DCHP OFFER response going to relay address not to orginating address
Adam Nielsen
a.nielsen at shikadi.net
Sat Sep 10 23:46:26 UTC 2022
> I have a network that sits remote and with DHCP on the central site.
> DHCP DISCOVER is reaching the server and the server is responding.
> DCHP request source IP is 10.0.8.2 which is tunnel IP which is
> routable IP on the network but when DCHP responds it is responding to
> DHCP relay IP (192.168.1.1) which is not routable not reaching back,
> is there a way to instruct DHCP to route it back to source IP? Or is
> this not a valid scenario for the DHCP relay?
I am far from an expert but I believe the purpose of the DHCP relay is
precisely to change the source/reply IP of the DHCP messages.
In your case if you don't want the IPs to change, you don't want a DHCP
relay, and instead you want to instruct your router to forward the
broadcast DHCP packets over the VPN link as-is. This will cause your
DHCP server to see the packets come from the real remote IP/MAC, and it
will send responses there. However forwarding broadcast packets is
often problematic, and so not normally done. (Especially when you need
to preserve the source MAC address in the forwarded packet as you do for
DHCP, which might mean a Layer 2 VPN forwarding Ethernet frames rather
than a Layer 3 VPN routing IP packets.)
I think a significantly easier solution in your case is to put the DHCP
relay on an IP address accessible over the VPN link. That way the
packets will still all come from a single IP address, but the replies
will make it back over the VPN link where the DHCP relay can pass them
on to the remote host. This way you won't have to worry about all the
pitfalls that come with forwarding broadcast packets.
Cheers,
Adam.
More information about the dhcp-users
mailing list