Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCPd with multiple ipv4 subnets outside of local interface network. (300US$)

    Scheduled Pinned Locked Moved Bounties
    120 Posts 29 Posters 91.3k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      WetWilly
      last edited by

      Very interesting Marcelloc!  ;D

      Before you spend any more time I just want to make sure we are on the same level with the specification on this bounty.
      I would also like Shade to acknowledge before you start as he is funding the other half.

      I will rewrite the specification, Shade please acknowledge that you still pledge to this bounty and that you are satisfied with the specification (maybe you have something to add?)

      What we need is the following:

      • Possibility to configure multiple different subnets on the same interface under Services –> DHCP server.

      This seems to be done on your first screenshot. However, I dont ever want a local IP interface inside the range of the additional subnets as this will not be a local network for pfsense. It is only going to be used for DHCP. E.g. pfsense will not be default gateway for those additional subnets. It might be nice to leave it as optional for other users though.

      • Each subnet shall be configurable with separate gateway, DNS, WINS, Domain name etc. (Same options as current dhcp-pool including static leases)

      • The DHCP leases shall be visible under Status –> DHCP Leases. Preferbly sorted with different frame per subnet, or any other way to easily separate the different subnets.

      • dhcpd logs for all subnets shall be visible under Status –> System logs --> DHCP.

      • It must be coded in such a way that the changes can be deployed to upstream pfSense development (2.2).

      This is specifically a deal breaker for me, I don't want to be stuck with 2.1 forever in order to continue to use the  functionality from this bounty. Marcello, it looks like you are very active on these forums. Would you say its possible to commit the code to upstream pfsense development once it's done?

      Not needed
      IPv6 support is not needed at this time.

      If you need help with how to configure dhcpd.conf or if you have any other questons before getting started I can be of assistance.

      1 Reply Last reply Reply Quote 0
      • S Offline
        shade
        last edited by

        WetWilly: It sound like we still need the same thing..

        Marcelloc: Translated to config I need that the following works in the GUI

        Local Lan Interface

        subnet 172.16.0.0 netmask 255.255.0.0 {
                option routers 172.16.0.5;
                option subnet-mask 255.255.0.0;
                option broadcast-address 172.16.255.255;
                use-host-decl-names on;
                deny unknown-clients;
        }

        Wireless

        subnet 10.1.0.0 netmask 255.255.0.0 {
                range 10.1.1.1 10.1.1.254;
                range 10.1.2.1 10.1.2.254;
                range 10.1.3.1 10.1.3.254;
                range 10.1.4.1 10.1.4.254;
                range 10.1.5.1 10.1.5.254;
                range 10.1.6.1 10.1.6.254;
                option routers 10.1.0.5;
                option subnet-mask 255.255.0.0;
                option broadcast-address 10.1.255.255;
                use-host-decl-names on;
                one-lease-per-client true;
                default-lease-time 3600;
                max-lease-time 4800;
        }

        LAB

        subnet 192.168.100.0 netmask 255.255.255.0 {
                range 192.168.100.50 192.168.100.254;
                option domain-name-servers 172.16.0.2;
                option routers 192.168.100.1;
                option subnet-mask 255.255.255.0;
                option broadcast-address 192.168.100.255;
                use-host-decl-names on;
        }

        1 Reply Last reply Reply Quote 0
        • marcellocM Offline
          marcelloc
          last edited by

          I'm working based on these config result.

          As soon as I get a working code, I'll post here for testing.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • W Offline
            WetWilly
            last edited by

            Shade, nice to hear.

            Marcello. Looking forward to test your update!

