I would like to push static routes for internal networks to all DHCP clients using dnsmasq.
You can see 2 such static routes examples for 172.20.0.0/16 and 10.0.0.0/8 below, where <router-ip-in-subnet> would need to be replaced by the IP of the default router in the subnet where the DHCP clients reside.
option:classless-static-route,172.20.0.0/16,<router-ip-in-subnet>,10.0.0.0/8,<router-ip-in-subnet>
If there are n sbnets, then for n subnets needs to be given the correct gateway ip. This is somewhat cumbersome.
For other DHCP options dnsmasq will replace 0.0.0.0 with the IP of the DHCP server, which is often what you want, e.g. because the same machine is also hosting the DNS server (see dnsmasq) and is also the correct gateway for the default route.
Example:
option:dns-server,0.0.0.0
Is there a similar trick for the static routes option to specify the gateway automatically without actually having to manually pick the right IP address?
As far as I know, dnsmasq's "dhcp-option" always translates "0.0.0.0" to the router's IP address.
On the other hand... I wonder why you need to do that, isn't the router the default gateway?
For this option 0.0.0.0 is not replaced by dnsmasq, it is written vanilla into the response. I checked with Wireshark.
The default route is not good enough if a host runs OpenVPN, which will provide a default route into the tunnel. Sure the static route could be written into the ovpn config, but that would mean to touch a lot of places. Not a fun activity.
I consider it more elegant to push the static routes using DHCP.
Did you try using the numerical value of the classless-static-route option (121)? It works for other options, perhaps it will work here, too.
By the way, how did you configure OpenVPN to use dnsmasq as a DHCP server? I've always seen it configured so OpenVPN does all the work.
I have not tried the byte format. I wonder how this would help: I would imagine that dnsmasq will not parse and replace anything in that format. Or does it? Any examples?
OpenVpn is not using dnsmasq in this case. It just adds a default route. Only link local routes are there normally, and would take precedence for link lokal access. But if you provide static routes for the other lokal networks these will take precedence over the default route that is added by openvpn. Makes sense?
I have seen you need TAP to use an external DHCP server, and my clients all use Android; thanks anyway.
So I have tested this and found that some of the formats below were parsing well and others did not. In those that did parse, in no format did dnsmasq replace 0.0.0.0 with the router IP! (verified using Wireshark)
Semantically all of the formats should be equivalent.
For the sake of documentation and to spare some users these experiments...
The following parse fine:
option:classless-static-route,172.22.0.0/16,0.0.0.0
121,172.22.0.0/16,0.0.0.0
option:classless-static-route,10:AC:16:00:00:00:00
121,10:AC:16:00:00:00:00
The following do NOT parse:
79:10:AC:16:00:00:00:00
option:classless-static-route,16,172,22,172,20,50,1
121,16,172,22,172,20,50,1
2 Likes