Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No config entry for OMAPI

    Scheduled Pinned Locked Moved
    2.5 Development Snapshots (Retired)
    2
    7
    870
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiokomanK
      kiokoman LAYER 8
      last edited by kiokoman

      i'm trying to understand this but OMAPI is not working
      if i set this and save
      Immagine.jpg

      xml is ok but
      there is nothing inside /var/dhcpd/etc/dhcpd.conf about OMAPI
      and of course dhcpd is not listening at 7911

      does not save ->

      EOD;

        if (!isset($dhcpifconf['disableauthoritative'])) {
                $dhcpdconf .= "authoritative;\n";
        }

        if (isset($dhcpifconf['alwaysbroadcast'])) {
                $dhcpdconf .= "always-broadcast on\n";
        }

        // OMAPI Settings
        if (isset($dhcpifconf['omapi_port']) && is_numeric($dhcpifconf['omapi_port'])) {
                $dhcpdconf .= <<<EOD

        key omapi_key {
        algorithm {$dhcpifconf['omapi_key_algorithm']};
        secret "{$dhcpifconf['omapi_key']}";
        };
        omapi-port {$dhcpifconf['omapi_port']};
        omapi-key omapi_key;

EOD;
        }

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Worked for me on the first try. It's up near the top of the file.

        I used the same port you did, and had it auto-generate the key, which resulted in:

        [...]
default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
update-conflict-detection false;
authoritative;

key omapi_key {
  algorithm hmac-sha256;
  secret "<blah>";
};
omapi-port 7911;
omapi-key omapi_key;
[...]

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        kiokomanK 1 Reply Last reply Reply Quote 0
        • kiokomanK
          kiokoman LAYER 8 @jimp
          last edited by

          @jimp

          i don't have it ☹

          [2.5.0-DEVELOPMENT][root@pfSense.localdomain]/etc/inc: cat /var/dhcpd/etc/dhcpd.conf

option domain-name "localdomain";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;
option arch code 93 = unsigned integer 16; # RFC4578

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
update-conflict-detection false;
authoritative;
class "s_lan" {
        match pick-first-value (option dhcp-client-identifier, hardware);
}
subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                option domain-name-servers 172.17.0.100,192.168.10.202;
                ddns-update-style interim;

                range 192.168.10.2 192.168.10.199;
        }

        option routers 192.168.10.254;
        option domain-name "kiokoman.home";
        ddns-domainname "kiokoman.home";
        allow client-updates;

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I think I might see why. It's using a variable set inside the per-interface foreach outside of the foreach, so the results may be unpredictable depending on whether it's set on the last interface or not. It's trying to take a per-interface setting and trying to apply it globally.

            Open an issue at https://redmine.pfsense.org and we'll take a look. The code right above that for disableauthoritative and alwaysbroadcast has the same problem.

            There is an open request to make a dedicated settings tab ( https://redmine.pfsense.org/issues/5080 ) which may be the end result here, though the items mentioned on that redmine issue are not all relevant or likely to happen in this release.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • kiokomanK
              kiokoman LAYER 8
              last edited by

              ok done
              https://redmine.pfsense.org/issues/10270

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 0
              • kiokomanK
                kiokoman LAYER 8
                last edited by kiokoman

                the patch from victor it's ok, now I have the settings defined on my dhcpd.conf
                now I want to understand what is the intended use for that settings
                CARP is not mandatory for dhcp failover but
                failover peer is set as

                if ($skew > 10) secondary;

                and there isn't an option to change it as primary
                and consequently, there isn't an option for mclt and split (it's statically set to 128 if primary)
                I've manually modified the config and set dhcpd on pfsense as primary; adding mclt and split
                I've set a raspberry with isc-dhcp-server with secondary; and defined a pool
                this is what happened

                Oct 23 20:39:16 pfSense dhcpd[28353]: Sending on   Socket/fallback/fallback-net
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: I move from recover to startup
Oct 23 20:39:16 pfSense dhcpd[28353]: Server starting service.
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: peer moves from unknown-state to recover
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: requesting full update from peer
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: I move from startup to recover
Oct 23 20:39:16 pfSense dhcpd[28353]: Sent update request all message to dhcp_lan
Oct 23 20:39:16 pfSense dhcpd[28353]: Update request all from dhcp_lan: sending update
Oct 23 20:39:16 pfSense dhcpd[28353]: Received update request while old update still flying!  Silently discarding old request.
Oct 23 20:39:16 pfSense dhcpd[28353]: Update request all from dhcp_lan: sending update
Oct 23 20:39:16 pfSense dhcpd[28353]: Sent update done message to dhcp_lan
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: peer update completed.
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: I move from recover to recover-done
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: peer moves from recover to recover-done
Oct 23 20:39:16 pfSense dhcpd[28353]: Both servers have entered recover-done!
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: I move from recover-done to normal
Oct 23 20:39:16 pfSense dhcpd[28353]: balancing pool 80141a180 192.168.10.0/24  total 198  free 197  backup 0  lts 98  max-own (+/-)20
Oct 23 20:39:16 pfSense dhcpd[28353]: balanced pool 80141a180 192.168.10.0/24  total 198  free 99  backup 98  lts 0  max-misbal 30
Oct 23 20:39:16 pfSense dhcpd[28353]: Sending updates to dhcp_lan.
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: peer moves from recover-done to normal
Oct 23 20:39:16 pfSense dhcpd[28353]: failover peer dhcp_lan: Both servers normal

