DHCPd with multiple ipv4 subnets outside of local interface network. (300US$)

WetWilly · Aug 22, 2013, 1:10 PM

Greetings.
We are in need of dhcpd support with multiple subnets configurable from the webgui.
Currently running pfSense 2.0.3 stable.

As it is today pfSense is only able to handle out dhcp-leases for the local subnet configured on the interface. E.g. 192.168.0.1/24.

We want to use DHCP-relay (ip-helper in Cisco world) from other routers to forward dhcp-requests to pfSense, which will then handle out DHCP leases for the correct subnet. 192.168.1.0/24, 192.168.2.0/24 192.168.4.0/23 and so forth. Public nets should of course also be configurable.
The functionality is already built in isc-dhcp server, it's the configurability in the pfSense webgui that is missing.

What we need is the following:

Possibility to configure multiple different subnets on the same interface under Services –> DHCP server.
Each subnet shall be configurable with separate gateway, DNS, WINS, Domain name etc. (Same options as current dhcp-pool including static leases)
The DHCP leases shall be visible under Status –> DHCP Leases. Preferbly sorted with different frame per subnet, or any other way to easily separate the different subnets.
dhcpd logs for all subnets shall be visible under Status –> System logs --> DHCP.
It must be coded in such a way that the changes can be deployed to upstream pfSense development (2.1).

Variables
If it is too much work to make the code compatible with both 2.0.3 and upstream 2.1. It is better to make it compatible with 2.1 only.

Not needed
IPv6 support is not needed.

If there is any taker or questions post them in the thread or send a PM.
I can provide you with the correct dhcpd.conf configuration for multiple subnets if needed.

xbipin · Aug 31, 2013, 2:26 PM

i was also looking for something like this

WetWilly · Sep 1, 2013, 3:23 PM

xbipin, perfect. How much are you willing to chip in to make this bounty more interesting for developers??

Since noone has responded so far I recon people consider the bounty not being worth it with the current payout.

We can increase the bounty to 500US$.

xbipin · Sep 1, 2013, 4:29 PM

the amount is fine but to my experience this would be tough to do as i had a similar requirement in the past but due to some restrictions it wasnt possible to do but lets see if some1 responds first, the amount can be worked on later

shade · Sep 2, 2013, 8:50 PM

I'm also interested for this for pfSense 2.1

I will chip in with $300

xbipin · Sep 3, 2013, 4:56 AM

$50 from me because as of now i dont require this but it would be a good feature to have and to support development

WetWilly · Sep 3, 2013, 3:01 PM

Alright, so that makes the current payout 850 US$.

xbipin, just for reference, could you try to locate the old thread? I tried to look through all your posts but it was too much of as hassle to scroll through 1172 posts.

Shame it's not possible to update the subject of original post to reflect the higher bounty.

xbipin · Sep 3, 2013, 4:35 PM

actually that thread was for something else but this question i had asked and i had got that reply, it would definitely be difficult to locate it but ill try searching from what i remember

shade · Sep 9, 2013, 3:49 PM

I can also increase my part of the bounty to 500US$.

That makes the current payout 1050 US$.

WetWilly · Sep 16, 2013, 8:21 AM

As 2.1 was released (Great work pfSense team) some variables in the bounty has changed for the easier.

Design it to be supported in 2.1 and in such a way that it can be deployed into upstream pfSense development (2.2).

The current bounty of 1050US$ is still valid.

marcelloc · Sep 17, 2013, 1:23 AM

I can take a look on it. :)

Basically you need a list of DCHP ranges on each interface tab?

It may depend on interface aliases and/or addresses?

Attached a first screenshot that "fix" gui to accept dhcp ranges for all configured networks on interface.

The service does not starts as it need fixes on code too.

All new functions may take some time as it will need a lot of changes.

marcelloc · Sep 17, 2013, 2:55 AM

Maybe a list of all configured subnets?

WetWilly · Sep 17, 2013, 8:37 AM

Very interesting Marcelloc! ;D

Before you spend any more time I just want to make sure we are on the same level with the specification on this bounty.
I would also like Shade to acknowledge before you start as he is funding the other half.

