DHCPd with multiple ipv4 subnets outside of local interface network. (300US$)

WetWilly

Greetings.
We are in need of dhcpd support with multiple subnets configurable from the webgui.
Currently running pfSense 2.0.3 stable.

As it is today pfSense is only able to handle out dhcp-leases for the local subnet configured on the interface. E.g. 192.168.0.1/24.

We want to use DHCP-relay (ip-helper in Cisco world) from other routers to forward dhcp-requests to pfSense, which will then handle out DHCP leases for the correct subnet. 192.168.1.0/24, 192.168.2.0/24 192.168.4.0/23 and so forth. Public nets should of course also be configurable.
The functionality is already built in isc-dhcp server, it's the configurability in the pfSense webgui that is missing.

What we need is the following:

• Possibility to configure multiple different subnets on the same interface under Services –> DHCP server.

• Each subnet shall be configurable with separate gateway, DNS, WINS, Domain name etc. (Same options as current dhcp-pool including static leases)

• The DHCP leases shall be visible under Status –> DHCP Leases. Preferbly sorted with different frame per subnet, or any other way to easily separate the different subnets.

• dhcpd logs for all subnets shall be visible under Status –> System logs --> DHCP.

• It must be coded in such a way that the changes can be deployed to upstream pfSense development (2.1).

Variables
If it is too much work to make the code compatible with both 2.0.3 and upstream 2.1. It is better to make it compatible with 2.1 only.

Not needed
IPv6 support is not needed.

If there is any taker or questions post them in the thread  or send a PM.
I can provide you with the correct dhcpd.conf configuration for multiple subnets if needed.

xbipin

i was also looking for something like this

WetWilly

xbipin, perfect. How much are you willing to chip in to make this bounty more interesting for developers??

Since noone has responded so far I recon people consider the bounty not being worth it with the current payout.

We can increase the bounty to 500US$.

xbipin

the amount is fine but to my experience this would be tough to do as i had a similar requirement in the past but due to some restrictions it wasnt possible to do but lets see if some1 responds first, the amount can be worked on later

shade

I'm also interested for this for pfSense 2.1

I will chip in with $300

xbipin

$50 from me because as of now i dont require this but it would be a good feature to have and to support development

WetWilly

Alright, so that makes the current payout 850 US$.

xbipin, just for reference, could you try to locate the old thread? I tried to look through all your posts but it was too much of as hassle to scroll through 1172 posts.

Shame it's not possible to update the subject of original post to reflect the higher bounty.

xbipin

actually that thread was for something else but this question i had asked and i had got that reply, it would definitely be difficult to locate it but ill try searching from what i remember

shade

I can also increase my part of the bounty to 500US$.

That makes the current payout 1050 US$.

WetWilly

As 2.1 was released (Great work pfSense team) some variables in the bounty has changed for the easier.

Design it to be supported in 2.1 and in such a way that it can be deployed into upstream pfSense development (2.2).

The current bounty of 1050US$ is still valid.

marcelloc

I can take a look on it.  :)

Basically you need a list of DCHP ranges on each interface tab?

It may depend on interface aliases and/or addresses?

Attached a first screenshot that "fix" gui to accept dhcp ranges for all configured networks on interface.

The service does not starts as it need fixes on code too.

All new functions may take some time as it will need a lot of changes.

marcelloc

Maybe a list of all configured subnets?

WetWilly

Very interesting Marcelloc!  ;D

Before you spend any more time I just want to make sure we are on the same level with the specification on this bounty.
I would also like Shade to acknowledge before you start as he is funding the other half.

I will rewrite the specification, Shade please acknowledge that you still pledge to this bounty and that you are satisfied with the specification (maybe you have something to add?)

What we need is the following:

• Possibility to configure multiple different subnets on the same interface under Services –> DHCP server.

This seems to be done on your first screenshot. However, I dont ever want a local IP interface inside the range of the additional subnets as this will not be a local network for pfsense. It is only going to be used for DHCP. E.g. pfsense will not be default gateway for those additional subnets. It might be nice to leave it as optional for other users though.

• Each subnet shall be configurable with separate gateway, DNS, WINS, Domain name etc. (Same options as current dhcp-pool including static leases)

• The DHCP leases shall be visible under Status –> DHCP Leases. Preferbly sorted with different frame per subnet, or any other way to easily separate the different subnets.

• dhcpd logs for all subnets shall be visible under Status –> System logs --> DHCP.

• It must be coded in such a way that the changes can be deployed to upstream pfSense development (2.2).

This is specifically a deal breaker for me, I don't want to be stuck with 2.1 forever in order to continue to use the  functionality from this bounty. Marcello, it looks like you are very active on these forums. Would you say its possible to commit the code to upstream pfsense development once it's done?

Not needed
IPv6 support is not needed at this time.

