DHCP-relay through VPN-tunnel on centrally managed DAIP-SMB

morris — Wed, 16 Mar 2022 09:35:33 GMT

Hey guys,

we are currently doing some PoC-stuff and started to have some issues regarding dhcp-relay.

Setup:

centrally managed DAIP-SMB
- WAN-Port configured as Internet
  - DHCP behind DSL-Router (DSL-Router is Gateway for SMB)
  - 192.168.x.x
- LAN1-Switch has 10.x.x.1/24
Management reachable through static-NAT on central Gateway

We configured everything described in this article. And its working!

If SMB is DHCP-Server for LAN1-Switch, all devices connected to LAN1-Switch can connect to central network.

We observe that logs of tunnel_test are either between
Cluster-GW -Public-IP <-> DAIP from DSL Router
or
WAN-Port-Address-192.168.x.x <-> Cluster-GW -Public-IP

If we configure dhcp-relay for LAN1-Switch the SMB uses its WAN-Port-Address-192.168.x.x. But we expect to use its LAN1-Switch address 10.x.x.1.

Also if we connect via ssh or serial console to 10.x.x.1 and ping devices on central site, it uses 192.168.x.x instead of 10.x.x.1

Did we miss something in the configuration or is this working as designed? Do you have some clue to solve this?

Regards,
Morris

Re: DHCP-relay through VPN-tunnel on centrally managed DAIP-SMB

PhoneBoy — Fri, 18 Mar 2022 16:54:24 GMT

I would assume we'd be using the IP of the interface nearest to the destination, which in this case would be the 192.168.x.x address.
As such, I expect this is working as designed.

Re: DHCP-relay through VPN-tunnel on centrally managed DAIP-SMB

Dan_Cannon — Sat, 21 May 2022 11:54:26 GMT

Under device, Advanced settings there is an option "DHCP Relay - Use internal IP addresses as source". Set this to true and this will fix the issue...

topic Re: DHCP-relay through VPN-tunnel on centrally managed DAIP-SMB in Spark Firewall (SMB)

DHCP-relay through VPN-tunnel on centrally managed DAIP-SMB

Re: DHCP-relay through VPN-tunnel on centrally managed DAIP-SMB

Re: DHCP-relay through VPN-tunnel on centrally managed DAIP-SMB