pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162016-08-16T03:33:13ZpfSense bugtracker
Redmine pfSense - Bug #6720 (Resolved): DHCPD Options in "Sub-"Pools ignored, dhcpd.conf does not contain...https://redmine.pfsense.org/issues/67202016-08-16T03:33:13ZHarald Gutmann
<p>Dear Maintainers,</p>
<p>we have recently discovered that pfsense 2.3.2-RELEASE does not treat Options in DHCP "Sub-"Pools properly.<br />Please find below an example of what we want to achieve in the dhcpd.conf, critical points highlighted <strong>bold</strong>:</p>
<blockquote>
<p>option custom-opt8-0 code 66 = string;<br />option custom-opt8-1 code 66 = string;<br />option custom-opt8-2 code 66 = string;<br /><strong><span><------------------------cut------------------------</span><</strong><br />class "001565" {<br />match if substring (hardware, 1, 3) = 00:15:65;<br />}<br />class "00A0BA" {<br />match if substring (hardware, 1, 3) = 00:A0:BA;<br />}<br />class "000DB9" {<br />match if substring (hardware, 1, 3) = 00:0D:B9;<br />}<br />subnet 10.10.100.0 netmask 255.255.255.0 {<br />pool {<br />deny members of "001565";<br />deny members of "00A0BA";<br />deny members of "000DB9";<br />range 10.10.100.110 10.10.100.150;<br />}</p>
<p>pool {<br />allow members of "00A0BA";<br />range 10.10.100.102 10.10.100.103;<br /><strong>option custom-opt8-1 "http://10.10.100.100/provision-path-specific/to-102-103/</strong><br />}</p>
<p>pool {<br />allow members of "000DB9";<br />range 10.10.100.100 10.10.100.101;<br />}</p>
<p>pool {<br />allow members of "001565";<br />range 10.10.100.1 10.10.100.99;<br /><strong>option custom-opt8-2 "http://10.10.100.100/provision-path-specific/to-001565/</strong><br />}</p>
<p>option routers 10.10.100.254;<br />option domain-name-servers 10.10.100.254;<br />option ntp-servers 10.10.100.254;</p>
<p>option custom-opt8-0 "http://10.10.100.100/general-provision-path/";<br />}</p>
</blockquote>
<p>The values we want to set and serve through dhcpd can be configured in the webinterface & are exported properly with "Backup & Restore". XML files look like this:</p>
<blockquote>
<p><opt8><br /><range><br /><from>10.10.100.110</from><br /><to>10.10.100.150</to><br /></range><br /><enable/><br /><failover_peerip/><br /><dhcpleaseinlocaltime/><br /><defaultleasetime/><br /><maxleasetime/><br /><netmask/><br /><gateway/><br /><domain/><br /><domainsearchlist/><br /><ddnsdomain/><br /><mac_allow/><br /><mac_deny>00:15:65,00:A0:BA,00:0D:B9</mac_deny><br /><tftp/><br /><ldap/><br /><nextserver/><br /><filename/><br /><rootpath/><br /><numberoptions><br /><item><br /><number>66</number><br /><type>string</type><br /><value>Imh0dHA6Ly8xMC4xMC4xMDAuMTAwL2FwcC9wcm92aXNpb24vIg==</value><br /></item><br /></numberoptions><br /><ddnsdomainprimary/><br /><ddnsdomainkeyname/><br /><ddnsdomainkey/><br /><filename32/><br /><filename64/><br /><strong><pool></strong><br /><range><br /><from>10.10.100.1</from><br /><to>10.10.100.99</to><br /></range><br /><descr><![CDATA[Yealink Phones]]></descr><br /><defaultleasetime/><br /><maxleasetime/><br /><netmask></netmask><br /><gateway/><br /><domain/><br /><domainsearchlist/><br /><ddnsdomain/><br /><ddnsdomainprimary/><br /><ddnsdomainkeyname/><br /><ddnsdomainkey/><br /><mac_allow>00:15:65</mac_allow><br /><mac_deny/><br /><tftp/><br /><ldap/><br /><nextserver/><br /><filename/><br /><filename32/><br /><filename64/><br /><rootpath/><br /><strong><numberoptions></strong><br /><strong><item></strong><br /><strong><number>66</number></strong><br /><strong><type>string</type></strong><br /><strong><value>Imh0dHA6Ly8xMC4xMC4xMDAuMTAwL2luc2lkZS1zdWItcG9vbC9vcHRpb242NiI=</value></strong><br /><strong></item></strong><br /><strong></numberoptions></strong><br /><strong><ntpserver>10.10.100.254</ntpserver></strong><br /><strong></pool></strong><br /><staticmap/><br /><ntpserver>10.10.100.254</ntpserver><br /></opt8></p>
</blockquote>
<p>The critical point is that this settings are not reflected in the dhcpd.conf, which still looks like this:</p>
<blockquote>
<p>option custom-opt8-2 code 66 = string;<br /><strong><span><------------------------cut------------------------</span><</strong><br />subnet 10.10.100.0 netmask 255.255.255.0 {<br />pool {<br />deny members of "001565";<br />deny members of "00A0BA";<br />deny members of "000DB9";<br />range 10.10.100.110 10.10.100.150;<br />}</p>
<p>pool {<br />allow members of "00A0BA";<br />range 10.10.100.102 10.10.100.103;<br />}</p>
<p>pool {<br />allow members of "000DB9";<br />range 10.10.100.100 10.10.100.101;<br />}</p>
<p><strong>pool {</strong><br /><strong>allow members of "001565";</strong><br /><strong>range 10.10.100.1 10.10.100.99;</strong><br />*}*</p>
<p>option routers 10.10.100.254;<br />option domain-name-servers 10.10.100.254;<br />option ntp-servers 10.10.100.254;</p>
<p>option custom-opt8-0 "http://10.10.100.100/general-provision-path/";<br />}</p>
</blockquote>
<p>It seems that all other options are ignored as well. Setting ntp-server, dns-server and so forth is not working inside "Sub-"Pools. The values can be set, but dhcpd.conf is not updated accordingly.<br />Wit the above mentioned settings the hardware does get the proper IP-Address, dependant on the MAC, but all other DHCP options cannot be found in dhcpd.conf, and are as consequence not serverved during a dhcp request.</p>
<p>I've added a high priority to this issue, since the work & configuration flow of PFsense is in a way that the user will expect that the options are set correctly and served properly.</p>
<p>Many thanks in advance for your help!</p>
<p>Best regards,<br />Harald Gutmann</p>