DHCP Proxy For Deleting and Inserting Relayed Option 82 information
In environments like Cisco SD Access or Cisco ACI where option 82 is required, the DHCP server must support this by returning option 82 in its replies. If this is omitted the packets will never get back to the client because the network depends on this information for correct forwarding.
This proxy provides a fix by stripping the option 82 information in the request and re-inserting it in the offer, meaning the server is oblivious of this information.
The long time solution is to use a DHCP server that supports option 82, but this proxy is a feasable short time solution
This proxy can be used to manipulate other options as well, yet as of now it's only for option 82. Open an issue if you have any thoughts or ideas on how to further utilize or improve this proxy
This proxy is in early development and is highly experimental, yet works as a charm if installed as described. A current major caveat is that there is little to none fault handling so if it catches an unknown it will CRASH. I'm currently working on improving this.
-
Install the proxy according to design
DHCP Server <-> THIS_PROXY! <-> Relay Agent <-> DHCP Client Might work in other scenarios as well, but Ye Might Also Be Fecked! -
Make sure git, python, pip and optionally virtualenv are installed on the platform of choice
If not use "yum install " or "apt-get " to fullfill these dependencies -
Install scapy. Fret not, Scapy is a well-known packet manipulator used by Cisco Systems among others
pip install scapy -
Clone from Github
git clone https://github.com/bentole/dhcpProxy.git -
Create a file named settings.py and put it in the same directory as dhcpProxy.py. See Settings below
vi settings.py or nano settings.py or whatever -
Start the proxy
python ./dhcpProxy.py -
Change the relay information from pointing towards the dhcp server to point towards the proxy
For Cisco routers : ip helper-address proxy_addr -
Good luck, Chuck!
Copy & paste the below content and save it to settings.py. Just make sure it's placed in the same directory as the main scriptfile.
# the listener interface for the proxy
INT = 'ifname'
# ip address of the listener interface
INT_IP = 'w.x.y.z'
# ip address of the dhcp server
DHCP_SRV = 'w.x.y.z'
# Log to the specified file or set to False for no logging
VERBOSE = True
LOGFILE = '/var/log/dhcpproxy.log' # Make sure this is placed in the correct logfolder
-
Edit dhcpproxy.service and make sure that the file paths are correct
-
Put dhcpproxy.service file in the correct systemd folder
On Centos: /usr/lib/systemd/system On Ubuntu: /etc/systemd/system Might be other locations as well, you'll figure it out. -
Reload systemd to read the new service file
sudo systemctl daemon-reload -
Start the service
sudo systemctl start dhcpproxy -
Check status or stop
sudo systemctl status dhcpproxy sudo systemctl stop dhcpproxy -
Enable at startup
sudo systemctl enable dhcpproxy -
Puh, Done! Now tail the logfile to see what's going on
tail -f /var/log/dhcpproxy.log