Confused about DHCP Option 60/61

[Armitage]

I'm in the process of switching ISP and the one I'm going to (NowTV, essentially Sky) apparently have a locked down approach to connecting to the network and uses MER authentication rather than PPPoE/A like my current supplier does, because they don't want people using their own equipment. However you can use your own stuff if you jump through a few hoops but this is where the confusion has set in.

I have an R7800 using one of Voxel's latest firmware versions so I believe I'm able to use Option 60/61 if I do some configuring in ssh, or use Kamoj's add-on. However I have DHCP turned off on the R7800 as I use a Pihole as well on my network and instead use that as the DHCP server for my LAN.

So, because the new connection will use DHCP Option 60/61 to authenticate the connection, I am confused about if I can actually do this with my current setup:

Because I have DHCP turned off on the router, does that also affect it's ability to send Option 60/61? Or is the Option 60/61 thing separate entirely from the actual LAN DHCP server?

 

[bmn1]

I don't have experience with PiHoles however it seems like you make a new config file for dnsmasq to set custom DHCP options:

[Solved] pi hole Add custom DNS records

@dschaper That merge requests allows for a single DNS entry whereas this feature request is for multiple entries

lifesaver.codes

DHCP Option 66, how?

Hi, I'm working on fully moving from my router to Pi-Hole's own DHCP server. But one required feature is Dhcp option 66. This option allows devices to be redirected to our FreePBX server which will give our Voip phones its configuration. My question is where and how do I set that up? I have...

discourse.pi-hole.net

 

[Armitage]

Thanks. I couldn't find anything like that when I searched but I suppose its because I was looking for option 61 and option 60 rather than 66, but if I do have to go fiddling with it at least now I know how.

I will just edit the necessary file via ssh on the R7800 and change the two lines that need changing first though and see if it works without touching the pihole.

 

[ColinTaylor]

I don't know anything about the Netgear firmware, but on Asus routers you would need to change the udhcpc options, not dnsmasq.

On Asus dnsmasq is used as a DHCP server for the LAN. The DHCP options 60 and 61 are specified on the DHCP client on the WAN interface which is udhcpc.

Like I said, I don't know whether Netgear works the same way.

 

[Tech Junky]

If you're using pihole it might be easier to disable DHCP there and add bind for DHCP. If pihole craps out you're not stuck with no IP being issued. Assuming you're running Linux for pihole to sit on top of DHCP made easy either webmin GUI over a browser.

 

[HELLO_wORLD]

Let's not get confused by two very different things on the router :
– the DHCP client on the WAN side,
– the DHCP server on the LAN side.

The first is for a router to connect using DHCP to the ISP (or a network).
The second is to have your router setting automatically via DHCP the adresses of the devices on the LAN.

Seems your ISP is requiring a DHCP client on the WAN side (like mine), and the R7800 has a DHCP client (and more if you use Entware)

On the LAN side, you can do what you want… Leave it to the piHole, using static configuration, a DHCP server…

 

[HELLO_wORLD]

Looks like for option 60 and 61 you might need to use udhcpc from Entware:

root@HERMES:~$ which -a udhcpc
/opt/sbin/udhcpc
/sbin/udhcpc
root@HERMES:~$ /sbin/udhcpc --help
Usage: udhcpc [OPTIONS]

  -c, --clientid=CLIENTID         Client identifier
  -H, --hostname=HOSTNAME         Client hostname
  -h                              Alias for -H
  -f, --foreground                Do not fork after getting lease
  -b, --background                Fork to background if lease cannot be
                                  immediately negotiated.
  -i, --interface=INTERFACE       Interface to use (default: eth0)
  -n, --now                       Exit with failure if lease cannot be
                                  immediately negotiated.
  -p, --pidfile=file              Store process ID of daemon in file
  -d, --domain_name               domain name
  -q, --quit                      Quit after obtaining lease
  -r, --request=IP                IP address to request (default: none)
  -s, --script=file               Run file at dhcp events (default:
                                  /usr/share/udhcpc/default.script)
  -v, --version                   Display version
  -V, --vendor                    Set vendor identifier
  -N,  --oldip                    Ip address of last time
  -a, --apmode                    DUT is running in AP mode
root@HERMES:~$ /opt/sbin/udhcpc --help
BusyBox v1.34.1 (2021-12-19 08:40:33 UTC) multi-call binary.

Usage: udhcpc [-fbqRB] [-t N] [-T SEC] [-A SEC|-n]
    [-i IFACE] [-s PROG] [-p PIDFILE]
    [-oC] [-r IP] [-V VENDOR] [-F NAME] [-x OPT:VAL]... [-O OPT]...

