Là tu nous montre une capture du WAN non ? C'est ton IP publique.
Et je confirme que LYO existe, c'est pour... Lyon. J'ai cette config chez moi et ça marche très bien. Mais je ne pense pas que ça soit le point bloquant. Ce qui compte vraiment pour que la requête soit acceptée par la box, je crois que c'est 90 et 125.
Merci de votre attention ! Devrais-je être en mesure de rechercher l'adresse de ANN.access.orange-multimedia.net ou LYO.access.orange-multimedia.net en utilisant le DNS orange ? Parce que cela échoue pour moi.
➜ ~ dig ANN.access.orange-multimedia.net.
; <<>> DiG 9.10.6 <<>> ANN.access.orange-multimedia.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55857
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ANN.access.orange-multimedia.net. IN A
;; AUTHORITY SECTION:
ann.access.orange-multimedia.net. 47 IN SOA this.name.is.invalid. hostmaster.this.name.is.invalid. 2024062501 10800 3600 604800 60
;; Query time: 18 msec
;; SERVER: 81.253.149.5#53(81.253.149.5)
;; WHEN: Wed Jul 03 21:46:03 CEST 2024
;; MSG SIZE rcvd: 132
➜ ~ dig LYO.access.orange-multimedia.net
; <<>> DiG 9.10.6 <<>> LYO.access.orange-multimedia.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54642
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;LYO.access.orange-multimedia.net IN A
;; AUTHORITY SECTION:
LYO.access.orange-multimedia.net 60 IN SOA this.name.is.invalid. hostmaster.this.name.is.invalid. 2024062501 10800 3600 604800 60
;; Query time: 20 msec
;; SERVER: 81.253.149.5#53(81.253.149.5)
;; WHEN: Wed Jul 03 21:46:12 CEST 2024
;; MSG SIZE rcvd: 132
Mon message ci-dessus concernait le DHCP pour le WAN de pfsense, se connectant via l'ONT.
Voici le DHCP d'un test avec un ordinateur portable connecté au même port que la LiveBox5.
EDIT: J'ai fait d'autres tests avec un autre outil et cela semble normal après tout.
root@dhcptest:~/dhcptest# ./dhcptest --request 125
dhcptest v0.9 - Created by Vladimir Panteleev
https://github.com/CyberShadow/dhcptest
Run with --help for a list of command-line options.
Listening for DHCP replies on port 68.
Type "d" to broadcast a DHCP discover packet, or "help" for details.
d
Sending packet:
op=BOOTREQUEST chaddr=06:97:FE:33:D8:2B hops=0 xid=3EFA0B69 secs=0 flags=8000
ciaddr=0.0.0.0 yiaddr=0.0.0.0 siaddr=0.0.0.0 giaddr=0.0.0.0 sname= file=
2 options:
53 (DHCP Message Type): discover
55 (Parameter Request List): 125 (Unknown)
Received packet from 192.168.100.254:67:
op=BOOTREPLY chaddr=06:97:FE:33:D8:2B hops=0 xid=3EFA0B69 secs=0 flags=8000
ciaddr=0.0.0.0 yiaddr=192.168.100.4 siaddr=0.0.0.0 giaddr=0.0.0.0 sname= file=
5 options:
53 (DHCP Message Type): offer
54 (Server Identifier): 192.168.100.254
51 (IP Address Lease Time): 86400 (1 day)
125 (Unknown): 00 00 05 58 0C 01 0A 00 01 00 00 00 00 00 00 00 00
1 (Subnet Mask): 255.255.255.0
Received packet from 192.168.100.254:67:
op=BOOTREPLY chaddr=<SNIP> hops=0 xid=279F7458 secs=2557 flags=8000
ciaddr=0.0.0.0 yiaddr=192.168.100.1 siaddr=0.0.0.0 giaddr=0.0.0.0 sname= file=
10 options:
53 (DHCP Message Type): offer
54 (Server Identifier): 192.168.100.254
51 (IP Address Lease Time): 86400 (1 day)
1 (Subnet Mask): 255.255.255.0
3 (Router Option): 192.168.100.254
6 (Domain Name Server Option): 81.253.149.5
15 (Domain Name): orange.fr
90 (Unknown): "", "", "", "", "", "", "", "", "", "", "", "dhcpliveboxfr250" (00 00 00 00 00 00 00 00 00 00 00 64 68 63 70 6C 69 76 65 62 6F 78 66 72 32 35 30)
119 (Unknown): 03 41 4E 4E 06 61 63 63 65 73 73 11 6F 72 61 6E 67 65 2D 6D 75 6C 74 69 6D 65 64 69 61 03 6E 65 74 00
125 (Unknown): 00 00 05 58 0C 01 0A 00 01 00 00 00 00 00 00 00 00
Je ne vois aucune OPTION 90 ou 125 transmise par le serveur DHCP de pfsense. Je suppose que cela devrait être visible dans cette capture WireShark ?