            1 Reply Last reply Reply Quote 0
            • marcellocM Offline
              marcelloc
              last edited by

              I think I got it  ;D

              Check screenshots and result config

              option domain-name "localdomain";
              option ldap-server code 95 = text;
              option domain-search-list code 119 = text;
              
              default-lease-time 7200;
              max-lease-time 86400;
              log-facility local7;
              one-lease-per-client true;
              deny duplicates;
              ping-check true;
              authoritative;
              subnet 192.168.5.0 netmask 255.255.255.0 {
                      pool {
                              option domain-name-servers 8.8.8.8;
                              range 192.168.5.10 192.168.5.25;
                      }
              
                      option routers 192.168.5.1;
                      option domain-name-servers 8.8.8.8;
              
              }
              subnet 192.168.6.0 netmask 255.255.255.0 {
                      pool {
                              option domain-name-servers 8.8.8.8;
                              deny unknown-clients;
                              option routers 192.168.6.1;
                              range 192.168.6.35 192.168.6.140;
                      }
              
              }subnet 192.168.7.0 netmask 255.255.255.128 {
                      pool {
                              option routers 192.168.7.1;
                              range 192.168.7.10 192.168.7.90;
                      }
              
              }
              

              I'll send you modified files.

              I've did minimum changes to current code to get easier to debugn and push to 2.2.

              This code does not affect basic dhcp setup, gui or config

              dhcp_server.png
              dhcp_server.png_thumb
              dhcp_additional_pool.png
              dhcp_additional_pool.png_thumb

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • S Offline
                shimabuku
                last edited by

                I would like to also chip in $100  :)

                1 Reply Last reply Reply Quote 0
                • marcellocM Offline
                  marcelloc
                  last edited by

                  @shimabuku:

                  I would like to also chip in $100  :)

                  Great!  ;D I'll send you this first version of the patch.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    bennyc
                    last edited by

                    This is something great & added value overall.
                    If really hope this makes it to the next releases (as accepted feature), and i'll also add in anther $50 to support dev a bit…

                    4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
                    1x PC Engines APU2C4, 1x PC Engines APU1C4

                    1 Reply Last reply Reply Quote 0
                    • S Offline
                      shade
                      last edited by

                      @marcelloc:

                      I think I got it  ;D

                      Great, I have downloaded the files and will test the update in the next couple of days…

                      1 Reply Last reply Reply Quote 0
                      • E Offline
                        eri--
                        last edited by

                        You would probably have that development done from pfSense devs through support channel with the amount of 1600$.
                        For this feature it would not require more than that.

                        1 Reply Last reply Reply Quote 0
                        • B Offline
                          bennyc
                          last edited by

                          I can hereby confirm the feature is working as requested in the bounty.
                          Tested the mod in following environment: x1250e running 2.1 & a couple of dhcp scopes configured outside of interface's subnet, c3560x doing L3 routing & ip-helper configured on some vlans pointing to pfsense.

                          • all config (pfsense anyway) can be done in gui
                          • dhcpd replies to correct (ip-helper) gateway, hands out IP in correct scope
                          • dhcp leases are visible, sorted on IP ascending, in same page (room for improvement here, if more scopes are used the list can get long/crowded)
                          • dhcp log page displays relevant information from all scopes (same here; leaves room for improvement)

                          example from dhcp log:
                          Sep 26 12:48:41 dhcpd: DHCPACK on 192.168.3.1 to 3x:cx:4x:cx:dx:8x (Win8Phone) via 192.168.3.254
                          Sep 26 12:48:41 dhcpd: DHCPREQUEST for 192.168.3.1 (192.168.1.254) from 3x:cx:4x:cx:dx:8x (Win8Phone) via 192.168.3.254

                          (yes my log is in reverse order  ;D)

                          Great work Marcelloc!

                          4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
                          1x PC Engines APU2C4, 1x PC Engines APU1C4

                          1 Reply Last reply Reply Quote 0
                          • S Offline
                            shade
                            last edited by

                            Marcelloc:

                            We have tested the mod on a OPNsense Quad appliance box, running 2.1 with 2 scopes configured outsite the lan interface's subnet, a5406ZL handling the L3 routing & ip-helper pointing.

