3

I'm currently segmenting our network in various subnets. We already have a DHCP server as a part of our Active Directory (Server 2012). I want to use this server for all subnets so I need to work with a DHCP Relay Agent.

The Network is going to be segmented by a pfSense Firewall which has the ability to relay DHCP Requests built in. I did configure a second scope in the DHCP Server for our test network and created a guideline which limits this scope to request that are relayed with the circuit-id (DHCP option 82) that is assigned to the port on my firewall.

Initially the packages were dropped because broadcast traffic isn't shared between the networks. I then created a firewall rule to allow traffic on port 67 and 68 to be forwarded. After I added this rule the packets now get relayed to the DHCP Server correctly but the DHCP Server simply does not respond. There is a reservation for my test client and the mac address is also whitelisted in the filters. I also added the remote address of the Agent to the whitelist in the windows firewall.

Does anybody have an idea where I did fail this?

davidb
  • 246
  • 1
  • 5
  • 16
  • Did you look at log files or Network monitor to confirm that DHCP server is not responding? – Sergei Jun 29 '16 at 13:43
  • I did run wireshark on the DHCP Server and I can see the packets comming in... but no answers going back – davidb Jun 29 '16 at 13:48
  • ok, and what about DHCP server logs? – Sergei Jun 29 '16 at 14:12
  • Nothing at all only informs. Now it gets weird I remoived the guideline and added the test hosts mac to the reservation list of the new scope but even when I plug it directly into our existing network the host won't get a lease o.O – davidb Jun 29 '16 at 14:20
  • This just started happening to me today. Worked flawlessly for years. Just today. I haven't rebooted the server in several weeks, so it's not like an update was just applied. Wireshark shows me a targeted udp packet is received via relay, but the DHCP server does not respond to it. Only to DHCP requests on the same LAN. Audit log doesn't even acknowledge the packet. – Brain2000 May 08 '17 at 15:08
  • I found the issue. Turned out that a PPTP connection added a route to the server which caused it to blackhole all the local vlans, that caused it to attempt to go to the wrong gateway. – Brain2000 May 08 '17 at 15:32

0 Answers0