    -i IFACE    Interface to use (default )
    -s PROG        Run PROG at DHCP events (default /opt/share/udhcpc/default.script)
    -p FILE        Create pidfile
    -B        Request broadcast replies
    -t N        Send up to N discover packets (default 3)
    -T SEC        Pause between packets (default 3)
    -A SEC        Wait if lease is not obtained (default 20)
    -b        Background if lease is not obtained
    -n        Exit if lease is not obtained
    -q        Exit after obtaining lease
    -R        Release IP on exit
    -f        Run in foreground
    -S        Log to syslog too
    -r IP        Request this IP address
    -o        Don't request any options (unless -O is given)
    -O OPT        Request option OPT from server (cumulative)
    -x OPT:VAL    Include option OPT in sent packets (cumulative)
            Examples of string, numeric, and hex byte opts:
            -x hostname:bbox - option 12
            -x lease:3600 - option 51 (lease time)
            -x 0x3d:0100BEEFC0FFEE - option 61 (client id)
            -x 14:'"dumpfile"' - option 14 (shell-quoted)
    -F NAME        Ask server to update DNS mapping for NAME
    -V VENDOR    Vendor identifier (default 'udhcp VERSION')
    -C        Don't send MAC as client identifier
Signals:
    USR1    Renew lease
    USR2    Release lease

 

[kamoj]

I'm in the process of switching ISP and the one I'm going to (NowTV, essentially Sky) apparently have a locked down approach to connecting to the network and uses MER authentication rather than PPPoE/A like my current supplier does, because they don't want people using their own equipment. However you can use your own stuff if you jump through a few hoops but this is where the confusion has set in.

I have an R7800 using one of Voxel's latest firmware versions so I believe I'm able to use Option 60/61 if I do some configuring in ssh, or use Kamoj's add-on. However I have DHCP turned off on the R7800 as I use a Pihole as well on my network and instead use that as the DHCP server for my LAN.

So, because the new connection will use DHCP Option 60/61 to authenticate the connection, I am confused about if I can actually do this with my current setup:

Because I have DHCP turned off on the router, does that also affect it's ability to send Option 60/61? Or is the Option 60/61 thing separate entirely from the actual LAN DHCP server?

Have you tried the original Netgear/Voxel setting?
Basic: Internet: DHCP Option: Vendor Class Identifier String (Option 60)
Basic: Internet: DHCP Option: Client Identifier String (Option 61)

I had these settings in the add-on years before Netgear, but removed them as I thought they became redundant
when Netgear implemented it.
So if Netgear settings doesn't work I might reintroduce them in the add-on.

 

[HELLO_wORLD]

Have you tried the original Netgear/Voxel setting?
Basic: Internet: DHCP Option: Vendor Class Identifier String (Option 60)
Basic: Internet: DHCP Option: Client Identifier String (Option 61)

I had these settings in the add-on years before Netgear, but removed them as I thought they became redundant
when Netgear implemented it.
So if Netgear settings doesn't work I might reintroduce them in the add-on.

That should do it

I red too fast the options for native udhcpc, seems it is able to handle these options, and likely what the GUI is using when setting th‘em from web interface like @kamoj mentionned:
-c, --clientid=CLIENTID Client identifier
-V, --vendor Set vendor identifier

 

[ColinTaylor]

That should do it

I red too fast the options for native udhcpc, seems it is able to handle these options, and likely what the GUI is using when setting th‘em from web interface like @kamoj mentionned:
-c, --clientid=CLIENTID Client identifier
-V, --vendor Set vendor identifier

So it sounds like the Netgear firmware works the same way as the Asus', like I described in post #4. The difference with Asus is you can't change options 60 and 61 in the GUI with stock firmware, but you can with Merlin's firmware.

 

[HELLO_wORLD]

So it sounds like the Netgear firmware works the same way as the Asus', like I described in post #4. The difference with Asus is you can't change options 60 and 62 in the GUI with stock firmware, but you can with Merlin's firmware.

Looks that way

 

[Armitage]

Let's not get confused by two very different things on the router :
– the DHCP client on the WAN side,
– the DHCP server on the LAN side.

The first is for a router to connect using DHCP to the ISP (or a network).
The second is to have your router setting automatically via DHCP the adresses of the devices on the LAN.

Seems your ISP is requiring a DHCP client on the WAN side (like mine), and the R7800 has a DHCP client (and more if you use Entware)

On the LAN side, you can do what you want… Leave it to the piHole, using static configuration, a DHCP server…

This is the answer to my question, thanks.

