Bug #13502
closed
dhclient sends RENEW-Request through wrong interface
0%
Description
There are 2 interfaces, WAN and WAN2. Both get an IP from the same DHCP server (1.2.3.4) but each on a different subnet (WAN: 192.168.1.1/24 and WAN2: 192.168.2.1/24). Now when WAN2 renews it's IP it sends a request from 192.168.2.1 to 1.2.3.4, but that request is for some reason sent out through WAN instead of WAN2 (but using WAN2s source MAC address) so it won't get an answer. It seems to be a bug in dhclient as using ping with the source address works fine, even sending out a packet through nc like this works and it exits the firewall (verified with tcpdump).echo "Test" | nc -u -s 192.168.2.1 1.2.3.4 67
Updated by Jim Pingle over 1 year ago
- Status changed from New to Needs Patch
- Target version deleted (
2.7.0) - Plus Target Version deleted (
22.11)
Looks like an upstream bug, unlikely there is anything we'll be able to do about that. If you can replicate that on a plain FreeBSD installation you may want to report that to FreeBSD directly.
Also we have never claimed to support two WANs on the same upstream source. It works by chance in some circumstances (e.g. PPPoE) with side effects like broken gateway monitoring, but we always tell people it isn't supported. Even if both WANs get different subnets assigned the DHCP server is the same as far as the OS can tell from the IP address, so sorting that out is tricky and depends a lot on how the client decides to source its responses.
Updated by Flole Systems over 1 year ago
Can we do some pf magic and redirect the traffic through the correct interface? It could be matched on source address and destination port and then sent through the correct gateway, maybe with a floating rule? Or is it already too late when an outbound floating rule on WAN sets the gateway to WAN2-GW?
I know that's not perfect, but maybe that is something that can be done and mentioned somewhere in the docs as a workaround for this?
There are different dhclient processes for each interface though (for IPv6 that's a completely different thing) so they don't even know that another interface is talking to the same DHCP server. And I am not sure what would happen if different DHCP servers would be used and why the traffic should exit the correct interface in that case if the dhcp server is not in the same subnet and the dhcp servers IP should be routed through the default gateway according to the routing table.
Updated by Flole Systems over 1 year ago
Upstream bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266508