Windows SBS2003 unable to get DHCP leases



  • I have a pfSense box configured to forward PPTP to a windows SBS 2003 box.  When the SBS2003 box asks for a block of IPs (usually 10), I get an error on pfSense saying that the IP requests are duplicates.  Looking in Status | DHCP leases, that doesn't seem to be the case.

    This problem is erratic.  Sometimes it works, other times not.



  • I don't understand your setup. The SBS is the Endpoint for the PPTP-VPN but the pfSense should do the DHCP? pfSense does the DHCP for the LAN-Clients as well? If that's the case this setup is a bit confusing. Don't you have a Domaincontroller that does DHCP/DNS for your Domain?



  • The SBS2003 is a domain controller, but is not the router nor the DHCP server.  In the RAS (Remote Access System) setup (wizard) it allows to use a DHCP server that it will forward the requests to.  The SBS2003 is also not the DNS server; the router is.  To avoid problems with Domain authentification the DHCP is configured for the clients to go to the SBS2003 server and the SBS2003 server is configured to go to the router (pfSense).  This is configured in the Internet Connection Setup on the SBS2003.



  • This is just my opinion, and I'm just trying to be helpful, so don't be offended- but you are crazy and doing it wrong. The SBS server, NOT the firewall, should be running your DNS and DHCP. This will avoid many headaches, trust me on this one. The SBS server should point to it's own address for DNS, as well as the windows clients, or your AD will be sad.



  • Yep with AD I'd run the DNS and DHCP on the SBS server. They integrate nicely together and I think you will find your life much easier.



  • @rsw686:

    Yep with AD I'd run the DNS and DHCP on the SBS server. They integrate nicely together and I think you will find your life much easier.

    Is that the prefered way when using Windows Server 2k3 with AD too?
    Cause right now at work IPCOP handling the DHCP.
    The server is setup with an static configuration and is pointing to itself like it should.



  • That's correct.  IPCOP does this like a charm, but pfSense won't.  I know there's opinions out there, but I'm in the camp that the router should be doing the DNS & DHCP.



  • @dcabot:

    That's correct.  IPCOP does this like a charm, but pfSense won't.

    I don't get your point.
    pfSense does DNS and DHCP nicely but doesn't know about AD obviously.
    If you are running an AD domain, shifting the necessary services to the DC is best practice. Can't imaging what another router might be doing more charmingly here.



  • @jahonix:

    @dcabot:

    That's correct.  IPCOP does this like a charm, but pfSense won't.

    pfSense does DNS and DHCP nicely but doesn't know about AD obviously.

    Exactly right, the problem being that with MS DNS and DHCP isn't just DNS and DHCP, "it's something wonderfull and fantastic" that MShit just couldn't keep within the standard (what else is new)  :-\



  • Try capturing the traffic with wireshark on pfS and on IPCOP and lets try to find out what is different.  They are both isc-dhcp-server3 after all…



  • Can both IPCop or pfSense be used at the same time has an backup? Like a failover.



  • I wouldn't think so unless ipcop supports CARP (which it doesn't afaik).


Locked