fabianishere / udm-kernel-tools

Tools for bootstrapping custom kernels on the UniFi Dream Machine
GNU General Public License v2.0
329 stars 23 forks source link

No DHCP in VLAN subnets when GeoIP filtering is enabled #8

Open LUFEZ opened 3 years ago

LUFEZ commented 3 years ago

I have multiple subnets and VLAN that the UDMP manages. UDMP is running with firmware 1.8.6

My subnets: 192.168.1.0/24 Management (no VLAN) 10.0.10.0/24 Main VLAN 10 10.0.20.0/24 IOT VLAN 20

After booting the custom kernel everything works. Traffic between subnets and Internet works. IPTV works.

The only thing that does not work is the DHCP address assignment in the subnets with VLAN. The clients do not get an IP address. Clients from the subnet without VLAN get an IP address. After restoring the stock kernel it works.

I use: udm-kernel-tools_1.0.0_arm64.deb udm-kernel-4.1.37-edge1_4.1.37-edge1-1_arm64.deb

What I don't understand, what do I need to do with the packages from pve-edge-kernel?

Any ideas what the problem with DHCP could be?

fabianishere commented 3 years ago

The reference to pve-edge-kernel is incorrect, I did not update the link to refer to this project.

As for the DHCP issue, I suspect that it is related to the firmware version 1.8.6 you are running. For example, there might be a small chance that the kernel for 1.9.0 is not compatible with firmware version 1.8.6.

I am currently on 1.9.3 and cannot reproduce the issue. Does /var/log/messages mention anything about dnsmasq?

LUFEZ commented 3 years ago

First of all: It works now! :)

In the log I see that there is a problem with GeoIP filtering and therefore all DHCP servers are stopped. I disabled GeoIP filtering in the settings and after that DHCP works.

With enabled GeoIP filtering:

May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-net_LAN_br0_192-168-1-0-24
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-net_Main_br10_10-0-10-0-24
May  1 16:33:03 Lutz-UDM-Pro daemon.info dnsmasq[1730]: started, version 2.83 DNS disabled
May  1 16:33:03 Lutz-UDM-Pro daemon.info dnsmasq[1730]: compile time options: IPv6 GNU-getopt DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack ipset auth no-nettlehash no-DNSSEC loop-detect inotify dumpfile
May  1 16:33:03 Lutz-UDM-Pro daemon.info dnsmasq-dhcp[1730]: DHCP, IP range 192.168.1.50 -- 192.168.1.100, lease time 1d
May  1 16:33:03 Lutz-UDM-Pro daemon.info dnsmasq[1730]: exiting on receipt of SIGTERM
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-net_IoT_br20_10-0-20-0-24
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-net_Guest_LAN_br50_10-0-50-0-24
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service discoveryResponder
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dnsForwarder
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dpi
May  1 16:33:03 Lutz-UDM-Pro user.info kernel: [   28.653060] Init chrdev /dev/detector with major 190
May  1 16:33:03 Lutz-UDM-Pro user.info kernel: [   28.653070] tdts: tcp_conn_max = 32000
May  1 16:33:03 Lutz-UDM-Pro user.info kernel: [   28.653070] 
May  1 16:33:03 Lutz-UDM-Pro user.info kernel: [   28.653074] tdts: tcp_conn_timeout = 300 sec
May  1 16:33:03 Lutz-UDM-Pro user.info kernel: [   28.653074] 
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service geoipFiltering
May  1 16:33:03 Lutz-UDM-Pro user.info dpi-flow-stats: ubnt-dpi-util: Started
May  1 16:33:03 Lutz-UDM-Pro user.err ubios-udapi-server: ubios-udapi-server: Failed services: GeoIP filtering configuration failed: iptables-restore failed: command iptables-restore --counters --table filter --noflush </tmp/ubios-udapi-server-pipe.9c8a_99c3_c39a_557b 2>&1 returned error code 1; command output: iptables-restore: line 195 failed
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Rollback services
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Stop service bleHTTPTransport
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service ddns
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Stop service dhcpServers-net_LAN_br0_192-168-1-0-24
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Stop service dhcpServers-net_Main_br10_10-0-10-0-24
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Stop service dhcpServers-net_IoT_br20_10-0-20-0-24
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Stop service dhcpServers-net_Guest_LAN_br50_10-0-50-0-24
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service discoveryResponder
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Stop service dnsForwarder
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Stop service dpi
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Stop service geoipFiltering
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service idsIps
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service l2tpServer
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service mdns
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service ntpClient
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service radiusServer
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service suspend
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service systemLog
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service upnp
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service utm
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service wanFailover
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Rollback done services
May  1 16:33:03 Lutz-UDM-Pro user.err ubios-udapi-server: ubios-udapi-server: Failed to apply services saved configuration: GeoIP filtering configuration failed: iptables-restore failed: command iptables-restore --counters --table filter --noflush </tmp/ubios-udapi-server-pipe.9c8a_99c3_c39a_557b 2>&1 returned error code 1; command output: iptables-restore: line 195 failed
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Trying to fallback services to default configuration
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server:   *            [services]: configuring
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service bleHTTPTransport
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: bleHTTPTransport start can be postponed depending on system readiness
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service ddns
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-LAN_DHCP_Server
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service discoveryResponder
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dnsForwarder
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service dpi
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service geoipFiltering
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service idsIps
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service l2tpServer
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service mdns
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service ntpClient
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service radiusServer
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service suspend
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service systemLog
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service upnp
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service utm
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service wanFailover
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: wanFailover: no change (eth8: down+rst, eth9: down+off)
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: ^^^ Apply saved configuration done
May  1 16:33:03 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: The system is ready.

