0

First of all, I'm a newbie in networks, so, maybe somewhere there is an answer for my question, but I failed to find an answer.

Well, I have a lot of devices what has an Internet connection. I want to connet all of them into one network using VPN technologies. I use tinc-vpn to solve my needs and I want to use DHCP to configure my network.

The problem is here: I've successfully configure DHCP server and it serve all connected devices well, but when I reset device it obtain new address from DHCP.

As I understand when device become online it sends special broadcasting request into network what contains device's MAC. DHCP process what request and send response with network configurations back to device. Well, ifconfig up virtual interface for VPN on device and assign random MAC to it. Whats why I always get random IP. I think if I ask ifconfig to assign MAC address of physical network to the virtual interface I'll resolve my problem. Is it possible? If not how can I resolve my problem? I would not bother about this if DHCP IP pool was very big, but it serve only 250 devices, and device became offline very often.

Thanks in advance.

Improve this question
2
  • Have you considered assigning DHCP leases based on hostname and/or client ID (DUID)?
    – grawity_u1686
    Commented Aug 20, 2016 at 9:15
  • I think, I can't configure devices hostnames, so I will use client's ID. Thanks for reply, I didn't know about this configurations... DHCP leases is something like database what stores assigned addresses?
    – ArhiChief
    Commented Aug 20, 2016 at 9:31

3 Answers 3

Reset to default
2

Thanks everyone for response.

I think I found an excellent solution, without DHCP. It's based on calculating unique static IP address using physical MAC address of the device.

In my solution I will use /16 subnet (10.1.0.0, for example). So, for all devices I have to calculate last 2 octets of IP. For my calculations I use CRC-16 hash function on real MAC address of the device. In the result I'll get 2-byte integer what contains IP address octets.

An example. The MAC address of device is 22-23-B2-72-99-3A. CRC-16 of the MAC will be 0x2e49. 0x2e == 46 and 0x49 = 73, so, the device IP will be 10.1.46.73.

Pros:

  • No DHCP;
  • Already known, permanent and unique IP of the device for all networks.

Cons:

  • Collisions of the CRC-16 for MAC (two devices in one subnet with same IP but with different MAC). But the probability of the situation is negligible, I think.

Any suggestions and criticism are welcome.

Improve this answer
1

To answer the title: It is possible to set same MAC on two interfaces, but it can lead to some networking issues or just unexpected behavior.

There are four ways (i'm aware of) to solve your problem:

  1. As grawity suggested: reserve ip address on DHCP server for specific hostname.
  2. After the virtual network device is created, assign it specific MAC address. On linux this can be automated with script.
  3. Request specific IP address with your DHCP client. To make this reliable, you should make DHCP lease duration quite short (like 5 minutes or 1 hour, depending on your vpn login frequency), so the requested IP isn't still occupied by an active lease.
  4. As your VPN gateway is unlikely to change often, you could use static IP setup. You want that ip at all times - why bother with DHCP then? Make the DHCP ip range smaller and use part of the freed space for static IPs...

Edit:

So the script is run multiple times to automate creation of new devices. In that case you can either compute the IP (or MAC) from device name. Example:

PREFIX='tap'
DEV_NUM=${INTERFACE#$PREFIX}
# it's good idea to increment, because devices usually number from 0
# and ip ending with .0 and .1 generally shouldn't be used by a client
DEV_NUM=$(($DEV_NUM+2))
ifconfig ${INTERFACE} 10.0.1.${DEV_NUM} netmask 255.255.0.0
MAC_NUM=`printf "%02d\n" ${DEV_NUM}`
ip link set dev ${INTERFACE} address ba:df:ace:00:00:${MAC_NUM}

Or mantain file assigning IP to device name. Example:

ADDRESS_MAP='/etc/vpn-ip-mapping.conf'
while IFS='='; read -ra line; do
  if [ "${line[0]}" == "${INTERFACE}" ]; then
    IP_ADDRESS=${line[1]}
    ifconfig ${INTERFACE} ${IP_ADDRESS} netmask 255.255.0.0
    break
  fi
done < ${ADDRESS_MAP}
Improve this answer
6
  • One question on poin 2. Do you offer me to generate a random MAC address on device's first start, store it some where on device and assignt to the virtual interface every time this interface created? Good idea, I think.
    – ArhiChief
    Commented Aug 20, 2016 at 9:42
  • Yeah that's the idea - generate (or just think up your own) MAC and save it. Assign it to the virtual device each time it is started or created. Now the exact method will depend on your OS and method you connect - manually run script? -> easy. System service? -> should be easy. Some automated graphical network management tool like Windows has? -> Can be tough to set up.
    – Marek Rost
    Commented Aug 20, 2016 at 9:50
  • Cool. I don't think what it will be a problem. But I have next question: then tinc creates VPN it's run special script what contains ifconfig command. In my tests I just assign special address to created interface and when ask dhcp client to configure network. But I think assigning IP by hands is bad idea because it will be the situation when several devices starts dhcp client at same time :(
    – ArhiChief
    Commented Aug 20, 2016 at 9:58
  • Assigning ip by hand without dhpc (static) is the best solution in my opinion. There are only two things need to be done: 1. You need to have some ip addresses that aren't available for DHCP - this is configured in the DHCP server. 2. As this is manual, you musn't give same IP to another device on the VPN (manually, DHCP clients won't take it because of 1.)
    – Marek Rost
    Commented Aug 20, 2016 at 10:06
  • But in real life I can't assign IP address by hand then intrface became up. I can put into script command like ifconfig $INTERFACA 10.0.1.254 netmask 255.255.0.0, but I will get network errors when two ore more devices will execute this command, whats why I use DHCP.
    – ArhiChief
    Commented Aug 20, 2016 at 10:30
0

One more.

I found a problem why I can't recive configurations from my DHCP on device when connection established. The reason is that tinc-up or other scripts that tinc executes after creating tunnel are synchronous with tinc services, and my dhcp client exits by timeout before tinc make handshake.

To resolve this problem, I run dhcp client in background inside tinc-up script.

tinc-up script now looks like this:

#!/bin/sh

ifconfig $INTERFACE hw ether fe:fd:00:00:00:00 # set interface hw address to get same IP from leases every time, connection established

dhcpcd -w $INTERFACE & # start dhcp client parralel with handshake proccess of tinc
Improve this answer
2
  • Good to hear. If your linux uses systemd, you could probably resolve it without editing any scripts - just hook service startup in correct order. By the way i wonder how come this works - you set same hardware address (MAC) on all the interfaces...
    – Marek Rost
    Commented Aug 25, 2016 at 7:49
  • Some time it's works. But I decide to generate random MAC for interface at first device start up
    – ArhiChief
    Commented Aug 25, 2016 at 8:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .