I have a machine (lets call it device) that has an ipsec connection (VPN) to another machine (call it gateway). The device is tunnels to the gw through a virtual interface vti0 and everything works correctly for the most part. On the side of the gw I have a dhcp server which I have configured to assign an ip (in the net 11.2.0.0/16) to one of the virtual machines hosted on the device. The particular virtual machine is accessed through the mgmt0 interface on the device.
Device's vti0 (172.13.14.2) === tunnel === GW (192.168.122.2)
vti0 ip is 172.13.14.2
mgmt0 ip is 11.2.0.1
virtual machine MAC address is fa:16:3e:4f:e6:64
DHCP Server ip 192.168.122.10
GW ip 192.168.122.2
DHCP Server configuration:
subnet 11.2.0.0 netmask 255.255.0.0 {
range 11.2.0.2 11.2.255.254;
option routers 11.2.0.1;
}
subnet 192.168.122.0 netmask 255.255.255.0 {
option routers 192.168.122.2;
option subnet-mask 255.255.255.0;
range 192.168.122.11 192.168.122.255;
}
host mgmt-node {
hardware ethernet fa:16:3e:4f:e6:64;
fixed-address 11.2.0.2;
}
So, I have set up a DHCP relay on the device that sends the DHCP requests to the server, but doesn't send a response back.
DHCP relay configuration:
# What servers should the DHCP relay forward requests to?
SERVERS="dhcp-server"
# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests?
INTERFACES="mgmt0 vti0"
# Additional options that are passed to the DHCP relay daemon?
OPTIONS=""
The requests go like this.
DHCPDISCOVER
Virtual machine request > Device relay
Device relay > GW
GW > DHCP Server
DHCPOFFER
DHCP Server > GW
GW > Device relay --- Stops
DHCP Server log:
авг 08 10:07:40 dhcpserver-Standard-PC-i440FX-PIIX-1996 dhcpd[3328]: DHCPDISCOVER from fa:16:3e:4f:e6:64 via 11.2.0.1
авг 08 10:07:40 dhcpserver-Standard-PC-i440FX-PIIX-1996 dhcpd[3328]: DHCPOFFER on 11.2.0.2 to fa:16:3e:4f:e6:64 via 11.2.0.1
The last place I can see the packet is on the device's vti0 interface being received.
From the journalctl log I see that the DHCP relay says: Aug 08 07:28:39 ipsec-client-automation sh[19208]: Forwarded BOOTREQUEST for fa:16:3e:4f:e6:64 to 192.168.122.10 Aug 08 07:28:39 ipsec-client-automation sh[19208]: Attempt to decode hw header for Pure IP Aug 08 07:28:39 ipsec-client-automation dhcrelay[19208]: Attempt to decode hw header for Pure IP
I could not find any information on what does "Attempt to decode hw header for Pure IP" mean, but it stops after that and I can't find advanced debugging for the DHCP relay, any ideas ?.
If anyone could give any advice, I'd appreciate it.