DHCPd with multiple ipv4 subnets outside of local interface network. (300US$)

marcelloc · Apr 24, 2014, 7:54 PM

sure bennyc, you paid for this code.

btw, i'll have to code it again and send for the third time the pull request…

bennyc · Apr 24, 2014, 8:14 PM

Yes, but technically the bounty is not complete ::)
And I do respect your work -as it should-, so I thought it was only fair we got your approval for this ;)
That being said, I sure hope you get that pull request working. (otherwise I would need to implement the feature manually each upgrade :( Not an impossible task, but would like to avoid that if possible)
If you ever should need help for testing this feature again, do not hesitate to contact me…

@madstupid, I will pm you the instructions I got from Marcelloc.

va176thunderbolt · Jun 18, 2014, 5:32 PM

How much of the bounty is still outstanding? I'd like to kick some funds.

Adam

marcelloc · Jun 18, 2014, 5:59 PM

@marcelloc:

Total bounty was US$ 1.100 but I received US$ 550

kanylbullen · Jun 19, 2014, 7:26 AM

Hi Everyone!

I'll gladly chip in $100 so I can turn off that old windows server that's only acting as DHCP for all subnets.

marcelloc, do I just use your paypal donation links?

I'm on 2.1.3

Thanks!

marcelloc · Jun 19, 2014, 10:37 PM

Yes. Send to my PayPal account.

mtisza · Jul 13, 2014, 11:03 PM

I'm wondering what is the status of getting this into the next version of pfsense. I'd gladly send money ($100US seems to be the going rate, am I correct?) to marcelloc for the work done, but I would like to get a warm fuzzy that I'm not going to be stuck on 2.1.x when upcoming releases are made because I'm depending on this.

@marcelloc, if 2.2 comes out and it doesn't support this feature yet, do you plan on maintaining/updating the patch set to work on the newer version?

I'm currently on 2.1.4
Thanks!
-Miki

marcelloc · Jul 14, 2014, 10:06 AM

Mtisza, I'll check the code and try to push it to 2.2

My PayPal account is marcellocoutinho@gmail.com.

Thanks for your donation.

mtisza · Aug 12, 2014, 8:09 PM

marcelloc,

I've send the bounty, can you please send me the patches and instructions to apply them?

Thanks,
mtisza

marcelloc · Aug 13, 2014, 6:25 PM

@mtisza:

I've send the bounty, can you please send me the patches and instructions to apply them?

Sure. Sorry for the long delay.

deathnite · Aug 14, 2014, 8:03 AM

Im in the same boat. Im sharing my internet connection to a family down the road over a wireless bridge. They cant afford to get internet into their house, and the kids need it for school. This is a routed network over a wireless bridge so I cant extend the interface over to their house to hand out IP's.

I need to turn off my old server to save power (its getting kinda expensive to run just for DHCP).

I'd love to know if this is getting committed in 2.2 as well

I'd also like to donate but not sure I can afford the larger dollar amounts already provided.

Thanks

MnM · Aug 14, 2014, 11:35 AM

Same here - just running a home setup but cant afford the large sums other ppl can donate :( I can squeeze $25 and help the cause but not sure if is acceptable.

marcelloc · Aug 14, 2014, 2:42 PM

Any donation is acceptable for this bounty.

I'll try to push it to 2.2 again soon.

deathnite · Aug 15, 2014, 2:26 AM

Awesome.

Ive sent the bounty to marcellocoutinho@gmail.com

Cheers

Cam

MnM · Aug 15, 2014, 8:58 AM

I have also sent the bounty to marcellocoutinho@gmail.com

Please PM me the instructions and where to get the files from.

MnM · Aug 19, 2014, 12:20 AM

deathnite: did u get the instructions and files? I am still waiting :(

marcelloc · Aug 19, 2014, 12:24 AM

I`ll send it right now

Sorry for the long delay.

And thanks for your donation. :)

MnM · Aug 19, 2014, 12:30 AM

:) Thank you marcelloc!

deathnite · Aug 19, 2014, 4:04 AM

Thanks Mate,

This is a ripper. All my vlans across and working fine. (onto url filtering next)

One bug I did pickup
on the page https://192.168.0.1/status_dhcp_leases.php, when I want to "add a static mapping for this MAC address" for any IP address in the 192.168.1.0/24 range for example.

I click on the button "add a static mapping for this MAC address" it redirects to the page https://192.168.0.1/services_dhcp.php and throws the error "The DHCP Server can only be enabled on interfaces configured with static IP addresses. Only interfaces configured with a static IP will be shown."

This only happens for the addition pools which do not belong to the same interface.

this rocks otherwise.. cheers..Cam

MnM · Aug 20, 2014, 12:12 AM

I am still trying to get this to work as I need it…not much luck :(

Below, I will describe my setup, how it works now and perhaps anyone has an idea to make my setup work with this DHCPd addon?

