DHCP Client Configuration: How to properly set vivso-suboptions?

teunbruijnen · Oct 22, 2021, 5:59 PM

Hi there!

I'm having some trouble requesting a public IP address through DHCP on a WAN interface. (Nasty ISP does not offer technical support for non-standard devices)

I compared DHCP request packages between my netgate SG-1100 and the device from the ISP(that is able to receive a public IP).
The only differences that I am seeing right now are:

Option: (12) Host Name.
The SG-1100 sets the Host Name. The other device does not set option 12.
Option: (55) Parameter Request List.
The list of parameter requests does not correspond between the SG-1100 and ISP device. I am not sure if this could prevent me from receiving an IP address but I want to focus on the next option first:
Option: (125) V-I Vendor Specific Information.
The ISP device sets a total of 3 suboptions. (DeviceManyfacturerOUI, DeviceSerialNumber, DeviceProductClass)

My question is:

How do I properly set Option 125 suboptions in the DHCP Client Configuration for the WAN interface?
The public documentation doesn't give any examples. I'm pretty sure I should use "vivso-suboptions" but I do not know what sort of syntax I should use.

Any help is greatly appreciated, been trying to figure this out for a few months now!

bingo600 · Oct 22, 2021, 6:15 PM

@teunbruijnen
Can you make a packet trace of the ISP device receiving a DHCP address ?
Typically a "managed switch" , with a "mirror port" , and a wireshark on the mirror port.

That would make your life much easier.

/Bingo

teunbruijnen · Oct 22, 2021, 6:22 PM

@bingo600 hi, thanks a lot for your reply.
I do not have access to a managed switch so don't think I'll be able to do a packet trace of the ISP device receiving a DHCP address. Unless there is a way to achieve this result with a laptop!

teunbruijnen · Oct 22, 2021, 7:40 PM

@teunbruijnen @bingo600 I managed to figure out how to set the option-125. It took some brute-forcing and I am honestly very surprised it isn't shared in a clear way somewhere else. So here's to hoping it will show up in the search results for someone else who needs help setting option 125 haha.

Here's how to configure option (125) V-I Vendor Specific Information:

Apparenly you need to call "option-125", and afterwards a hexadecimal value. I literally copied and pasted the hexadecimal values of the option 125 suboptions from the ISP device :)

bingo600 · Oct 22, 2021, 7:56 PM

@teunbruijnen

Nicely done

I also was about to give some hints

https://psaintemarie.github.io/blog/unifi-bytel-ftth-france/
https://github.com/psaintemarie/unifi-bytel

That might have lead you to the same

Via this
https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#options

You can see that Opt 125 is "RFC" defined here
https://www.rfc-editor.org/rfc/rfc3925.html

/Bingo

Edit : For completeness these were my intermediate worknotes

/etc/inc/interfaces.inc


function interface_dhcp_configure


 $send_options = "";
        if ($ifcfg['adv_dhcp_send_options'] != '') {
                $options = DHCP_Config_Option_Split($ifcfg['adv_dhcp_send_options']);
                foreach ($options as $option) {
                        $send_options .= "\tsend " . trim($option) . ";\n";
                }
        }

        $request_options = "";
        if ($ifcfg['adv_dhcp_request_options'] != '') {
                $request_options = "\trequest {$ifcfg['adv_dhcp_request_options']};\n";
        }

        $required_options = "";
        if ($ifcfg['adv_dhcp_required_options'] != '') {
                $required_options = "\trequire {$ifcfg['adv_dhcp_required_options']};\n";
        }



/usr/local/sbin/pfSense-dhclient-script

bingo600 · Oct 22, 2021, 8:15 PM

@bingo600

From here
https://askubuntu.com/questions/949214/set-vendor-encapsulated-options-code-125-with-isc-dhcpd-4-3-fails

It would seem that your opt 125 is defined here and is 0x28 (40 dec) bytes long.

/Bingo

teunbruijnen · Oct 23, 2021, 7:11 AM

@bingo600 Yes, exactly! Props to finding all of that info :D It took me a few hours more hahaha.

Sadly, having set the option-125 suboptions just like the ISP device still doesn't give my WAN interface a public IP address. I am not sure where to look anymore. Do you have any advice?

bingo600 · Oct 23, 2021, 1:13 PM

@teunbruijnen

You mention you have "Cloned the pfSense WAN Mac address" to be the same as your ISP router correct ?

Have you set your WAN to be ...
I see both Vlan100 and Vlan200 mentioned.

I'd give Vlan 100 a shot first.

/Bingo

teunbruijnen · Oct 23, 2021, 1:13 PM

@bingo600 yes, exactly.
All of the guides I found say that to get an IP you need to clone the mac address, use vlan100 (or vlan200 on older posts) and set a vendor class identifier (BYGTELIAD on the newer vlan100)

I tried both vlan100 & vlan200. Swapping over the vendor class identifiers too, you never know (:
No success, sadly

bingo600 · Oct 23, 2021, 4:48 PM

@teunbruijnen
Now is the time to "dust off the credit card" and get a managed switch for packet capture.

