Virtual PC can´t get IP from DHCP (eve ng)

Simple lab below, why the virtual pc can not get IP from OpenWrt-1 DHCP server?

imagen

I am not a network guy and don´t know how to troubleshoot this. What I can say is:

  • Same lab but with a MikroTik router and VPC-1 gets IP
  • If I connect a second OpenWrt-2 router to OpenWrt-1 LAN, OpenWrt-2 receives IP from OpenWrt-1 DHCP server.

This is the console output from VPC-1 when trying to get IP

VPC-1> dhcp -d
Opcode: 1 (REQUEST)
Client IP Address: 0.0.0.0
Your IP Address: 0.0.0.0
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:02
Option 53: Message Type = Discover
Option 12: Host Name = VPC-1
Option 61: Client Identifier = Hardware Type=Ethernet MAC Address = 00:50:79:66:                              68:02

Opcode: 1 (REQUEST)
Client IP Address: 0.0.0.0
Your IP Address: 0.0.0.0
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:02
Option 53: Message Type = Discover
Option 12: Host Name = VPC-1
Option 61: Client Identifier = Hardware Type=Ethernet MAC Address = 00:50:79:66:                              68:02

Opcode: 1 (REQUEST)
Client IP Address: 0.0.0.0
Your IP Address: 0.0.0.0
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:02
Option 53: Message Type = Discover
Option 12: Host Name = VPC-1
Option 61: Client Identifier = Hardware Type=Ethernet MAC Address = 00:50:79:66:                              68:02


Can't find dhcp server

and this is what wireshark captured from VPC-1 etho port:

No. Time Source Destination Protocol Length Info
1 0.000000 0.0.0.0 255.255.255.255 DHCP 406 DHCP Discover - Transaction ID 0xd642f440

Frame 1: 406 bytes on wire (3248 bits), 406 bytes captured (3248 bits) on interface -, id 0
Ethernet II, Src: 00:50:79:66:68:02 (00:50:79:66:68:02), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)

No. Time Source Destination Protocol Length Info
2 0.001751 NexoCommunic_00:01:01 Broadcast ARP 42 Who has 192.168.1.229? Tell 192.168.1.1

Frame 2: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

No. Time Source Destination Protocol Length Info
3 1.000876 0.0.0.0 255.255.255.255 DHCP 406 DHCP Discover - Transaction ID 0xd642f440

Frame 3: 406 bytes on wire (3248 bits), 406 bytes captured (3248 bits) on interface -, id 0
Ethernet II, Src: 00:50:79:66:68:02 (00:50:79:66:68:02), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)

No. Time Source Destination Protocol Length Info
4 1.015040 NexoCommunic_00:01:01 Broadcast ARP 42 Who has 192.168.1.229? Tell 192.168.1.1

Frame 4: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

No. Time Source Destination Protocol Length Info
5 2.045443 NexoCommunic_00:01:01 Broadcast ARP 42 Who has 192.168.1.229? Tell 192.168.1.1

Frame 5: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

No. Time Source Destination Protocol Length Info
6 3.340567 192.168.1.1 192.168.1.229 DHCP 342 DHCP Offer - Transaction ID 0xd642f440

Frame 6: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: 00:50:79:66:68:02 (00:50:79:66:68:02)
Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.229
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)

No. Time Source Destination Protocol Length Info
7 3.341836 192.168.1.1 192.168.1.229 DHCP 342 DHCP Offer - Transaction ID 0xd642f440

Frame 7: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: 00:50:79:66:68:02 (00:50:79:66:68:02)
Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.229
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)

No. Time Source Destination Protocol Length Info
8 4.001316 0.0.0.0 255.255.255.255 DHCP 406 DHCP Discover - Transaction ID 0xd642f440

Frame 8: 406 bytes on wire (3248 bits), 406 bytes captured (3248 bits) on interface -, id 0
Ethernet II, Src: 00:50:79:66:68:02 (00:50:79:66:68:02), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)