I got confused because DHCP was in the naming of Option 60/61, I hoped that it was referring to the ISP side and not my LAN but I wasn't sure and thought I'd ask just in case for some reason or another clients on the LAN had to be using Option 60/61 to be given Internet access by the router, or some crazy stuff like that.

But yes now this is clear. Thanks, by the way, to the others who answered. For reference, when I set up the pihole I was using stock firmware on the R7800 which of course limits you quite a lot on what you can do with the DHCP server. I.e. to get all clients on the LAN to use the Pihole as the DNS you can either set it up so the router forwards requests using dnsmasq (which I couldn't do), manually set up every client to point to the Pihole as a DNS server (which I could do for the majority of clients but not all of them), or I could just turn off DHCP on the router and use it on the Pihole instead, essentially forcing every client to use Pihole as the DNS so it works.

Obviously I chose the latter method. A while later though I ended up coming across Voxel's fabulous firmware and switching to that. I believe you can do the dnsmaq forwarding with his firmware (all be it not via the GUI) but since I have never had an issue with the Pihole acting as the DHCP server on my LAN I couldn't be bothered to go back to using the router as the DHCP server so just left it as is.

As for Option 60/61, thanks to this thread on snbf I am aware of how to get that working. No you can't do it via the GUI on Voxel's firmware unless one uses Kamoj's great add-on, but it's easy enough, you just need to log in to the router via ssh and edit two lines in "/etc/init.d/net-wan" which will do the trick and is as some of you have mentioned the necessary udhcp changes required.

Although regarding what you edit the lines with, based on more searching I've found these days you don't even need Option 60 (Vendor, or -V in the line of code) anymore since Sky relaxed the requirements a bit to access their network. Now all you need is Option 61 (Client) and that can just be a fake assortment of numbers and letters for your username and password (12 characters long for the username and 8 for the password). Also if you're with NowTV you change @skydsl to @nowtv.

Still, having said all that my new connection isn't live yet still for just over a week so I still haven't tested any of that but it should work fine.

 

[fossil]

Obviously I chose the latter method. A while later though I ended up coming across Voxel's fabulous firmware and switching to that. I believe you can do the dnsmaq forwarding with his firmware (all be it not via the GUI) but since I have never had an issue with the Pihole acting as the DHCP server on my LAN I couldn't be bothered to go back to using the router as the DHCP server so just left it as is.

If it is working fine keep it that way but down below may be helpful at some later point of time.

All that is needed is switch lan dns from router itself to rpi. It requires changing only one line in "/etc/init.d/net-lan"

From > option dns $($CONFIG get lan_ipaddr)
To > option dns 192.168.1.2

Assuming 192.168.1.2 is your RPI-IP

Router will remain as dhcp server under Lan Setup in UI. It is better to to reserve RPI IP from the UI under "Lan Setup > Address Reservation" dhcp setting. All your devices will automatically get the rpi as dns server from the router.

You can automate this process with few lines of script and post-mount.sh on usb to apply this setting automatically on firmware update. (or manually after each fw update)

 

[HELLO_wORLD]

If it is working fine keep it that way but down below may be helpful at some later point of time.

All that is needed is switch lan dns from router itself to rpi. It requires changing only one line in "/etc/init.d/net-lan"

From > option dns $($CONFIG get lan_ipaddr)
To > option dns 192.168.1.2

Assuming 192.168.1.2 is your RPI-IP

Router will remain as dhcp server under Lan Setup in UI. It is better to to reserve RPI IP from the UI under "Lan Setup > Address Reservation" dhcp setting. All your devices will automatically get the rpi as dns server from the router.

You can automate this process with few lines of script and post-mount.sh on usb to apply this setting automatically on firmware update. (or manually after each fw update)

Yep,

This is what I do in one of my zillion scripts:

grep -qF 'option dns 192.168.0.150' /etc/init.d/net-lan || { sed -i '1,/auto_time / s/auto_time 5/auto_time 7200\noffer_time 86400\nmin_lease 86400/ ; 1,/option dns / s/option dns/option dns 192.168.0.150\noption dns/' /etc/init.d/net-lan; sleep 2 && /etc/init.d/net-lan restart; } &

 

[Armitage]

Just thought I'd mention that my new connection went live at midnight and works fine with the aforementioned settings so that's that all sorted.

Don't think I'll ever bother using the R7800 as a DHCP server for the LAN again, as easy as it is with Voxel's firmware to get it to work properly with a Pihole, the Pihole does the job just fine if not somewhat better to be honest due to the quick user interface it has.