This is my favorite cheap 8-port
https://www.amazon.fr/D-Link-DGS-1100-08V2-administrable-fonctionnalit%C3%A9s-ventilateur/dp/B08MWL25PM/

DONT' get TP-LINK

/Bingo

bingo600 · Oct 23, 2021, 6:34 PM

@teunbruijnen

These could smell of DHCP parameters <option number , length>
See
https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#options

0x37 (55 dec) , Len 0x0b (dec 11) = Opt 55 - Parameter Request List

0x3c ( 60 dec) , Len 0x09 (dec 9) = Opt 60 - Class Identifier

0x3d (61 dec) , Len 0x07 (dec 7) = Opt 61 - Client Identifier

0x7d (125 dec) , Len 0x28 (dec 40) = Opt 125 - Vendor-Identifying Vendor-Specific Information

Parameter Request List
0x01 Subnet mask
0x1c Broadcast addr
0x03 Router
0x33 IP Address Lease Time
0x3a DHCP Renewal (T1) Time
0x3b DHCP Renewal (T2) Time
0x0f The DNS domain name of the client
0x0c Hostname string
0x06 DNS Server addresses
0x2a NTP Server Addresses
0x48 WWW Server Addresses

Decoding of the above is rather crazy to do by hand - Wireshark would do the m for you ... But i could

/Bingo

Edit: Similar Thread
https://forum.netgate.com/topic/102195/fios-wan-dhcp-setup-for-g1100-fios-quantum-router-with-pfsense-no-bridging

teunbruijnen · Oct 23, 2021, 8:33 PM

@bingo600 lol, you are like a networking wizard! That is awesome.
You've helped me out a ton already, thanks a lot for your kind & insightful replies. It's been hard trying to crack this on my own, I'm not that experience with networking.
I guess I really do need to take a peek at what's happening "on the other side", to understand why the DHCP request of the ISP device IS getting an IP and why the DHCP request of the netgate device is not.
Wouldn't it be possible to use the ports I have on the SG-1100 to achieve this?!

teunbruijnen · Oct 24, 2021, 5:03 AM

@bingo600 lol I set up a bridge between 2 ports.
Thought it was possible to simply route the traffic from 1 port to another with a bridge and then sniff the traffic on the bridge. However, traffic on the interfaces was suspiciously low again.
The only packets I got were these:
I guess I didn't do it right. I thought it wasn't that hard, that seems to be a recurring theme with me & networking :')

bingo600 · Oct 24, 2021, 5:03 AM

@teunbruijnen said in DHCP Client Configuration: How to properly set vivso-suboptions?:

@bingo600 lol I set up a bridge between 2 ports.

I guess I didn't do it right. I thought it wasn't that hard, that seems to be a recurring theme with me & networking :')

Don't give up ... We have all been there.
Get the "right tool for the job" - Aka The switch

I have no experience with the Netgate 1100 , or any of the ones w. built in switches.

/Bingo

teunbruijnen · Oct 24, 2021, 9:53 AM

@bingo600 Thanks for the encouragement! Putting it on ice until I get the "right tool for the job" :)

teunbruijnen · Nov 25, 2021, 6:30 PM

@bingo600 hello mr bingo. After one month, an order came through and I'm finally able to properly 'tap' the line (between SOHO router & modem).

I can now see the exact difference between the DHCP Discover packet the Netgate router sends out(which does not get accepted), and the DHCP Discover packet the SOHO router sends out(which gets accepted).
I can see the DHCP packet from the SOHO router has a 'header' (is this the right term?) : 802.1Q Virtual LAN, PRI: 6, DEI: 0, ID: 100.
Left is Netgate, right is SOHO

This header is not included in the request from the Netgate router. If I'm not mistaken, it seems that I have made a mistake in setting up the VLAN !

bingo600 · Nov 26, 2021, 6:37 AM

@teunbruijnen
Vlan info seems to be : Vlan 100 , PRI ?? (Priority)

This seems to indicate that the WAN/ISP line is running as a 802.1Q tagged interface , and that answer is sent with Vlan Tag 100.

How was your Wan interface setup ?
Screenshots please ??

/Bingo

teunbruijnen · Nov 26, 2021, 6:57 AM

@bingo600 Thanks for the reply! Indeed..

WAN interface:

And the VLAN:

Thanks for the support Bingo!!

bingo600 · Nov 26, 2021, 12:12 PM

@teunbruijnen

Does that mean it works now ???

/Bingo

teunbruijnen · Nov 27, 2021, 7:23 AM

@bingo600 Sadly it does not work :(( with the exact setup I've shared above, the DHCP Discover packet does not send out the 802.1Q Virtual LAN info. Do you have any ideas?