Hi, I am having trouble using DHCP relay over VTI. This is my current configuration:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description *
rule 2 {
action accept
description *
log disable
state {
established enable
invalid disable
new disable
related enable
}
}
rule 3 {
action accept
log disable
protocol all
source {
address *
}
}
rule 4 {
action accept
log disable
protocol all
source {
address *
}
}
rule 5 {
action accept
log disable
protocol all
source {
address *
}
}
}
name WAN_LOCAL {
default-action drop
description ""
rule 1 {
action accept
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action accept
log disable
protocol all
source {
address *
}
}
rule 3 {
action accept
log disable
protocol all
source {
address *
}
}
rule 4 {
action accept
log disable
protocol all
source {
address *
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address *
description LAN
duplex auto
speed auto
}
ethernet eth1 {
address *
description WAN
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
disable
duplex auto
speed auto
}
loopback lo {
}
vti vti0 {
address *
ip {
ospf {
dead-interval 40
hello-interval 10
mtu-ignore
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1436
}
}
protocols {
ospf {
area 0 {
network *
network *
}
log-adjacency-changes {
}
parameters {
router-id *
}
redistribute {
static {
metric-type 2
}
}
}
static {
route * {
next-hop * {
}
}
route * {
next-hop * {
distance 1
}
}
}
}
service {
dhcp-relay {
interface eth0
interface vti0
server *
}
gui {
https-port 443
}
nat {
rule 5000 {
description WAN_MASQ
log disable
outbound-interface eth1
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name *
login {
user admin {
authentication {
encrypted-password *
plaintext-password *
}
level admin
}
}
name-server *
offload {
ipsec enable
ipv4 {
forwarding enable
}
ipv6 {
forwarding disable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
}
vpn {
ipsec {
auto-firewall-nat-exclude disable
esp-group FOO0 {
compression disable
lifetime 3600
mode tunnel
pfs dh-group2
proposal 1 {
encryption 3des
hash sha1
}
}
ike-group FOO0 {
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 2
encryption 3des
hash sha1
}
}
ipsec-interfaces {
interface eth1
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
site-to-site {
peer {
authentication {
mode pre-shared-secret
pre-shared-secret *
}
connection-type initiate
ike-group FOO0
local-address *
vti {
bind vti0
esp-group FOO0
}
}
}
}
}The DHCP server is running Windows Server 2008 R2, and the client won't get any IP address. Running tcpdump on eth0 will show me DHCP requests from the client, but doing the same on vti0 won't show me anything.
sudo tcpdump -v -v -n udp portrange 67-68 -c 100 -i eth0 sudo tcpdump -v -v -n udp portrange 67-68 -c 100 -i vti0
What am I missing? How could I troubleshoot this?
Thanks in advance.