No. Time Source Destination Protocol Length Info
9 4.003831 192.168.1.1 192.168.1.229 DHCP 342 DHCP Offer - Transaction ID 0xd642f440

Frame 9: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: 00:50:79:66:68:02 (00:50:79:66:68:02)
Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.229
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)

No. Time Source Destination Protocol Length Info
10 9.003835 NexoCommunic_00:01:01 00:50:79:66:68:02 ARP 42 Who has 192.168.1.229? Tell 192.168.1.1

Frame 10: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: 00:50:79:66:68:02 (00:50:79:66:68:02)
Address Resolution Protocol (request)

No. Time Source Destination Protocol Length Info
11 10.044282 NexoCommunic_00:01:01 00:50:79:66:68:02 ARP 42 Who has 192.168.1.229? Tell 192.168.1.1

Frame 11: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: 00:50:79:66:68:02 (00:50:79:66:68:02)
Address Resolution Protocol (request)

No. Time Source Destination Protocol Length Info
12 11.084011 NexoCommunic_00:01:01 00:50:79:66:68:02 ARP 42 Who has 192.168.1.229? Tell 192.168.1.1

Frame 12: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: 00:50:79:66:68:02 (00:50:79:66:68:02)
Address Resolution Protocol (request)

No. Time Source Destination Protocol Length Info
13 24.446340 fe80::250:ff:fe00:101 ff02::1 ICMPv6 174 Router Advertisement from 00:50:00:00:01:01

Frame 13: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::250:ff:fe00:101, Dst: ff02::1
Internet Control Message Protocol v6

No. Time Source Destination Protocol Length Info
14 563.442264 fe80::250:ff:fe00:101 ff02::1 ICMPv6 174 Router Advertisement from 00:50:00:00:01:01

Frame 14: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits) on interface -, id 0
Ethernet II, Src: NexoCommunic_00:01:01 (00:50:00:00:01:01), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::250:ff:fe00:101, Dst: ff02::1
Internet Control Message Protocol v6

This is the OpenWrt-1 config

root@OpenWrt-1:~# ubus call system board; \
> uci export network; \
> uci export dhcp; uci export firewall; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
{
        "kernel": "5.15.137",
        "hostname": "OpenWrt-1",
        "system": "Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz",
        "model": "QEMU Standard PC (i440FX + PIIX, 1996)",
        "board_name": "qemu-standard-pc-i440fx-piix-1996",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "x86/64",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd82:9d74:c09e::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth0'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Allow-LuCI-wan'
        list proto 'tcp'
        option src 'wan'
        option target 'ACCEPT'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 192.168.199.135/24 brd 192.168.199.255 scope global eth0
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
default via 192.168.199.2 dev eth0  src 192.168.199.135
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.199.0/24 dev eth0 scope link  src 192.168.199.135
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
local 192.168.1.1 dev br-lan table local scope host  src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local scope link  src 192.168.1.1
local 192.168.199.135 dev eth0 table local scope host  src 192.168.199.135
broadcast 192.168.199.255 dev eth0 table local scope link  src 192.168.199.135
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

Many thanks

Are the ports in your br-lan physical or virtual (or both)?

Can you run tcpdump on OpenWRT?

it´s eve-ng virtual environment so I guess all virtual

Thanks!

Not sure how to do that but I will investigate, thanks for the suggestion!

The problem is likely in your virtual machine settings.

Running openwrt in a virtual environment is harder than using it on bare metal (hardware). Also, you don’t usually need multiple ports bridged together unless those ports have different functions/mappings in the virtualization system.

Check your vm settings. And read the documentation about using virtualized openwrt

https://openwrt.org/docs/guide-user/virtualization/start

1 Like

In the diagram, you definitely need a bridge in the hypervisor to simulate an Ethernet cable between the lan port of the virtual OpenWrt and the lan port of the virtual PC. You could also bridge it out to a physical port on the host machine if you have an extra hardware port. Configuration of networking outside the VM guest (i.e. in the host / hypervisor) is beyond the scope of this forum.

