1

I have a freeradius v3 running on my raspberry pi together with pihole. I have a external NGFW acting as a DHCP Server.

I want the freeradius to "forward" all DHCP requests to the firewall, to do so I wanted to configure it as a dhcp relay like in the docs -> https://freeradius.org/documentation/freeradius-server/4.0~alpha1/raddb/sites-available/dhcp.relay.html . My config /etc/freeradius/3.0/sites-available/dhcp.relay looks like this:

# -*- text -*-
######################################################################
#
#       This is a virtual server that handles DHCP relaying
#
#       Only one server can listen on a socket, so you cannot
#       do DHCP relaying && run a DHCP server at the same time.
#
######################################################################

server dhcp.eth1 {
        listen {
                ipaddr = *
                port = 67
                type = dhcp
                interface = eth1
        }

        #  Packets received on the socket will be processed through one
        #  of the following sections, named after the DHCP packet type.
        #  See dictionary.dhcp for the packet types.

        dhcp Discover {
                &control.Relay-To-IP-Address := 10.10.1.1
                &request.Gateway-IP-Address := 10.10.1.10
                ok
        }
        dhcp Request {
                &control.Relay-To-IP-Address := 10.10.1.1
                &request.Gateway-IP-Address := 10.10.1.1
                ok
        }
}
  • 10.10.1.10 is the ip of the pihole/freeradius
  • 10.10.1.1 is my ip of ngfw/dhcp server

My clients however do not get a DHCP lease.

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Wi-Fi 6 AX201 160MHz
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a6bf:884b:a8af:d632%21(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.93.98(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 140565902
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-B1-E8-CA-B4-45-06-33-F1-7A
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

If I manually set a static ip on the clients I can ping/connect to my network and wan. Anyone got any ideas?

Improve this question
5
  • Do you have packet traces showing what gets sent? What does your logs show?
    – vidarlo
    Commented Apr 27 at 17:43
  • I found a corresponding logs from the AP I was testing from with the ip 10.10.1.5: root@raspberrypi:/var/log/freeradius/radacct/10.10.1.5# cat detail-20240429
    – Trauti
    Commented Apr 29 at 9:10
  • Acct-Status-Type = Start Acct-Authentic = RADIUS User-Name = "Trauti" NAS-IP-Address = 10.10.1.5 NAS-Identifier = "7e83c22e36ef" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Calling-Station-Id = "8C-7A-AA-50-9F-5B" Connect-Info = "CONNECT 0Mbps 802.11b" Acct-Session-Id = "7E0EA18890AFEFA0" Mobility-Domain-Id = 62201 WLAN-Pairwise-Cipher = 1027076 WLAN-Group-Cipher = 1027076 WLAN-AKM-Suite = 1027075 WLAN-Group-Mgmt-Cipher = 1027078 Acct-Delay-Time = 0 Acct-Unique-Session-Id = "censored" Timestamp = 1714381557
    – Trauti
    Commented Apr 29 at 9:12
  • It gets a Acct-Status-Type = Start, then Stop, Start again and so on.. The Mac of the Client is within the "Calling-Station-Id" in the Stop Part of the logs..
    – Trauti
    Commented Apr 29 at 9:14
  • Please edit your question to add new information. Format logs with the {}-button. That way formatting will be preserved.
    – vidarlo
    Commented Apr 29 at 9:15

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .