No DHCP for OS X clients (probably Linux as well), Windows work fine



  • Hi, there,
    I have two similar pfSense v2.2.2 installations with OpenVPN bridged to LAN.
    OpenVPN is configured to forward DHCP requests to LAN DHCP server.
    In one installation this works perfectly with all client OS'es, Windows, OS X and Linux, no issues here.
    In the other one Windows clients get DHCP addresses, OS X do not get DHCP addresses. If I set IP address manually on OS X, all works.

    I have done some wiresharking and I see that OS X client never receives DHCPOFFER from server. Server keeps sending DHCPOFFER and client keeps sending DHCPDISCOVER packets. But Windows works OK. Why??

    So I could blame all sorts of network stuff in between client and server or maybe OS implementation specifics, BUT:

    1. windows clients work fine in the same setup;
    2. same OS X clients work fine with the other pfSense installation.

    Now I am confused. Any hints greatly appreciated.
    Thanks for your time,
    shpokas



  • Packet capture shows that windows client sends broadcast message and dhcp server replies with broadcast - all works, dhcp address received.
    OS X client sends unicast request message and dhcp server replies with unicast - this reply never reaches OS X client.
    How do I enable unicast messages to go through pfSense back to dhcp client?



  • Well, it's not pfSense's DHCP server, I have ISC DHCP server in LAN.
    True, as you said, with pfSense DHCP server all clients work, tried that, too.

    But now it seems that unicasted packets from LAN DHCP server do not make through bridge.
    Broadcast packets do. Is there a way to debug this? I do not see any related entries in firewall log.


  • Netgate

    OpenVPN bridges are not a recommended configuration.



  • I can even see those packets from DHCP servers on the pfSense bridge interface, packet capture file attached. Note, pcap renamed to jpg.
    I have two redundant DHCP servers setup as per ISC docs.

    Server 10.67.20.31 is offering IP address 10.67.20.104
    Server 10.67.20.34 is offering IP address 10.67.20.137

    But why these packets never reach DHCP client machine?

    pfsense.jpg



  • Continuing my monologue…
    A bit more of experiment reveals that if DHCP relay is enabled then OS X DHCP client works with internal DHCP server, too.
    But I have a DHCP server running on DMZ interface and I cannot run DHCP relay.
    I will continue this topic in DHCP/DNS forum as it seems more appropriate.