If you need help with how to configure dhcpd.conf or if you have any other questons before getting started I can be of assistance.

shade

WetWilly: It sound like we still need the same thing..

Marcelloc: Translated to config I need that the following works in the GUI

Local Lan Interface

subnet 172.16.0.0 netmask 255.255.0.0 {
        option routers 172.16.0.5;
        option subnet-mask 255.255.0.0;
        option broadcast-address 172.16.255.255;
        use-host-decl-names on;
        deny unknown-clients;
}

Wireless

subnet 10.1.0.0 netmask 255.255.0.0 {
        range 10.1.1.1 10.1.1.254;
        range 10.1.2.1 10.1.2.254;
        range 10.1.3.1 10.1.3.254;
        range 10.1.4.1 10.1.4.254;
        range 10.1.5.1 10.1.5.254;
        range 10.1.6.1 10.1.6.254;
        option routers 10.1.0.5;
        option subnet-mask 255.255.0.0;
        option broadcast-address 10.1.255.255;
        use-host-decl-names on;
        one-lease-per-client true;
        default-lease-time 3600;
        max-lease-time 4800;
}

LAB

subnet 192.168.100.0 netmask 255.255.255.0 {
        range 192.168.100.50 192.168.100.254;
        option domain-name-servers 172.16.0.2;
        option routers 192.168.100.1;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.100.255;
        use-host-decl-names on;
}

marcelloc

I'm working based on these config result.

As soon as I get a working code, I'll post here for testing.

WetWilly

Shade, nice to hear.

Marcello. Looking forward to test your update!

marcelloc

I think I got it  ;D

Check screenshots and result config

option domain-name "localdomain";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
authoritative;
subnet 192.168.5.0 netmask 255.255.255.0 {
        pool {
                option domain-name-servers 8.8.8.8;
                range 192.168.5.10 192.168.5.25;
        }

        option routers 192.168.5.1;
        option domain-name-servers 8.8.8.8;

}
subnet 192.168.6.0 netmask 255.255.255.0 {
        pool {
                option domain-name-servers 8.8.8.8;
                deny unknown-clients;
                option routers 192.168.6.1;
                range 192.168.6.35 192.168.6.140;
        }

}subnet 192.168.7.0 netmask 255.255.255.128 {
        pool {
                option routers 192.168.7.1;
                range 192.168.7.10 192.168.7.90;
        }

}

I'll send you modified files.

I've did minimum changes to current code to get easier to debugn and push to 2.2.

This code does not affect basic dhcp setup, gui or config

shimabuku

I would like to also chip in $100  :)

marcelloc

@shimabuku:

I would like to also chip in $100  :)

Great!  ;D I'll send you this first version of the patch.

bennyc

This is something great & added value overall.
If really hope this makes it to the next releases (as accepted feature), and i'll also add in anther $50 to support dev a bit…

shade

@marcelloc:

I think I got it  ;D

Great, I have downloaded the files and will test the update in the next couple of days…

eri--

You would probably have that development done from pfSense devs through support channel with the amount of 1600$.
For this feature it would not require more than that.

bennyc

I can hereby confirm the feature is working as requested in the bounty.
Tested the mod in following environment: x1250e running 2.1 & a couple of dhcp scopes configured outside of interface's subnet, c3560x doing L3 routing & ip-helper configured on some vlans pointing to pfsense.

• all config (pfsense anyway) can be done in gui
• dhcpd replies to correct (ip-helper) gateway, hands out IP in correct scope
• dhcp leases are visible, sorted on IP ascending, in same page (room for improvement here, if more scopes are used the list can get long/crowded)
• dhcp log page displays relevant information from all scopes (same here; leaves room for improvement)

example from dhcp log:
Sep 26 12:48:41 dhcpd: DHCPACK on 192.168.3.1 to 3x:cx:4x:cx:dx:8x (Win8Phone) via 192.168.3.254
Sep 26 12:48:41 dhcpd: DHCPREQUEST for 192.168.3.1 (192.168.1.254) from 3x:cx:4x:cx:dx:8x (Win8Phone) via 192.168.3.254

(yes my log is in reverse order  ;D)

Great work Marcelloc!

shade

Marcelloc:

We have tested the mod on a OPNsense Quad appliance box, running 2.1 with 2 scopes configured outsite the lan interface's subnet, a5406ZL handling the L3 routing & ip-helper pointing.

It took some time since we have alot of static dhcp entries that we need transfered to PFsense, and our finding is so far.

• dhcpd hands out the correct IP scopes, to the right vlans.
• config in sub scope (that used by os) are working.
• dhcp leases are shown, but buttons/links are not working*

• If you try to send a wake-on-lan by cliking the MAC it selects a wrong interface a says:

The following input errors were detected: A valid interface must be specified.

I can just correct the interface to LAN and press send then it works.

If we try to make a static by clicking the "add button", it just return to the start page of the dhcpd, that is not possible.