With disabled GeoIP filtering:

May  2 10:10:46 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-net_LAN_br0_192-168-1-0-24
May  2 10:10:46 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-net_Main_br10_10-0-10-0-24
May  2 10:10:46 Lutz-UDM-Pro daemon.info dnsmasq[1729]: started, version 2.83 DNS disabled
May  2 10:10:46 Lutz-UDM-Pro daemon.info dnsmasq[1729]: compile time options: IPv6 GNU-getopt DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack ipset auth no-nettlehash no-DNSSEC loop-detect inotify dumpfile
May  2 10:10:46 Lutz-UDM-Pro daemon.info dnsmasq-dhcp[1729]: DHCP, IP range 192.168.1.50 -- 192.168.1.100, lease time 1d
May  2 10:10:46 Lutz-UDM-Pro daemon.info dnsmasq[1729]: exiting on receipt of SIGTERM
May  2 10:10:46 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-net_IoT_br20_10-0-20-0-24
May  2 10:10:46 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dhcpServers-net_Guest_LAN_br50_10-0-50-0-24
May  2 10:10:46 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service discoveryResponder
May  2 10:10:46 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dnsForwarder
May  2 10:10:46 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service dpi
May  2 10:10:46 Lutz-UDM-Pro user.info kernel: [   28.322048] Init chrdev /dev/detector with major 190
May  2 10:10:46 Lutz-UDM-Pro user.info kernel: [   28.322058] tdts: tcp_conn_max = 32000
May  2 10:10:46 Lutz-UDM-Pro user.info kernel: [   28.322058] 
May  2 10:10:46 Lutz-UDM-Pro user.info kernel: [   28.322062] tdts: tcp_conn_timeout = 300 sec
May  2 10:10:46 Lutz-UDM-Pro user.info kernel: [   28.322062] 
May  2 10:10:47 Lutz-UDM-Pro user.info kernel: [   28.534172] cfg80211: Calling CRDA to update world regulatory domain
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service geoipFiltering
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service idsIps
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service l2tpServer
May  2 10:10:47 Lutz-UDM-Pro authpriv.info ipsec_starter[1778]: config OK
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: l2tpServer is unable to start (ppp0 is not ready: no ipv4 has been set on WAN yet); postponing...
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service mdns
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service ntpClient
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service radiusServer
May  2 10:10:47 Lutz-UDM-Pro user.info dpi-flow-stats: ubnt-dpi-util: Started
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service suspend
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service systemLog
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Reconfigure service upnp
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Keep service utm
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: Start service wanFailover
May  2 10:10:47 Lutz-UDM-Pro user.notice ubios-udapi-server: ubios-udapi-server: event_link: Failed to look up interface ppp0: Object not found
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: wanFailover: no change (eth9: down+off, ppp0: down+off)
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: ^^^ Apply saved configuration done
May  2 10:10:47 Lutz-UDM-Pro user.info ubios-udapi-server: ubios-udapi-server: The system is ready.

Thanks for this great project. 👍 I think this will help many users who use UDM and IPTV.

fabianishere commented 3 years ago

Great to hear!

I wonder why iptables-restore fails when enabling GeoIP filtering though. I suspect it may be related to some changes Ubiquiti did to the netfilter implementation from 1.8.6 to 1.9.0.