DHCP reservation - GW

AndyRH

When creating a DHCP scope there is the option for "none" in the default GW box. What is the best solution for the same result when setting up a reservation?
I have been using 0.0.0.0

johnpoz

@andyrh that seems like a bit of just an oversight. When they did the code to allow "none" on the normal dhcp server settings. That should be a viable option reservations as well you would think.

But yeah the parsing there asks for valid IPv4 address.

If no redmine currently I would submit that as one..

stephenw10

Hmm, you are handing dhcp leases that don't include a default route?

And you need a gateway set for dynamic hosts in the same subnet?

johnpoz

@stephenw10 My impression of what "might" be happening. Is he noticed that you can set "none" in the normal dhcp lease. But he might have a device he doesn't want a gateway. But you can not set "none" when you setup a reservation.

Maybe I am assuming wrong? But I would think if you could set "none" for the overall dhcp scope. You should also be able to set "none" for gateway when you set a specific reservation for a device.

So in the normal dhcp scope settings

But when you go to set a reservation and want to set that to none, the text doesn't say you could do that - and if you try it says you need a valid IP. But I would think you might assume if you could do it on the normal dhcp scope, you should be able to do it with reservation for a specific device?

My take is just something that was overlooked when adding the "none" option in the normal dhcp scope. For when someone does reservation - or maybe its not possible? But just seems like an over look to me.

So he was asking what IP to put in there when you don't want this client to have a gateway, but the none option doesn't work.. That is my take.. But I think you should also be able to use "none" in this scenario?

stephenw10

Indeed, that's what I'm seeing too. Just very unusual to see a DHCP lease without a gateway.

johnpoz

@stephenw10 said in DHCP reservation - GW:

Just very unusual to see a DHCP lease without a gateway.

I would agree... But I could see it maybe for IoT devices that you don't want to have internet access. I know that "none" option was added some time ago, and pretty sure it was per user requests for it..

edit: So doing a bit of digging, that none code must of been added as far back as 2015, since here is bug report about it
https://github.com/pfsense/pfsense/pull/1511

stephenw10

Mmm, the option router is taken from the main scope so entering 'none' will pass that to a static mapping entry too. You can enter an override option to send but omitting the option just sends the main scope value. I'm not sure you can send 'none' specifically, sending something invalid might be the best you can do there.

johnpoz

@stephenw10 so if I set the main scope to none, all reservations would also be "none" unless I called out something specific for that reservation. That prob should be called out in the note on the gateway setting in the reservation section.

While that is workable I guess. Better would be able to leave main scope at handing out say pfsense IP (default).

But being able to call out none for a reservation.

To answer the question specific for what the OP asked - I would think putting anything in there should work as long as its not actually a gateway ;) But that could lead to lots of unwanted traffic to that IP. I would think you could put in 127.0.01, so the dhcp client would just try and use itself as the gateway?

Never really played around with anything like that - because I just don't have the use case to want to do such a thing ;)

stephenw10

@johnpoz said in DHCP reservation - GW:

Better would be able to leave main scope at handing out say pfsense IP (default).
But being able to call out none for a reservation.

I agree but I'm not sure that's possible in the dhcpd conf:

subnet 192.168.22.0 netmask 255.255.255.0 {
	pool {

		range 192.168.22.10 192.168.22.245;
	}

	option routers 192.168.22.1;
	option domain-name-servers 192.168.22.1;
	ping-check true;

}
host s_lan_0 {
	hardware ethernet 24:5e:be:59:64:8e;
	fixed-address 192.168.22.5;

}

Maybe just 'option routers' with no IP? Setting the main scope to 'none' just omits it entirely.

AndyRH

Pretty good guessers. There are 2 reason for me to not pass a GW. IoT (cameras) that absolutely do not need out of the VLAN (yes there are rules in place, really no rules...) and my PC with 4 spare NICs. I from time to time put my system on various VLANs to make sure things are setup the way I think they are. Having 2 GWs on Windows results in going out the wrong interface more often than not.
I found it mostly a curiosity that creating the scope you can put "none" in the GW field and not pass a GW but you cannot do the same on a reservation.

stephenw10

Hmm, this feature requests appears to be in place already: https://redmine.pfsense.org/issues/11927 but the suggested workaround there, using the dhcp option 3 directly, can be applied to a static mapping.
And in fact it looks like this exact use case has been proven:
https://forum.netgate.com/post/1000576

Steve

johnpoz

@stephenw10 thats funny actually I didn't recall that thread at all ;) But this is really just a rehash of that thread ;) and I had suggested doing what you had said about pool to none, and set reservations for those that want a gateway..

AndyRH

Tried it out on an old iPad. Still getting a GW, but it may need a more aggressive approach to get past Apple being helpful.
I like the approach and will try the same trick to not give DNS servers to the cameras.

Thank you for searching better than I did...

stephenw10

Maybe the value type there should be IP address.

johnpoz

@andyrh ok just tried this on my windows pc.

So I set it to dhcp, got a lease with gateway per dhcp scope, etc

Then set up a reservation for 192.168.9.66, and set option 3 with nothing.. and released and renewed and got the .66 address, but no gateway..

stephenw10

Ah, nice!

johnpoz

@stephenw10 yeah that seems to be a good option for sure when you don't want a client to have a gateway. I think that should work for @AndyRH

AndyRH

Something went wrong around 13:50 and DHCP became corrupted. Had to restore it. (remember kids, backups are for fun, restores are serious)

I have a new weekend project...

Lots of 89884 messages then a crash. A restart did not work so I went to the backup.

Jan 3 13:59:06 dhcpd 89884 /etc/dhcpd.conf line 579: unexpected end of file
Jan 3 13:59:06 dhcpd 89884 ^
Jan 3 13:59:06 dhcpd 89884 }
Jan 3 13:59:06 dhcpd 89884 /etc/dhcpd.conf line 577: semicolon expected.
Jan 3 13:59:06 dhcpd 89884 For info, please visit https://www.isc.org/software/dhcp/
Jan 3 13:59:06 dhcpd 89884 All rights reserved.
Jan 3 13:59:06 dhcpd 89884 Copyright 2004-2021 Internet Systems Consortium.
Jan 3 13:59:06 dhcpd 89884 Internet Systems Consortium DHCP Server 4.4.2-P1
Jan 3 13:55:37 dhclient 18922 Creating resolv.conf
Jan 3 13:55:37 dhclient 18587 RENEW
Jan 3 13:50:37 dhclient 47334 Creating resolv.conf
Jan 3 13:50:37 dhclient 47085 RENEW

stephenw10

Hmm, just by adding the option value to a static mapping?

AndyRH

@stephenw10 That is my guess. I will test it this weekend.