Project

General

Profile

Actions

Bug #6720

closed

DHCPD Options in "Sub-"Pools ignored, dhcpd.conf does not contain informations, dhcpd therefore not serving

Added by Harald Gutmann over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
DHCP (IPv4)
Target version:
Start date:
08/16/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.2
Affected Architecture:
All

Description

Dear Maintainers,

we have recently discovered that pfsense 2.3.2-RELEASE does not treat Options in DHCP "Sub-"Pools properly.
Please find below an example of what we want to achieve in the dhcpd.conf, critical points highlighted bold:

option custom-opt8-0 code 66 = string;
option custom-opt8-1 code 66 = string;
option custom-opt8-2 code 66 = string;
<------------------------cut------------------------<
class "001565" {
match if substring (hardware, 1, 3) = 00:15:65;
}
class "00A0BA" {
match if substring (hardware, 1, 3) = 00:A0:BA;
}
class "000DB9" {
match if substring (hardware, 1, 3) = 00:0D:B9;
}
subnet 10.10.100.0 netmask 255.255.255.0 {
pool {
deny members of "001565";
deny members of "00A0BA";
deny members of "000DB9";
range 10.10.100.110 10.10.100.150;
}

pool {
allow members of "00A0BA";
range 10.10.100.102 10.10.100.103;
option custom-opt8-1 "http://10.10.100.100/provision-path-specific/to-102-103/
}

pool {
allow members of "000DB9";
range 10.10.100.100 10.10.100.101;
}

pool {
allow members of "001565";
range 10.10.100.1 10.10.100.99;
option custom-opt8-2 "http://10.10.100.100/provision-path-specific/to-001565/
}

option routers 10.10.100.254;
option domain-name-servers 10.10.100.254;
option ntp-servers 10.10.100.254;

option custom-opt8-0 "http://10.10.100.100/general-provision-path/";
}

The values we want to set and serve through dhcpd can be configured in the webinterface & are exported properly with "Backup & Restore". XML files look like this:

<opt8>
<range>
<from>10.10.100.110</from>
<to>10.10.100.150</to>
</range>
<enable/>
<failover_peerip/>
<dhcpleaseinlocaltime/>
<defaultleasetime/>
<maxleasetime/>
<netmask/>
<gateway/>
<domain/>
<domainsearchlist/>
<ddnsdomain/>
<mac_allow/>
<mac_deny>00:15:65,00:A0:BA,00:0D:B9</mac_deny>
<tftp/>
<ldap/>
<nextserver/>
<filename/>
<rootpath/>
<numberoptions>
<item>
<number>66</number>
<type>string</type>
<value>Imh0dHA6Ly8xMC4xMC4xMDAuMTAwL2FwcC9wcm92aXNpb24vIg==</value>
</item>
</numberoptions>
<ddnsdomainprimary/>
<ddnsdomainkeyname/>
<ddnsdomainkey/>
<filename32/>
<filename64/>
<pool>
<range>
<from>10.10.100.1</from>
<to>10.10.100.99</to>
</range>
<descr><![CDATA[Yealink Phones]]></descr>
<defaultleasetime/>
<maxleasetime/>
<netmask></netmask>
<gateway/>
<domain/>
<domainsearchlist/>
<ddnsdomain/>
<ddnsdomainprimary/>
<ddnsdomainkeyname/>
<ddnsdomainkey/>
<mac_allow>00:15:65</mac_allow>
<mac_deny/>
<tftp/>
<ldap/>
<nextserver/>
<filename/>
<filename32/>
<filename64/>
<rootpath/>
<numberoptions>
<item>
<number>66</number>
<type>string</type>
<value>Imh0dHA6Ly8xMC4xMC4xMDAuMTAwL2luc2lkZS1zdWItcG9vbC9vcHRpb242NiI=</value>
</item>
</numberoptions>
<ntpserver>10.10.100.254</ntpserver>
</pool>
<staticmap/>
<ntpserver>10.10.100.254</ntpserver>
</opt8>

The critical point is that this settings are not reflected in the dhcpd.conf, which still looks like this:

option custom-opt8-2 code 66 = string;
<------------------------cut------------------------<
subnet 10.10.100.0 netmask 255.255.255.0 {
pool {
deny members of "001565";
deny members of "00A0BA";
deny members of "000DB9";
range 10.10.100.110 10.10.100.150;
}

pool {
allow members of "00A0BA";
range 10.10.100.102 10.10.100.103;
}

pool {
allow members of "000DB9";
range 10.10.100.100 10.10.100.101;
}

pool {
allow members of "001565";
range 10.10.100.1 10.10.100.99;
*}*

option routers 10.10.100.254;
option domain-name-servers 10.10.100.254;
option ntp-servers 10.10.100.254;

option custom-opt8-0 "http://10.10.100.100/general-provision-path/";
}

It seems that all other options are ignored as well. Setting ntp-server, dns-server and so forth is not working inside "Sub-"Pools. The values can be set, but dhcpd.conf is not updated accordingly.
Wit the above mentioned settings the hardware does get the proper IP-Address, dependant on the MAC, but all other DHCP options cannot be found in dhcpd.conf, and are as consequence not serverved during a dhcp request.

I've added a high priority to this issue, since the work & configuration flow of PFsense is in a way that the user will expect that the options are set correctly and served properly.

Many thanks in advance for your help!

Best regards,
Harald Gutmann

Actions

Also available in: Atom PDF