                I've killed dhcpd on pfsense and restarted it after a min, on my raspberry i have

                Oct 23 20:39:16 raspberrypi2 dhcpd[27757]: failover peer dhcp_lan: peer moves from recover-done to normal
Oct 23 20:39:16 raspberrypi2 dhcpd[27757]: failover peer dhcp_lan: Both servers normal
Oct 23 20:40:18 raspberrypi2 dhcpd[27757]: balancing pool 476848 192.168.10.0/24  total 198  free 99  backup 98  lts 0  max-own (+/-)20
Oct 23 20:40:18 raspberrypi2 dhcpd[27757]: balanced pool 476848 192.168.10.0/24  total 198  free 99 
Oct 23 20:53:43 raspberrypi2 dhcpd[27757]: DHCPDISCOVER from 04:d6:aa:1a:6c:90 via eth0: load balance to peer dhcp_lan
Oct 23 20:54:45 raspberrypi2 dhcpd[27757]: peer dhcp_lan: disconnected
Oct 23 20:54:45 raspberrypi2 dhcpd[27757]: failover peer dhcp_lan: I move from normal to communications-interrupted
Oct 23 20:55:45 raspberrypi2 dhcpd[27757]: DHCPDISCOVER from 04:d6:aa:1a:6c:90 via eth0
Oct 23 20:55:46 raspberrypi2 dhcpd[27757]: DHCPOFFER on 192.168.10.100 to 04:d6:aa:1a:6c:90 (Galaxy-Note8) via eth0
Oct 23 20:55:46 raspberrypi2 dhcpd[27757]: DHCPREQUEST for 192.168.10.100 (192.168.10.202) from 04:d6:aa:1a:6c:90 (Galaxy-Note8) via eth0
Oct 23 20:55:46 raspberrypi2 dhcpd[27757]: DHCPACK on 192.168.10.100 to 04:d6:aa:1a:6c:90 (Galaxy-Note8) via eth0
Oct 23 20:56:09 raspberrypi2 dhcpd[27757]: failover peer dhcp_lan: peer moves from normal to normal
Oct 23 20:56:10 raspberrypi2 dhcpd[27757]: failover peer dhcp_lan: I move from communications-interrupted to normal
Oct 23 20:56:10 raspberrypi2 dhcpd[27757]: failover peer dhcp_lan: Both servers normal
Oct 23 20:56:10 raspberrypi2 dhcpd[27757]: balancing pool 476848 192.168.10.0/24  total 198  free 99  backup 97  lts -1  max-own (+/-)20
Oct 23 20:56:10 raspberrypi2 dhcpd[27757]: balanced pool 476848 192.168.10.0/24  total 198  free 99  backup 97  lts -1  max-misbal 29

                failover work and there is no need for carp if you set primary/secondary
                the point now is: missing options, it's something that can be implemented ?

                } else {
                                $my_port = "519";
                                $peer_port = "520";
                                $type = "primary";
                                $dhcpdconf_pri = "split 128;\n";
                                $dhcpdconf_pri .= "  mclt 600;\n";

                also I need to think about this ... but
                if you set split to 128 you are also doing load balancing (50/50) on a carp interface where the secondary server should not distribute IP until the primary go down. shouldn't it be set to 256?

                The split statement
                https://kb.isc.org/docs/isc-dhcp-41-manual-pages-dhcpdconf

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                1 Reply Last reply Reply Quote 0
                • kiokomanK
                  kiokoman LAYER 8
                  last edited by

                  for future reference if anyone searches for this
                  even if the patch from https://redmine.pfsense.org/issues/10270 has been merged

                  Adding a control to DHCP in general or per-interface for this seems like it would be excessive and confusing

                  https://redmine.pfsense.org/issues/11003

                  my understanding is that they are probably meant to be used only on a HA sync.
                  it's probably a lot of work as other stuff need to be rearranged like "Status / DHCP Leases"
                  maybe in the future

                  ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                  Please do not use chat/PM to ask for help
                  we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                  Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post