Topic: Problems with dhcpd dying plus No VPN

[larry007]

Using sme7.rc3.  All other services seems to work fine. But:

No VPN access and PC's don't pick IP via DHCP.

dhcpd seems to die/start/die this morning.  Since I configured all IPs in "hostnames" option, no pc picks up an IP or any other network setting. However, when I assigned the IPs statically, DNS such as 'mail' or 'proxy' doesn't resove - the FQDN does resolve though....  all other services seems OK.


ERROR examples taken on "service dhcpd status":  
run (pid 18303) 1 seconds, normally down
down 1 seconds, want up
down 0 seconds, want up
run (pid 18672) 0 seconds, normally down


Lets fix it:
- No other dhcp servers on LAN
- I checked out the /etc/dhcpd.conf and range is totally wrong!!
192.168.10.10 192.168.9.225 - last ip is totally wrong.
- Used the admin wizard to re-assign range - no avail, I can't seem to set that second ip to 192.168.10.19, no matter where I try to set it up.
- Looked in the templates and it refers to $endDynamicIPRange, but I have no idea what to use this info for. I presume that this value might be the problem, but where does it get set?

This machine is in production at my office (upgrade from 6 to new hardware) and I urgently need this resolved for VPN access - I presume the dhcp is part of the reason why VPN doesn't work?

Many thanks

[JonB]

From the console what does

Code: [Select]

db configuration show dhcpd

show

Jon

[larry007]

Thanks for the reply Jon.

Code: [Select]


#db configuration show dhcpd
dhcpd=service
    Bootp=deny
    end=192.168.10.19
    start=192.168.10.10
    status=enabled


That is correct to what I configured it to though, but its not what I see in /etc/dhcpd.conf.  The /etc/dhcpd.conf file clearly shows the same IPs as in the log file below, which is incorrect....


extract from dhcp log:

Code: [Select]


Address range 192.168.10.10 to 192.168.9.225, netmask 255.255.255.0 spans multiple subnets! If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the appropriate mailing list as described in the README file.
exiting.
Skipping /etc/e-smith/templates//etc/dhcpd.conf/.25R
ange.swp at /sbin/e-smith/expand-template line 45
Internet Systems Consortium DHCP Server V3.0.1
Copyright 2004 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Address range 192.168.10.10 to 192.168.9.225, netmask 255.255.255.0 spans multiple subnets!



What do I try next?

[JonB]

Ok, the dhcpd config looks ok so you need to do from console

Code: [Select]

/sbin/e-smith/expand-template /etc/dhcpd.conf
/sbin/service dhcpd restart


Hopefully /etc/dhcpd.conf should now be correct.

The 'normally down' is normal but you have 2 dhcpd processes running which is not normal.

See what it looks like after you have expanded the template and restarted dhcpd. You may need to reboot.

What is the history of the server? You say it was an upgrade from 6.0. did it have any contribs on it when it was upgraded.

Jon

[larry007]

Many thanks once again Jon

Will try that after work today so everyone can finish their work first (enough excitement for one day)  

History is a clean install on a new server, but couldn't wait for 7.0 full, so went ahead and installed, only copied the required data/mail as needed.

Will this then rectify VPN access as well??  Will post findings asap!!

[JonB]

I'm a bit worried about this in your log

Skipping /etc/e-smith/templates//etc/dhcpd.conf/.25Range.swp

Can you check /etc/e-smith/templates/etc/dhcpd.conf and check that there isn't a template fragment called .25Range.swp. If so remove it. There should be template fragment 25Range.

Jon

[larry007]

I got it solved!!

Since I used "hostnames" to asign IPs to MACs, I only left 10 DHCP IPs, not quite understanding how these were assigned with VPN.  Now I know.

In the /etc/dhcpd.conf there is a commented line right at the top stating the following:

Code: [Select]

# Addresses from 192.168.10.15 to 192.168.10.19 taken for PPTP sessions


That then leaves me with only 192.168.10.10 - 192.168.10.14 as usable DHCP IPs for normal LAN use - but this information is never stated anywhere, you need to make the sums!!

The problem occurred when I tried to VPN and couldn't access the server and thus increased the number of VPN sessions.  In that process I exceeded the number of IP's in my specified DHCP scope and thus the system presumed IPs an IP range not in existance, leading to this 'out of range' error.  What triggered this whole problem though, was the fact that an "admin" user created another hostname assigning 192.168.10.15 to it, flat bang in the middle of the DHCP scope, probably causing the initial problem not allowing me to VPN.  Guess who is getting an earful tomorrow?  

Nonetheless a very educational experience.

Very happy to have solved this problem - thanks for the help Jon!!!

SUMMARY:
Your VPN clients uses the last available IPs in your specified range; from the end IP working backwards.

[CharlieBrady]

But:

All problems should be reported via the Bug Tracker, and nowhere else.

Jon, please don't talk people through problems here. The only place for that process is in the bug tracker.

[larry007]

CharlieBrady,

When you experience a problem, how do you know when it is a bug or problem??  This was a configuration issue that only became apparent at the end of this thread.  IF Jon didn't assist me I probably wouldn't have discovered the problem in the first place.

I hate to say this,     but you may be slightly over reacting here.  I don't rate this as a bug, and if you do, why don't you report it as such?  I am grateful for the help, delighted in short.  This is what the community should be about.  I hate it when you have these discussions in a thread about policy and etiquette - it only causes pain.

Great product and great support.

Thanks for the help Jon.

[JonB]

larry007,

Thanks but Charlie is correct. You need to report this in the bugtracker. DHCP should not be trying to allocate IP's outside the scope of the server. Even if the only result is that the documentation is updated it will be worth it.

Developers like Charlie and Gordon don't have the time to troll the threads looking for problems.

You have given some good info and resolution in this thread that can be used. Create a bug and take it from there.

Jon