Pfsesnse 2.1.4

Two physical internal NICs - LAN = 192.168.0.0 and Guests 172.20.0.0
Both LAN and Guests plugged into the same switch.

LAN
Enable DHCP server on LAN interfaceto
Deny unknown clients
All other normal settings plus
Enable Static ARP Entries
Then I have a few DCHP Static Mappings for the interface

Guests
Enable DHCP server on GUEST interface
All other normal settings plus

Now, as the setup above by itself didnt give me what I needed, I modified dhcpd.conf manually with the required settings and then modified /etc/inc/services.inc to write the pfsense dhcpd config to dhcpd.conf.auto (so it doesnt overwrite my config when it reboots) as per below:

/* write dhcpd.conf */
if (!@file_put_contents("{$g['dhcpd_chroot_path']}/etc/dhcpd.conf.auto", $dhcpdconf)) {
printf(gettext("Error: cannot open dhcpd.conf in services_dhcpdv4_configure().%s"), "\n");
unset($dhcpdconf);
return 1;

My dhcpd.conf looks like:

max-lease-time 43200;
default-lease-time 86400;
ddns-update-style interim;

log-facility local4;

DPI Network

shared-network DPI {
# Guests
subnet 172.20.0.0 netmask 255.255.255.0 {
authoritative;
allow unknown-clients;
# don't let clients update A records for ddns;
ignore client-updates;
range 172.20.0.10 172.20.0.30;
max-lease-time 86400;
default-lease-time 43200;
option subnet-mask 255.255.255.0;
option broadcast-address 172.20.0.255;
option domain-name "guest.domain.tld";
option domain-name-servers 172.20.0.254;
option routers 172.20.0.254;
option ntp-servers 172.20.0.254;
allow unknown-clients;
}
# DPI
subnet 192.168.0.0 netmask 255.255.255.0 {
authoritative;
deny unknown-clients;

range 192.168.0.1 192.168.0.9;
max-lease-time 864000;
default-lease-time 432000;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option domain-name "dpi.com";
option domain-name-servers 192.168.0.254;
option routers 192.168.0.254;
option ntp-servers 192.168.0.254;
host NAS {
hardware ethernet 00:02:b3:0c:28:54;
fixed-address 192.168.0.5;
}
deny unknown-clients;

range 192.168.0.10 192.168.0.15;
max-lease-time 86400;
default-lease-time 43200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option domain-name "dpi.com";
option domain-name-servers 192.168.0.254;
option routers 192.168.0.254;
option ntp-servers 192.168.0.254;
host ps3 {
hardware ethernet a8:e3:ee:7b:ec:b0;
fixed-address 192.168.0.10;
}
deny unknown-clients;

range 192.168.0.20 192.168.0.25;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option domain-name "dpi.com";
option domain-name-servers 192.168.0.254;
option routers 192.168.0.254;
option ntp-servers 192.168.0.254;
host oppo93 {
hardware ethernet 00:22:de:89:5c:76;
fixed-address 192.168.0.20;
}
host dunemax {
hardware ethernet 00:16:e8:69:81:e3;
fixed-address 192.168.0.21;
}
host wdhub1 {
hardware ethernet 00:90:a9:a9:13:55;
fixed-address 192.168.0.22;
}
host wdhub2 {
hardware ethernet 00:90:a9:a8:68:b5;
fixed-address 192.168.0.23;
}
host jvc {
hardware ethernet 00:80:88:11:D7:D6;
fixed-address 192.168.0.24;
}
host yamaha {
hardware ethernet 00:a0:de:4c:a6:89;
fixed-address 192.168.0.25;
}
host lg {
hardware ethernet 3c93:11:95:8b;
fixed-address 192.168.0.26;
}
deny unknown-clients;

The above works exactly as I wanted:

A known (defined) device will get an IP form the 192.168.0.0 range.
If an unknown device tries to get and IP address, since its MAC is not defined anywhere it will receive an IP from the 172.20.0.0 network.

This way any guests coming to visit can get a wireless or a wired connection form any Access Point or network point in the house (that's why I am not using VLANs) on the different network than my main network.
Because I have enabled static ARP entries on the LAN interface, guests will not be able to use the LAN interface even if manually entering a 192.168.0.0 (LAN) network address - they will only be able to use the GUESTS NIC and network only.

Now the issue is this - every-time there is an update, I have to manually reconfigure /etc/inc/services.inc then copy my config back to dhcpd.conf
When I get new devices in the house I have manually add them to the dhcpd.conf
Since i am re-directing the output to dchpd.cong.auto the DHCPD logs are not a real representation of what is happening

So I though that with the new code from marcelloc I can get it to work like I have it now and have the added bonus of a GUI to change stuff. But I could not get it to work at all like above :(

pehaps I was wrong the new code form marcelloc doesn't support my configuration? (when i implemented it, it removed ll my custom config as it overwrites the file that I was modifying so basically it was like a normal config).

If anyone has any ideas what to try in the new config form marcelloc to achieve my existing config I am all ears :)

Thanks