Redirection failed from $HS_LANIF to tun0

[tomasell]

Hi, there are two clients on the network, one has ip 10.234.253.10 and the other one 10.234.250.34. Network parameters are the same and both ping to each other, but only one can ping the coovachilli interface on tun0 (10.234.0.1 with subnet 255.255.0.0) and can redirect to login page. ICMP packets of both devices arrive on $HS_LANIF but only the ICMP packets from the first device pass through tun0 successfully. More than one threads is running on my own ubiquiti and if i kill all and restart the chilli service, both devices start work successfully, but the first user has been logged off (nas reboot disconnect all users). I don't understand why service cannot process all the request (usually there are 40 users logged in, but 50 devices try to connect, so 20% failed to connect) even if the CPU load isn't too high. Maybe am i missing any parameters in coovachilli configuration or in /etc/inid.d/chilli?

config.txt etc-init-chilli.txt

[tomasell]

I receive "Received packet with spoofed source!" error message and in my own configuration Layer3 is disable.

if (
#ifdef ENABLE_LAYER3
          !_options.layer3 &&
#endif
          pack_iph->saddr != conn->hisip.s_addr) {
    if (_options.debug)
      syslog(LOG_DEBUG, "Received packet with spoofed source!");
    OTHER_RECEIVED(conn, pack_iph);
    /*dhcp_sendRENEW(conn, pack, len);*/
    return 0;
  }

I don't know why pack_iph->saddr != conn->hisip.s_addr check doesn't fail. Any ideas? Thanks

[tomasell]

If layer3 is disable with dhcprelay active:

coova-chilli[14116]: DHCP newconn: 86-C1-A1-70-AB-6B coova-chilli[14116]: New DHCP request from MAC=86-C1-A1-70-AB-6B coova-chilli[14116]: New Chilli Connection coova-chilli[14116]: dhcp/bootps request being processed coova-chilli[14116]: function dhcp_getreq() coova-chilli[14116]: checking modules... coova-chilli[14116]: Sending DHCP relay packet to 10.0.14.46 coova-chilli[14116]: DHCP relay response from 10.0.14.46 of length 300 received coova-chilli[14116]: DHCP request for IP address 10.105.202.17 coova-chilli[14116]: newip 10.105.202.17 coova-chilli[14116]: Requesting new static ip: 10.105.202.17 coova-chilli[14116]: Static IP address not allowed coova-chilli[14116]: Requesting new dynamic ip: 10.105.202.17 coova-chilli[14116]: Client MAC=86-C1-A1-70-AB-6B assigned IP 10.105.0.2 coova-chilli[14116]: ARP: Replying to 10.105.0.2 / 86-C1-A1-70-AB-6B

If layer3 is enable

coova-chilli[16243]: DHCP newconn: 0A-88-20-D0-E9-E1 coova-chilli[16243]: forwarding layer2 dhcp/bootps request ->layer3 enable coova-chilli[16243]: checking modules... coova-chilli[16243]: Sending DHCP relay packet to 10.0.14.46 coova-chilli[16243]: DHCP relay response from 10.0.14.46 of length 300 received coova-chilli[16243]: DHCP: Nak or Broadcast coova-chilli[16243]: Sending DHCP relay response 255.255.255.255:68 342 coova-chilli[16243]: Sending DHCP from 10.105.0.1:67 coova-chilli[16243]: Address found coova-chilli[16243]: forwarding layer2 dhcp/bootps request coova-chilli[16243]: checking modules... coova-chilli[16243]: Sending DHCP relay packet to 10.0.14.46 coova-chilli[16243]: dropping packet with unknown destination: 10.105.202.16 coova-chilli[16243]: DHCP relay response from 10.0.14.46 of length 300 received coova-chilli[16243]: ARP: Replying to 0.0.0.0 / 0A-88-20-D0-E9-E1 coova-chilli[16243]: Address found coova-chilli[16243]: New Layer3 10.105.202.16 coova-chilli[16243]: Requesting new dynamic ip: 10.105.202.16 coova-chilli[16243]: New Chilli Connection

[heruan]

I'm also really interested on this. For the record: what does the layer3 option enable?

[AndrewMargarit]

@heruan a DHCP server @tomasell is that still happening for you?