Adding static routes using DHCP [RFC 3442]
-
I have never done this before, so I thought I would share-
Inserting static routes
By default, the DHCP server provides a single route to the client, the default route of that subnet. This can be implied via the VLAN interface's IP address, or can be overridden without using a DHCP options. When additional routes are required that are not the default route, a DHCP option must be used. RFC 3442 specifies that options 121 and 249 must be used.
To add additional routes in pfSense under the VLAN's DHCP server option, click the 'Advanced' button under 'Additional BOOTP/DHCP Options'. If no options are already set, click on the + button; add two lines, one for DHCP option 121 and one for 249. Under the 'Number' column, insert these two options. The 'Type' column should be set to 'String'.
Generating the route hex values
The hex values that are required for the DHCP options must be generated in a specific format. For this method, we will be using a utility called HexRoute (http://www.xrx.ca/hexroute.htm). Copy and extract the shell script to your local Linux/Cygwin instance and run the command. This will provide you with the information that the command is looking for:
$ ./hexroute Usage: hexroute [-v|-h] target/bits [gw] gateway [target/bits [gw] gateway ...] ie: ./hexroute 172.16.0.0/16 gw 192.168.1.1i.e. we will want the clients of this subnet to be able to route traffic destined for 2.1.1.0/24 via the gateway 4.1.2.1
$ ./hexroute 2.1.1.0/24 gw 4.1.2.1 18:02:01:01:04:01:02:0Once the hex value is generated, insert this string into the 'Value' column for both DHCP options.
Converting the hex values back to binaryA small script can easily parse the hex values into a readable format (hexparse.sh).
#!/bin/bash toDecode=$1 for value in $(echo "$toDecode" | xargs -d':' -n1); do echo $((0x$value)) doneTo use this script, insert the hex string as the argument.
$ ./hexparse.sh 18:02:01:01:04:01:02:01 24 2 1 1 4 1 2 1Understanding the string syntax
Using the previous example, the string always starts with the block size specified in CIDR notation, followed by the network or address, and then the gateway.
Note that when specifying a network range that has the last octet's value of 0, it is simply omitted. When specifying a single host, all four octets will be present.
Appending additional routes to a preexisting string
If the DHCP server already has a value present, and an addition route is needed, concatenate the values and insert a colon.
Again using the previous example, we will add an additional route destined for 2.1.1.0/24 via the gateway 4.1.2.1
18:02:01:01:04:01:02:01 + 18:03:01:01:04:01:02:01 = 18:02:01:01:04:01:02:01:18:03:01:01:04:01:02:01
Replace the entire value with the new string.
Updating the clients
Depending on the operating system, the client will need to run the following:
Linux/BSD
dhclientWindows
ipconfig /release
ipconfig /renew