#
# $ ./configure --with-dhcp
# $ make
+# $ vi share/dictionary
+#
+# ## Un-comment the line containing $INCLUDE dictionary.dhcp
+# ## Then, save the file.
+#
# $ make install
#
# DHCP is NOT enabled by default.
#
server dhcp {
-# This is part RADIUS legacy (sorry). Clients have to be defined for
-# DHCP. This is not normal practice for a DHCP server, but it does
-# enable a simple filter list of "known clients".
-#
-
-# DHCP packets are normally sent with source IP address 0.0.0.0.
-# If you want to accept packets from any IP, uncomment the "netmask"
-# entry below, and delete the other "client" sections in this file.
-client any {
- ipaddr = 0.0.0.0
- #netmask = 0
- dhcp = yes
-}
-
-# For local testing.
-client localnet {
- ipaddr = 127.0.0.0
- netmask = 8
- dhcp = yes
-}
-
# Define a DHCP socket.
#
# The default port below is 6700, so you don't break your network.
# multiple interfaces, each with a separate policy.
#
# If you have multiple interfaces, it is a good idea to bind the
-# listen section to an interface. You will likely also need one
-# listen section per interface.
+# listen section to an interface. You will also need one listen
+# section per interface.
+#
+# FreeBSD does *not* support binding sockets to interfaces. Therefore,
+# if you have multiple interfaces, broadcasts may go out of the wrong
+# one, or even all interfaces. The solution is to use the "setfib" command.
+# If you have a network "10.10.0/24" on LAN1, you will need to do:
+#
+# Pick any IP on the 10.10.0/24 network
+# $ setfib 1 route add default 10.10.0.1
+#
+# Edit /etc/rc.local, and add a line:
+# setfib 1 /path/to/radiusd
+#
+# The kern must be built with the following options:
+# options ROUTETABLES=2
+# or any value larger than 2.
+#
+# The other only solution is to update FreeRADIUS to use BPF sockets.
+#
listen {
- ipaddr = *
+ ipaddr = 127.0.0.1
port = 6700
type = dhcp
- #interface = eth0
+# interface = lo0
+
+ # The DHCP server defaults to allowing broadcast packets.
+ # Set this to "no" only when the server receives *all* packets
+ # from a relay agent. i.e. when *no* clients are on the same
+ # LAN as the DHCP server.
+ #
+ # It's set to "no" here for testing.
+ broadcast = no
+
+ # On Linux if you're running the server as non-root, you
+ # will need to do:
+ #
+ # sudo setcap cap_net_admin=ei /path/to/radiusd
+ #
+ # This will allow the server to set ARP table entries
+ # for newly allocated IPs
}
# Packets received on the socket will be processed through one
# ...
#}
+ # Or, allocate IPs from the DHCP pool in SQL.
+# dhcp_sqlippool
+
ok
}
# ...
#}
+ # Or, allocate IPs from the DHCP pool in SQL.
+# dhcp_sqlippool
+
ok
}