I will rewrite the specification, Shade please acknowledge that you still pledge to this bounty and that you are satisfied with the specification (maybe you have something to add?)

What we need is the following:

Possibility to configure multiple different subnets on the same interface under Services –> DHCP server.

This seems to be done on your first screenshot. However, I dont ever want a local IP interface inside the range of the additional subnets as this will not be a local network for pfsense. It is only going to be used for DHCP. E.g. pfsense will not be default gateway for those additional subnets. It might be nice to leave it as optional for other users though.

Each subnet shall be configurable with separate gateway, DNS, WINS, Domain name etc. (Same options as current dhcp-pool including static leases)
The DHCP leases shall be visible under Status –> DHCP Leases. Preferbly sorted with different frame per subnet, or any other way to easily separate the different subnets.
dhcpd logs for all subnets shall be visible under Status –> System logs --> DHCP.
It must be coded in such a way that the changes can be deployed to upstream pfSense development (2.2).

This is specifically a deal breaker for me, I don't want to be stuck with 2.1 forever in order to continue to use the functionality from this bounty. Marcello, it looks like you are very active on these forums. Would you say its possible to commit the code to upstream pfsense development once it's done?

Not needed
IPv6 support is not needed at this time.

If you need help with how to configure dhcpd.conf or if you have any other questons before getting started I can be of assistance.

shade · Sep 18, 2013, 9:11 AM

WetWilly: It sound like we still need the same thing..

Marcelloc: Translated to config I need that the following works in the GUI

Local Lan Interface

subnet 172.16.0.0 netmask 255.255.0.0 {
option routers 172.16.0.5;
option subnet-mask 255.255.0.0;
option broadcast-address 172.16.255.255;
use-host-decl-names on;
deny unknown-clients;
}

Wireless

subnet 10.1.0.0 netmask 255.255.0.0 {
range 10.1.1.1 10.1.1.254;
range 10.1.2.1 10.1.2.254;
range 10.1.3.1 10.1.3.254;
range 10.1.4.1 10.1.4.254;
range 10.1.5.1 10.1.5.254;
range 10.1.6.1 10.1.6.254;
option routers 10.1.0.5;
option subnet-mask 255.255.0.0;
option broadcast-address 10.1.255.255;
use-host-decl-names on;
one-lease-per-client true;
default-lease-time 3600;
max-lease-time 4800;
}

LAB

subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.50 192.168.100.254;
option domain-name-servers 172.16.0.2;
option routers 192.168.100.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.100.255;
use-host-decl-names on;
}

marcelloc · Sep 18, 2013, 10:09 AM

I'm working based on these config result.

As soon as I get a working code, I'll post here for testing.

WetWilly · Sep 18, 2013, 2:36 PM

Shade, nice to hear.

Marcello. Looking forward to test your update!

marcelloc · Sep 20, 2013, 3:35 AM

I think I got it ;D

Check screenshots and result config

option domain-name "localdomain";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
authoritative;
subnet 192.168.5.0 netmask 255.255.255.0 {
        pool {
                option domain-name-servers 8.8.8.8;
                range 192.168.5.10 192.168.5.25;
        }

        option routers 192.168.5.1;
        option domain-name-servers 8.8.8.8;

}
subnet 192.168.6.0 netmask 255.255.255.0 {
        pool {
                option domain-name-servers 8.8.8.8;
                deny unknown-clients;
                option routers 192.168.6.1;
                range 192.168.6.35 192.168.6.140;
        }

}subnet 192.168.7.0 netmask 255.255.255.128 {
        pool {
                option routers 192.168.7.1;
                range 192.168.7.10 192.168.7.90;
        }

}

I'll send you modified files.

I've did minimum changes to current code to get easier to debugn and push to 2.2.

This code does not affect basic dhcp setup, gui or config

shimabuku · Sep 21, 2013, 2:21 AM

I would like to also chip in $100 :)

marcelloc · Sep 21, 2013, 2:25 AM

@shimabuku:

I would like to also chip in $100 :)

Great! ;D I'll send you this first version of the patch.

bennyc · Sep 23, 2013, 9:33 AM

This is something great & added value overall.
If really hope this makes it to the next releases (as accepted feature), and i'll also add in anther $50 to support dev a bit…