REG: Fallback interface responding for each DHCPDISCOVER request

Ramachandra Kasyap kasyap.mr at gmail.com
Mon Jan 25 19:20:01 UTC 2010


Hi,


I am using DHCP 4.0.0b3. The normal scenario where DHCP clients connect and
are assigned IPs is fine. But I am facing an issue with the following
scenario:

I have an NCP secure entry client, which can work as a VPN client. It
connects to my Linux box (running dhcp server) using IPSec over internet and
then gets an IP assigned (the client already has an IP, the assigned IP goes
to a virtual interface - rfc 3456). The remote client then uses this IP to
communicate as if it is present in the server's local network. This is what
should happen. In my case, IPSec tunnel establishment is fine and then the
client is also sending DHCPDISCOVER packets every 5 seconds. But there is no
response from the server.

I have checked the decrypted packet, all the necessary details are fine
(source address, dst address, source port, dst port etc.) A bit of debugging
on the dhcp side showed that the select () in call in omapi_one_dispatch()
function in dispatch.c returns every 5 seconds. I checked the FD_ISSET
function to see only the descriptor corresponding to fallback interface
return (and then fallback_discard() from socket.c is getting called which is
discarding the packet). I went through some details related to fallback
interface and I understood that it is meant only for sending UNICAST packets
and it necessarily drops received packets as the duplicates of such packets
are assumed to reach the 'actual' interfaces.

Can anyone please let me know as to what might be the conditions that are
making these packets reach only the fallback interface and not any other
interface? I know there are dependencies (since there is also IPSec), but
can anyone please give me some inputs related to fallback interface..if I
can understand that it is because of some particular field(s), these packets
are going to fallback interface, may be I can tweak the packet contents
after decrypting to make them reach the proper interface.


Please correct me if I missed anything and thanks for reading such a long
mail!



regards,
Ramachandra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100126/047b3b40/attachment.html>


More information about the dhcp-users mailing list