@psherman If the problem is in my VM settings, why the VPC gets IP if I use a MikroTik router instead of the OpenWrt?. If the VM is the same, according to your explanation, shouldn´t the issue remain?

@mk24, What is the purpose of the bridge you are suggesting? As far as I know the existing connection between the router and the VPS should be enough for the last to get an IP.

As I said before, the VPC gets IP in the same scenario just replacing the OpenWrt router by a MiktoTik. VM settings and connections are the same.

I have been reading about DHCP process and it consists on 4 phases:

imagen

Please see below the console output from VPC-2 when asking for an IP to the MT

VPC-2> dhcp -d
Opcode: 1 (REQUEST)
Client IP Address: 0.0.0.0
Your IP Address: 0.0.0.0
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:04
Option 53: Message Type = Discover
Option 12: Host Name = VPC-2
Option 61: Client Identifier = Hardware Type=Ethernet MAC Address = 00:50:79:66:               68:04

Opcode: 2 (REPLY)
Client IP Address: 0.0.0.0
Your IP Address: 192.168.8.100
Server IP Address: 192.168.8.1
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:04
Option 53: Message Type = Offer
Option 51: Lease Time = 1800
Option 54: DHCP Server = 192.168.8.1

Opcode: 1 (REQUEST)
Client IP Address: 192.168.8.100
Your IP Address: 0.0.0.0
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:04
Option 53: Message Type = Request
Option 54: DHCP Server = 192.168.8.1
Option 50: Requested IP Address = 192.168.8.100
Option 61: Client Identifier = Hardware Type=Ethernet MAC Address = 00:50:79:66:               68:04
Option 12: Host Name = VPC-2

Opcode: 2 (REPLY)
Client IP Address: 192.168.8.100
Your IP Address: 192.168.8.100
Server IP Address: 192.168.8.1
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:04
Option 53: Message Type = Ack
Option 1: Subnet Mask = 255.255.255.0
Option 3: Router = 192.168.8.1
Option 6: DNS Server = 1.1.1.1
Option 51: Lease Time = 1800
Option 54: DHCP Server = 192.168.8.1

 IP 192.168.8.100/24 GW 192.168.8.1

and this is the wireshark capture where the dhcp 4 step process is completed

This is the wireshark capture for the OpenWrt router (VPC-1)

It seems that the dhcp server offers an IP but this is never requested by the VPC. According to this, I would say the issue is in the VPC dhcp client implementation. However, if that is the issue, why does it work with the MT router?

Thanks for your time.

Is it some kind of training excersises? Cant come up so wildly disparate problems on a weekend.

Didn’t you say that your openwrt router is a vm? The MikroTik is obviously real hardware, not virtualized.

A virtualized openwrt means you need to have the correct vm configuration for that specific vm. It can be tricky to do correctly depending on your vm host environment.

Apologies for the confusion. I thought the scenario was clear with the title and first post.

The only real hardware is the host where the Eve-ng virtual machine runs. Eve-ng is a popular platform for networking emulation. Different brands such as Cisco, Juniper, Fortinet or MikroTik provide the images that can be loaded within Eve-ng to create labs and make tests as if you have the real hardware.

Ok. But that doesn’t change the fact that the vm for openwrt must be properly configured. This is often the most difficult part of running a virtualized router. You need to verify that all the virtual interfaces are properly setup on the vm host side.

It seems port1 and port2 are swapped.....

@brada4 , what makes you think they are swapped? as stated in the 1st post, config is eth0 wan port while eth1/2/3 bridged lan. Wan is dhcp client and lan is dhcp server.

Well, other interfaces would happily respond to DHCP requests.
Since you did not state where pcap picture is from it is like 10:1 chance i am right.