• logging of sub scopes works.

Sep 27 13:23:21 dhcpd: DHCPACK on 10.1.5.70 to 00:23:14:94:6e:bc (EUCBTPR-Pc) via em0
Sep 27 13:23:21 dhcpd: DHCPREQUEST for 10.1.5.70 from 00:23:14:94:6e:bc (EUCBTPR-Pc) via em0

(ours in also in reverse)

shade

@ermal:

You would probably have that development done from pfSense devs through support channel with the amount of 1600$.
For this feature it would not require more than that.

Please explain, won't it be possible for us to get the patch from marcelloc included upstream ? or….

xbipin

@shade:

@ermal:

You would probably have that development done from pfSense devs through support channel with the amount of 1600$.
For this feature it would not require more than that.

Please explain, won't it be possible for us to get the patch from marcelloc included upstream ? or….

+1

marcelloc

I will push it to 2.2 code since I have a positive feed from you. Core team will check the code and if it's ok, it can be merged.

bennyc

• If you try to send a wake-on-lan by cliking the MAC it selects a wrong interface a says:

Don't know about the button, but the "Wake on lan" as a feature inside those scopes but outside your interface subnet will not work I think. That also uses broadcast, and thus remains within your vlan…. or you need to do some additional configuration on your router by forwarding the broadcasts...

The buttons (like add static mapping) does a redirect to the main dhcp page, but the mapping is not present as you say (did not test that, don't use static mappings).

shade

@marcelloc:

I will push it to 2.2 code since I have a positive feed from you. Core team will check the code and if it's ok, it can be merged.

Sound great  :D

shade

@bennyc:

The buttons (like add static mapping) does a redirect to the main dhcp page, but the mapping is not present as you say (did not test that, don't use static mappings).

That we use alot :/ So it is important for me..

@bennyc:

Don't know about the button, but the "Wake on lan" as a feature inside those scopes but outside your interface subnet will not work I think. That also uses broadcast, and thus remains within your vlan…. or you need to do some additional configuration on your router by forwarding the broadcasts...

You can configure that in your core so WOL packets can get from one vlan to another…

marcelloc

@shade:

That we use alot :/ So it is important for me..

I'll check it today.

shade

@marcelloc:

@shade:

That we use alot :/ So it is important for me..

I'll check it today.

Thanks :)

marcelloc

I've sent you modified files including dhcp leases update.

Please test and feedback.

bennyc

as already confirmed through pm  :)

I already updated my system with your code, and can confirm it works.

Test sequence:

• add device on the network
• obtained lease from additional pool
• go to the DHCP leases page, select "+" next to the address of interest
• arrived on the "Services: DHCP: Edit static mapping" page, where you can edit/save the mapping
• entry is added in the dhcpd.conf file as follows:

host s_lan_0 {
	hardware ethernet 3c:c2:43:ca:xx:xx;
	fixed-address 192.168.3.1;
	option host-name "Win8Phone";
}

• afterwards, this host shows as static in "Status: DHCP leases", and the "+" sign is red and inactive

shade

Marcelloc:

I have updated my PFsense with your patch, and can confirm that it works.

Now static leases on subnet and WOL works.

Looking forward to see it in upstream - Excellent work, two thumbs up :)

WetWilly: Have you tried it ?

marcelloc

Pull request sent. ;D

I had to change some parts for 2.2 but it's done again!

https://github.com/pfsense/pfsense/pull/816

shade

Marcelloc:

I have now added several "sub" scopes, and alot of static leases and everything works as excepted :)

It is first time I have tried a bounty and are also a "new" pfsense user, so I have a few mabee newbie questions:

• When 2.1.1 are leases, are the patch still active ? or shall it be reapplied ? or is it even compatible ?
• Will that be the same for each release up to 2.2 when is it included upstream ?
• I have read the guidelines about payment and are a little confused  ? Can I just sent you a paypal payment, or is that against policy ?

To the other creators of this bounty, I feel the bounty is solved, how about you ?

marcelloc

@shade:

• When 2.1.1 are leases, are the patch still active ? or shall it be reapplied ? or is it even compatible ?

If there is no changes to files I've modified between 2.1 and 2.1.1 it will work fine.

@shade:

• Will that be the same for each release up to 2.2 when is it included upstream ?

Since pull request is merged. It will be part of pfsense 2.2

@shade:

• I have read the guidelines about payment and are a little confused  ? Can I just sent you a paypal payment, or is that against policy ?

Just send to my paypal account. marcellocoutinho@gmail.com

bennyc

I agree with Shade, the bounty is completed I think. (though I'm not an autor)
If Marcelloc gets all his payments, the bounty can be moved to the "completed" section…

marcelloc

@bennyc:

If Marcelloc gets all his payments, the bounty can be moved to the "completed" section…

Not yet. I received only from you and shade.

Total bounty US$ 1.100 received US$ 550