DHCP Multiple subnet HELPER support



  • Does anyone know if pfSense includes or plans to include support for allowing DHCP ranges in multiple subnets to be specified under one interface so that pfSense is able to respond to DHCP requests that have been relayed to it from networks that are not local to it?

    Cisco's DHCP helper is a prime example, I might have multiple VLAN's, routed by a Cisco L3 switch, one VLAN contains a pfsense which is the L3 switch's upstream gateway. I want to use pfSense as the DHCP server for all subnets and in any other situation like this would use DHCP helper on the Cisco switch to relay DHCP requests to a specified server IP address.

    Does pfSense not allow this? If thats the case then I guess I will have to use Cisco's own DHCP server option or put in a third party DHCP server that can accept relayed requests.


  • LAYER 8 Netgate

    No. It currently does not.

    Yes, you need to use another DHCP server.

    Future plans, I don't know but wouldn't hold my breath.


  • Banned

    @tomstephens89:

    Does anyone know if pfSense includes or plans to include support for allowing DHCP ranges in multiple subnets to be specified under one interface so that pfSense is able to respond to DHCP requests that have been relayed to it from networks that are not local to it?

    No, apparently not. Not until hell has frozen.

    https://forum.pfsense.org/index.php?topic=65736.0
    https://github.com/pfsense/pfsense/pull/1406



  • Oh well, it was worth asking. Simple MS 2012 R2 box with DHCP then.



  • @doktornotor:

    @tomstephens89:

    Does anyone know if pfSense includes or plans to include support for allowing DHCP ranges in multiple subnets to be specified under one interface so that pfSense is able to respond to DHCP requests that have been relayed to it from networks that are not local to it?

    No, apparently not. Not until hell has frozen.

    https://forum.pfsense.org/index.php?topic=65736.0
    https://github.com/pfsense/pfsense/pull/1406

    Sad, really.  I wonder what is the rationale behind not wanting to add such a feature.  Sometimes a branch office doesn't need anything more than a router and a VPN, and besides, big name commercial firewalls support it (PaloAlto, Checkpoint, etc), so why not pfSense??



  • Simple MS 2012 R2 box with DHCP then.

    A *nix box would do with less resources and no MS license or activation nonsense.


  • LAYER 8 Netgate

    Yeah, the ISC DHCPd is perfectly capable of doing it, it's just the pfSense configgui that's missing.



  • For argument's sake, is the pfSense package structure designed in such a way as to allow a new package to be created that replaces a core functionality of pfSense?
    That way a stand-alone dhcpd server could be created with additional features.


  • Banned

    @awebster:

    For argument's sake, is the pfSense package structure designed in such a way as to allow a new package to be created that replaces a core functionality of pfSense?

    As a package? No. Look, the work has been done 4 times. And thrown to garbage can 4 times because noone could be bothered to review and merge it.



  • following with interest here…  ;)

    Though I'm not capable for creating such a package, I would think it shouldn't be impossible. Dhcp isn't that complicated, there are more complex packages available.
    But as already told here by doktornotor, we almost had it in pfSense as a baseline functionality. (better than an add-on)

    Yet for some dark reason, there seems to be no interest in getting that in pfSense... And I haven't seen anything about it on future plans or roadmap.


  • Banned

    As a package, this is a no-go for that exact reason - DHCP is part of baseline functionality. Adding features there requires patching core system files. That's not what people should ever do in packages.



  • @doktornotor:

    As a package, this is a no-go for that exact reason - DHCP is part of baseline functionality. Adding features there requires patching core system files. That's not what people should ever do in packages.

    Fair enough. 
    Perhaps if the dhcpd.conf were manipulated through a template with replaceable tags that'd make it more extensible.  That way the GUI would continue to work by replacing tags in the template and one could also edit the template in a text box, call it expert mode, to add anything else you need and view the resulting dhcpd.conf.
    If you break it, revert to the default template and try again.



  • I would love to see this added as a core feature. It would really suit the pfsense + l3 switching set ups we all know and love on smaller deployments when having DNS, DHCP and other network services on dedicated boxes isn't required.



  • @tomstephens89 I will love it too!! it is very important today to have such a implementation while layer 3 switch are more chip and networks grow up!


Log in to reply