Yesterday I installed openWRT for the first time. I did this, for QoS. OpenWRT has CAKE - Common Applications Kept Enhanced. Something that blew my mind when I turned it on. This is so good that I think I'm in love with it.
However, the problem is I tried to configure the DHCP server the way it's presented in the GUI but I couldn't get it to work. It just doesn't hand out leases. Nor does the DNS portion on openWRT itself work. I'm running on x86_64. 18.06.# latest in its branch.
Maybe I was doing something wrong, but I did look at the docs on how to configure it, and I couldn't figure it out. I'll have to get back to it later if someone wants to help me troubleshoot it? But it looks easier to just replace it because I don't need the DNS features it offers.
Thus, I'm asking advice, what alternative solutions would you recommend for a DHCP server? I already have a DNS server separately setup in the network that is running on its own physical hardware. All the other firewalls are using it.
My current topology is a little overkill for what I wanted from OpenWRT. I have 3 firewalls. Because I couldn't get it to serve DHCP, I restated my internal LAN firewall.
Internet ---- | pfSense (NAT + FW) ---- OpenWRT(QoS) ---- pfSense(DHCP + FW) | ---- LAN
All the firewalls/routers are running in VMware ESXi. I have a 500/500 network capped at 450/450 with CAKE. It runs fine, perfectly to be honest. It's too good. CAKE brings me back the memories of the latencies I felt back in 2006 (ADSL days with low bufferbloat), it's so good :). But the CPU utilization is 90% during speedtests.
The hardware is my old gaming PC from 2014. i5-3570k with some 16GB of RAM. It will do the job in this configuration but given the possibility to relieve it, I'd eliminate the internal firewall.
TL:DR: Any advice on an alternative to dnsmasq for a DHCP server?
Thanks for reading.
OpenWrt has odhcpd as well I think, which by default only handles IPv6 but should be able to do IPv4 as well. But dnsmasq should work just fine. You're better off looking at the config files themselves - e.g. /etc/config/dhcp.
BTW, any reason you're running an old version? Especially on x86_64 just stick with latest stable (19.07.3).
19.07.3 didn't have the sqm package available in its repos when I tested in a vm before I installed it. Thus I chose the older revision.
Before recommending an alternative, one should know what are your needs that DNSMASQ does not cover. So far, you only explained that you could not make it work, but it does work for many people.
I would try to solve the issues you encountered first.
I need it to do DHCP by serving a /24 range for 6 interfaces with a custom DNS address.
1 of them goes to a wifi AP. Another to my personal computer, another to a server VLAN and then kubernetes cluster components.
After testing with the GUI, it didn't hand them out, in fact if I recall correctly it didn't even work at all. (I'm at work, will have to get home to check). As in, it wasn't even running work. Which by the startup tab, it was. And according to the processes, also was. ps aux confirmed it too. Nothing was listening on the appropriate port though. So that was weird.
On the PC VLAN, it didn't answer to DHCP requests at all. Nothing came back. Tested with Wireshark.
On the WiFi VLAN, the iPhone got this address after mucking about a bit. 192.168.0.100/24. Which was incorrect since the assigned range was 192.168.10.0/24. At the very first tests, it didn't get any IP at all. And after messing with the GUI settings. It later started getting the 0.100, so something started working but it was bugged?
I'm not familiar with dnsmasq syntax so I didn't want to get into the configuration files just yet. It looks overly complicated for something that could be a lot simpler. And I can understand that I suppose, since it has more features than just DHCP.
However, I don't need DNS from it, all I want is a DHCP server.
I actually need NTP from this router too, but that wasn't working either now that I recall.
All the firewall rules are removed and default policies are set to ACCEPT on all chains.
This should leave at least some error in the dnsmasq log:
/etc/init.d/log restart; /etc/init.d/dnsmasq restart; sleep 5; logread -e dnsmasq
See also: [Workaround] GL-AR150: No DHCP if LAN cable is not plugged during boot
I don't have time to dismantle the network tonight.
I'll try and get it back to working by friday. I need the network alive for the time being.
I'll see what I can get out of the logs once I get to it. Thanks for the advice.
I did not see anything there that could not be done with DNSMASQ, everything seems pretty ordinary. I would try to debug the issue: follow @vgaetera advice and watch the logs, and post here your config files.
It's all there, both the SQM packages and the LuCI frontend:
Opkg can pull those in for you as well of course. So not sure at which point you checked it.
Interesting. The package manager targeted a different URL and in that directory sqm was missing.
EDIT: This is the URL I think it targeted: https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/packages/
And in that directory, sqm is missing. Initial misconfiguration? I'll have to check if I can mod it to get the proper package. I'll try and see if I can fire up another test VM and see if it actually manages to install it, tomorrow.
The link you have is what's in the OpenWrt 'core' I believe. The link I gave contains all the packages from the feeds (maintained on GitHub).
Seems so indeed.
I'll give this a run for the money tomorrow. Maybe 19.07's dnsmasq doesn't surprise negatively either, might actually fix the problem I have that way.
I'll have to do the sqm install the old fashioned way. CLI, targeting the correct URL manually. And if that works, which I don't see any reason not to, then I'll move over to the new version :).
I don't know what to say.
Today I just clicked install and it installed. All the SQM features are in place, and dnsmasq is working properly. This is with 19.07.3, latest. I don't know what happened 2 days ago when I was first installing this version that I couldn't get SQM online.
Could be the corporate proxy bit something off and left me the impression that the URL was unreachable/wrong/or something else, that made me switch to 18.06.
Either way, it seems clear that the latest version is rocksolid. I'll probably replace my internal firewalls tonight, see how it goes.
Didn't even have to meddle with manual downloads.
Yeah, installing 19.07. It all works. Dnsmasq has some quirks I'm not used to but the basic functionality is operational and my topology is now:
Internet --- | pfSense(NAT +FW) - OpenWRT(QoS) | --- LAN (7 interfaces)
I guess that's that. Awesome, managed to cut a lil' over 10% in peak CPU utilization with it.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.