Hi.
My Turris (1.0) has public IP and I have configured port forwarding. I forward port 443/TCP to my Windows Server - this server is also SSTP VPN server. But Turris is not assigning IP addresses to VPN clients even if I set on the server DHCP relay agent to Turris IP address (Turris address is 192.168.88.1)
Is there any setting on Turris allowing this?
Have you configured IP address range for the VPN clients? Is there a route from Turris to the VPN address range?
Can you investigate the logs, or even better, record the failed DHCP communication?
What IP address range? Clients should receive address from the same DHCP pool as local computers, or not? I would like to use the same subnet (192.168.88.0/24) for the VPN clients as well as local computers. And I thought that VPN clients will just get an address from Turris.
What log should I check on Turris?
When I check documentation for the role on Windows Server, it says “If the DHCP server is on the same subnet as the RRAS server, then you do not have to configure the DHCP relay agent. RRAS can find DHCP servers on the same subnet by using broadcast network packets.” So I don’t even need to configure the relay. But Turris is not providing any IP with relay nor without relay.
Here is described how it works https://technet.microsoft.com/library/e5c29a32-83f8-4e6a-b3b0-1ed9af557ba5.aspx - VPN server requests 10 addresses from DHCP server. Maybe this is the problem?
OK, in that case you don’t need relay at all. The only purpose of DHCP relay is to forward DHCP messages from different subnets. In case of bridged VPN, there is only single subnet which DHCP server serve directly.
/var/log/messages. There should be a line for each DHCP event.
OK, this looks like some sort of pseudo bridging. Is it possible to make it work without DHCP or with some internal Windows DHCP? That could help isolating the issue.
Yes, I can set static address pool directly on the VPN server (for example 20 addresses out of DHCP server scope) and I am able to connect. But I am wondering why it does not work with DHCP server on Turris.
Interesting messages that I found in the log on Turris
2016-12-07T12:11:32+01:00 info dnsmasq-dhcp[5507]: DHCPRELEASE(br-lan) 192.168.88.200 00:26:18:74:1e:ae unknown lease
2016-12-07T12:11:32+01:00 info dnsmasq-dhcp[]: Last message 'DHCPRELEASE(br-lan) ’ repeated 6 times, supressed by syslog-ng on Turris
2016-12-07T12:11:32+01:00 info dnsmasq-dhcp[5507]: DHCPRELEASE(br-lan) 192.168.88.200 00:26:18:74:1e:ae
2016-12-07T12:11:32+01:00 info dnsmasq-dhcp[5507]: DHCPRELEASE(br-lan) 192.168.88.200 00:26:18:74:1e:ae unknown lease
2016-12-07T12:11:33+01:00 info dnsmasq-dhcp[]: Last message 'DHCPRELEASE(br-lan) ’ repeated 1 times, supressed by syslog-ng on Turris
2016-12-07T12:11:39+01:00 info dnsmasq-dhcp[5507]: DHCPINFORM(br-lan) 192.168.88.31 00:a8:58:a6:ec:92:3c:6e:44:96:f8:da:d4:42:af:63:36
2016-12-07T12:11:39+01:00 info dnsmasq-dhcp[5507]: DHCPACK(br-lan) 192.168.88.31 00:a8:58:a6:ec:92:3c:6e:44:96:f8:da:d4:42:af:63:36 lukasb
192.168.88.200 is address of the server with SSTP VPN server
192.168.88.31 is address of my client computer connected to the VPN. But this address is assigned from the static address pool on the VPN server (192.168.88.30-50 and the first address is used for the server VPN interface).
Turris DHCP server pool is from 192.168.88.100 to 192.168.88.250.
Hi.
This issue has been solved. The problem was that Turris didn’t want to allocate new IP addresses to VPN clients because of DHCP reservation for server’s MAC address. When I set static IP configuration on the server and removed the DHCP reservation, VPN clients get addresses from DHCP server.