DHCP

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

The Dynamic Host Configuration Protocol (DHCP) is the de-facto protocol for IP address auto configuration of devices. We support multiple DHCP clients, servers and relays.

DHCPv6

This article is about DHCPv4. For DHCPv6, please see IPv6.

DHCPv4

In order to have several DHCP clients, and mixes of static and automatic addressing, our implementation works by having the backend read the dhclients' lease files, rather than having the client do the configuration directly. It also makes distribution of lease information such as DNS servers to other processes easier for the backend. Therefore, we use OpenBSD 5.2's dhclient[1] (because newer versions deprecated the script option).

The DHCP server was originally written by ISC, and reworked by OpenBSD. One server is started on multiple interfaces. Our syntax automatically calculates subnets, excludes reserved hosts, and uses the system's DHCP settings. It supports various settings, as well as vendor extensions. If you need to configure additional settings, consider using a stand-alone DHCP server, or use skeleton files (to edit dhcpd.conf[2]).

Client

The DHCP client is configured per interface, like

interface em0 {
  dhcp-client
}

It's possible to combine static-addresses and a DHCP client on the same interface. If you don't want to accept any of the options (router, name-server or search-domain) from the DHCP client, it's possible to explicitly specify which you do want. In this given example only router and name-server is requested.

interface em0 {
  dhcp-client {
    request router
    request name-server
  }
}

Settings received from a DHCP client are treated the same as configured values and will be redistributed by the DHCP server and VPN server.

Server

The DHCP server is configured per interface. If no settings are given, all non-given values are calculated from the configured subnet and the system's default settings for name-servers and search-domain if not overridden by explicitly specified.

interface em1 {
  address 192.168.0.1/24
  dhcp-server
}

In this example a different set on name-servers than the systems default (system { dns {) are given to DHCP clients. Some options are supported, such as the vendor extension "43".

interface em1 {
  address 192.168.0.1/24
  dhcp-server {
    name-server 192.168.0.1
    option 43 0x...
  }
}

Reserved addresses

It's possible to reserve a fixed address for a specific host (usually identified by link-layer/MAC address) using the host statement to a dhcp-server. This is sometimes referred to as static allocation or IP reservation by other vendors. If using the web administration, select a DHCP server on the Network > DHCP server page, and press the "Add reserved" button.

dhcp-server {
  host "foo" {
    ll-address aa:bb:cc:dd:ee:ff
    address 1.2.3.4
  }
}

Relay

A DHCP relay may be configured per interface, a server is required. option 82 may be specified to include relay agent information.

interface vlan1 {
  dhcp-relay {
    server 10.2.1.1
  }
}