Odhcp as ipv4 dhcp server - limit interfaces

micclass · September 15, 2021, 12:32pm

Hello,

I am using odhcp full as ipv6 AND ipv4 dhcp server and unbound instead of the dnsmasq.
odhcpd is: odhcpd - 2021-07-18-bc9d317f-3

My external Internet is provided by a DSL Line through a Zyxel Modem (Vigor 167). I do get my external IP via DHCP.

When I do run odhcp as ipv4 dhcp server my external interface ("WAN") does get the IP from the internal IP address pool (as the odhcp seems to be faster than the DHCP server from my service provider). If I do temporarily stop odhcpd, then bring the WAN interface down and up again, I do get the correct external IP. I can bring up odhcpd then again. But this manual workaround obviously fails in case of a reboot of the OpenWRT router. (Raspberry Pi 4 in this case)

I have configured the wan interface with dhcp "ignore" in /etc/config/dhcp

config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'

So my expectation was that odhcp should not offer IP to the WAN interface. Unfortunately this does not seem to be true.

Am I doing something wrong or is this a bug?

Cheers,
Michael

trendy · September 15, 2021, 12:59pm

I don't see the ignore option in odhcpd readme. Maybe the dhcpv4 option in line 83 should be disabled instead for the wan interface.

micclass · September 15, 2021, 1:09pm

Thank you,

tried that too with no differrent behavior:

option dhcpv4 'disabled'

Cheers,
Michael

trendy · September 15, 2021, 1:15pm

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export dhcp; \
netstat -lnp

micclass · September 15, 2021, 1:27pm

{
	"kernel": "5.4.143",
	"hostname": "router",
	"system": "ARMv8 Processor rev 4",
	"model": "Raspberry Pi 3 Model B Rev 1.2",
	"board_name": "raspberrypi,3-model-b",
	"release": {
		"distribution": "OpenWrt",
		"version": "21.02.0",
		"revision": "r16279-5cc0535800",
		"target": "bcm27xx/bcm2710",
		"description": "OpenWrt 21.02.0 r16279-5cc0535800"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '<removed>/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	option stp '1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.99.1'
	option netmask '255.255.254.0'
	option ip6assign '60'
	option stp '1'
	list dns_search '<removed>'

config device
	option name 'eth1'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option hostname '<removed>'
	option clientid '<removed>'

config interface 'wan6'
	option proto '6in4'
	option username '<removed>'
	option peeraddr '<removed>'
	option ip6addr '<removed>'
	option password '<removed>'
	option tunnelid '<removed>'
	list ip6prefix '<removed>/48'
	list ip6prefix '<removed>/64'

config interface 'wg0'
	option proto 'wireguard'
	option private_key '<removed>'
	option listen_port '<removed>'
	list addresses '10.99.1.1/24'
	list addresses 'fd99:99:1:1::1/64'
	option device 'eth1'

config wireguard_wg0
	option public_key '<removed>'
	option description '<removed>'
	option preshared_key '<removed>'
	option route_allowed_ips '1'
	list allowed_ips '10.99.1.2/32'
	list allowed_ips 'fd99:99:1:1::2/128'

config route
	option interface 'lan'
	option target '192.168.98.0'
	option netmask '255.255.255.224'
	option gateway '192.168.99.10'

package dhcp

config dhcp 'lan'
	option interface 'lan'
	option dhcpv4 'server'
	option start '128'
	option limit '96'
	option force '1'
	option leasetime '1h'
	option ra_management '2'
	option ndp 'hybrid'
	option ra 'server'
	option dhcpv6 'server'
	list domain '<removed>'
	list ra_flags 'other-config'
	list dhcp_option '6,192.168.99.1'
	list dhcp_option '6,fd99:99:1::1'
	list dns 'fd99:99:1::1'

config dhcp 'wan6'
	option ndp 'relay'
	option interface 'wan6'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ignore '1'
	list ra_flags 'none'

config dhcp 'wan'
	option interface 'wan'
	option dhcpv4 'disabled'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option leasefile '/tmp/hosts/odhcpd'
	option loglevel '4'
	option maindhcp '1'
	option leasetrigger '/usr/lib/unbound/odhcpd.sh'

config host
	option dns '1'
	option mac '52:54:00:80:7c:94'
	option name 'ubuntuserver01'
	option ip '192.168.99.103'


Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1492/uhttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      2621/unbound
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      2621/unbound
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1408/sshd -D [liste
tcp        0      0 192.168.99.1:8088       0.0.0.0:*               LISTEN      10801/asterisk
tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN      2621/unbound
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1492/uhttpd
tcp        0      0 0.0.0.0:5060            0.0.0.0:*               LISTEN      10801/asterisk
tcp        0      0 :::80                   :::*                    LISTEN      1492/uhttpd
tcp        0      0 :::53                   :::*                    LISTEN      2621/unbound
tcp        0      0 :::53                   :::*                    LISTEN      2621/unbound
tcp        0      0 :::22                   :::*                    LISTEN      1408/sshd -D [liste
tcp        0      0 ::1:8953                :::*                    LISTEN      2621/unbound
tcp        0      0 :::443                  :::*                    LISTEN      1492/uhttpd
udp        0      0 0.0.0.0:16126           0.0.0.0:*                           -
udp        0      0 0.0.0.0:5060            0.0.0.0:*                           10801/asterisk
udp        0      0 192.168.99.1:4569       0.0.0.0:*                           10801/asterisk
udp        0      0 0.0.0.0:53              0.0.0.0:*                           2621/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           2621/unbound
udp        0      0 0.0.0.0:67              0.0.0.0:*                           596/odhcpd
udp        0      0 :::16126                :::*                                -
udp        0      0 fd99:99:1::1:4569       :::*                                10801/asterisk
udp        0      0 :::547                  :::*                                596/odhcpd
udp        0      0 :::53                   :::*                                2621/unbound
udp        0      0 :::53                   :::*                                2621/unbound
udp        0      0 :::123                  :::*                                2760/ntpd
raw        0      0 ::%2533610240:58        :::*                    58          596/odhcpd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING      17780 10801/asterisk      /var1/run/asterisk/asterisk.ctl
unix  2      [ ACC ]     STREAM     LISTENING        244 249/ubusd           /var/run/ubus/ubus.sock

trendy · September 15, 2021, 1:42pm

I would add

option dhcpv4 'disabled'
option dhcpv6 'disabled'

under both wan and wan6. Also remove all the unnecessary options from wan6, like start, limit, ndp, etc.

micclass · September 15, 2021, 1:58pm

Did the suggested changes with no difference.

Cheers,
Michael

trendy · September 15, 2021, 2:16pm

A couple of things that might help are to ignore DHCP requests with a static lease and use ignore in the ip field, or disable dynamic DHCP dynamicdhcp 0. By not assigning static lease for the mac of the wan interface, no IP will be assigned.

vgaetera · September 15, 2021, 2:34pm

Actually DHCP, DHCPv6, RA and NDP should be disabled by default:

github.com

openwrt/odhcpd/blob/16667699228101fda936068e3d11c0cf19270e34/src/config.c#L199-L205

    
      
          static void set_interface_defaults(struct interface *iface)
          {
          	iface->ignore = true;
          	iface->dhcpv4 = MODE_DISABLED;
          	iface->dhcpv6 = MODE_DISABLED;
          	iface->ra = MODE_DISABLED;
          	iface->ndp = MODE_DISABLED;

By the way, 192.168.99.1/255.255.254.0 looks weird.
It makes me think that your subnets may overlap.

micclass · September 15, 2021, 2:43pm

So does that mean that I cannot disable dhcpv4 on the wan interface?
I tried the options and they did not help.
So maybe I have to go back to dnsmasq instead of odhcpd/unbound. Too bad ...

micclass · September 15, 2021, 2:59pm

Sorry I have changed that to hide my original IP Adresses. Yes "99" would not work should be an even number (and is in reality ...)