelay
    242 - Ss 0:00.14 /usr/local/sbin/dhcrelay -i vtnet0.100 -i vtnet0.216 -i vtnet0.232 -i vtnet0.400 -i vtnet0.200 192.168.2.30 192.168.2.31

    Primary node:
    May 31 23:34:00 dhcrelay send_packet: Permission denied
    May 31 23:33:57 dhcrelay Sending on Socket/fallback
    May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.100/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.100/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.216/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.216/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.232/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.232/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.400/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.400/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Sending on BPF/vtnet0.200/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay Listening on BPF/vtnet0.200/92:b2:3d:95:f3:81
    May 31 23:33:57 dhcrelay For info, please visit https://www.isc.org/software/dhcp/
    May 31 23:33:57 dhcrelay All rights reserved.
    May 31 23:33:57 dhcrelay Copyright 2004-2018 Internet Systems Consortium.
    May 31 23:33:57 dhcrelay Internet Systems Consortium DHCP Relay Agent 4.3.6-P1

    Backup node:
    May 31 23:41:25 dhcrelay send_packet: Permission denied
    May 31 23:41:22 dhcrelay send_packet: Permission denied
    May 31 23:41:18 dhcrelay send_packet: Permission denied
    May 31 23:41:18 dhcrelay Sending on Socket/fallback
    May 31 23:41:18 dhcrelay Sending on BPF/vtnet0.216/b6:ba:f0:02:c2:68
    May 31 23:41:18 dhcrelay Listening on BPF/vtnet0.216/b6:ba:f0:02:c2:68
    May 31 23:41:18 dhcrelay Sending on BPF/vtnet0.232/b6:ba:f0:02:c2:68
    May 31 23:41:18 dhcrelay Listening on BPF/vtnet0.232/b6:ba:f0:02:c2:68
    May 31 23:41:18 dhcrelay Sending on BPF/vtnet0.400/b6:ba:f0:02:c2:68
    May 31 23:41:18 dhcrelay Listening on BPF/vtnet0.400/b6:ba:f0:02:c2:68
    May 31 23:41:18 dhcrelay Sending on BPF/vtnet0.200/b6:ba:f0:02:c2:68
    May 31 23:41:18 dhcrelay Listening on BPF/vtnet0.200/b6:ba:f0:02:c2:68
    May 31 23:41:18 dhcrelay For info, please visit https://www.isc.org/software/dhcp/
    May 31 23:41:18 dhcrelay All rights reserved.
    May 31 23:41:18 dhcrelay Copyright 2004-2018 Internet Systems Consortium.
    May 31 23:41:18 dhcrelay Internet Systems Consortium DHCP Relay Agent 4.3.6-P1

    1 Reply Last reply Reply Quote 0
    • L
      linux203
      last edited by Jun 6, 2018, 4:57 AM

      PEBKAC.

      The subnet mask on the CARP VIP was /27, should have been /26. The broadcast IP for 192.168.0.0/27 is 192.168.2.31. 192.168.2.31 is the IP of the second DHCP server.

      Corrected the mask on the VIP and voila, it works.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received