                            It took some time since we have alot of static dhcp entries that we need transfered to PFsense, and our finding is so far.

                            • dhcpd hands out the correct IP scopes, to the right vlans.
                            • config in sub scope (that used by os) are working.
                            • dhcp leases are shown, but buttons/links are not working*
                            • If you try to send a wake-on-lan by cliking the MAC it selects a wrong interface a says:

                            The following input errors were detected: A valid interface must be specified.

                            I can just correct the interface to LAN and press send then it works.

                            If we try to make a static by clicking the "add button", it just return to the start page of the dhcpd, that is not possible.

                            • logging of sub scopes works.

                            Sep 27 13:23:21 dhcpd: DHCPACK on 10.1.5.70 to 00:23:14:94:6e:bc (EUCBTPR-Pc) via em0
                            Sep 27 13:23:21 dhcpd: DHCPREQUEST for 10.1.5.70 from 00:23:14:94:6e:bc (EUCBTPR-Pc) via em0

                            (ours in also in reverse)

                            1 Reply Last reply Reply Quote 0
                            • S Offline
                              shade
                              last edited by

                              @ermal:

                              You would probably have that development done from pfSense devs through support channel with the amount of 1600$.
                              For this feature it would not require more than that.

                              Please explain, won't it be possible for us to get the patch from marcelloc included upstream ? or….

                              1 Reply Last reply Reply Quote 0
                              • X Offline
                                xbipin
                                last edited by

                                @shade:

                                @ermal:

                                You would probably have that development done from pfSense devs through support channel with the amount of 1600$.
                                For this feature it would not require more than that.

                                Please explain, won't it be possible for us to get the patch from marcelloc included upstream ? or….

                                +1

                                1 Reply Last reply Reply Quote 0
                                • marcellocM Offline
                                  marcelloc
                                  last edited by

                                  I will push it to 2.2 code since I have a positive feed from you. Core team will check the code and if it's ok, it can be merged.

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • B Offline
                                    bennyc
                                    last edited by

                                    • If you try to send a wake-on-lan by cliking the MAC it selects a wrong interface a says:

                                    Don't know about the button, but the "Wake on lan" as a feature inside those scopes but outside your interface subnet will not work I think. That also uses broadcast, and thus remains within your vlan…. or you need to do some additional configuration on your router by forwarding the broadcasts...

                                    The buttons (like add static mapping) does a redirect to the main dhcp page, but the mapping is not present as you say (did not test that, don't use static mappings).

                                    4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
                                    1x PC Engines APU2C4, 1x PC Engines APU1C4

                                    1 Reply Last reply Reply Quote 0
                                    • S Offline
                                      shade
                                      last edited by

                                      @marcelloc:

                                      I will push it to 2.2 code since I have a positive feed from you. Core team will check the code and if it's ok, it can be merged.

                                      Sound great  :D

                                      1 Reply Last reply Reply Quote 0
                                      • S Offline
                                        shade
                                        last edited by

                                        @bennyc:

                                        The buttons (like add static mapping) does a redirect to the main dhcp page, but the mapping is not present as you say (did not test that, don't use static mappings).

                                        That we use alot :/ So it is important for me..

                                        @bennyc:

                                        Don't know about the button, but the "Wake on lan" as a feature inside those scopes but outside your interface subnet will not work I think. That also uses broadcast, and thus remains within your vlan…. or you need to do some additional configuration on your router by forwarding the broadcasts...

                                        You can configure that in your core so WOL packets can get from one vlan to another…

                                        1 Reply Last reply Reply Quote 0
                                        • marcellocM Offline
                                          marcelloc
                                          last edited by

                                          @shade:

                                          That we use alot :/ So it is important for me..

                                          I'll check it today.

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          • S Offline
                                            shade
                                            last edited by

                                            @marcelloc:

                                            @shade:

                                            That we use alot :/ So it is important for me..

                                            I'll check it today.

                                            Thanks :)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.