No. Time Source Destination Protocol Length Info
27 1.003414 192.168.100.254 192.168.100.2 DHCP 363 DHCP Offer
- Transaction ID 0x1bedac4b
Frame 27: 363 bytes on wire (2904 bits), 363 bytes captured (2904 bits) on interface en8, id 0
Section number: 1
Interface id: 0 (en8)
Interface name: en8
Interface description: Belkin USB-C LAN
Encapsulation type: Ethernet (1)
Arrival Time: Jul 3, 2024 21:45:27.130789000 CEST
UTC Arrival Time: Jul 3, 2024 19:45:27.130789000 UTC
Epoch Arrival Time: 1720035927.130789000
[Time shift for this packet: 0.000000000 seconds]
[Time delta from previous captured frame: 0.002286000 seconds]
[Time delta from previous displayed frame: 0.002286000 seconds]
[Time since reference or first frame: 1.003414000 seconds]
Frame Number: 27
Frame Length: 363 bytes (2904 bits)
Capture Length: 363 bytes (2904 bits)
[Frame is marked: True]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dhcp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 02:76:c6:00:f5:b3 (02:76:c6:00:f5:b3), Dst: BelkinIntern_b0:f6:f4
(c0:56:27:b0:f6:f4)
Destination: BelkinIntern_b0:f6:f4 (c0:56:27:b0:f6:f4)
Address: BelkinIntern_b0:f6:f4 (c0:56:27:b0:f6:f4)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 02:76:c6:00:f5:b3 (02:76:c6:00:f5:b3)
Address: 02:76:c6:00:f5:b3 (02:76:c6:00:f5:b3)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the
factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.100.254, Dst: 192.168.100.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x10 (DSCP: Unknown, ECN: Not-ECT)
0001 00.. = Differentiated Services Codepoint: Unknown (4)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 349
Identification: 0x0000 (0)
000. .... = Flags: 0x0
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 128
Protocol: UDP (17)
Header Checksum: 0xef2e [validation disabled]
[Header checksum status: Unverified]
Source Address: 192.168.100.254
Destination Address: 192.168.100.2
User Datagram Protocol, Src Port: 67, Dst Port: 68
Source Port: 67
Destination Port: 68
Length: 329
Checksum: 0xe420 [unverified]
[Checksum Status: Unverified]
[Stream index: 5]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (321 bytes)
/var/folders/l0/82qzps71207d3xm84h8gbf3w0000gr/T/wireshark_Belkin USB-C LANJ5S4P2.pcapng 5509 total packets, 5509 shown
Dynamic Host Configuration Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x1bedac4b
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 192.168.100.2
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: BelkinIntern_b0:f6:f4 (c0:56:27:b0:f6:f4)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Offer)
Length: 1
DHCP: Offer (2)
Option: (54) DHCP Server Identifier (192.168.100.254)
Length: 4
DHCP Server Identifier: 192.168.100.254
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: 1 day (86400)
Option: (1) Subnet Mask (255.255.255.0)
Length: 4
Subnet Mask: 255.255.255.0
Option: (3) Router
Length: 4
Router: 192.168.100.254
Option: (6) Domain Name Server
Length: 4
Domain Name Server: 81.253.149.5
Option: (15) Domain Name
Length: 9
Domain Name: orange.fr
Option: (119) Domain Search
Length: 34
FQDN: ANN.access.orange-multimedia.net
Option: (255) End
Option End: 255
L'ordinateur portable se connecte sur le vlan 832 comme prévu et reçoit l'adresse IP attendue via DHCP.
Une chose que je remarque est que l'option 119 n'a pas le point de fin comme c'est le cas dans le WAN dhcp et dans ma configuration de serveur DHCP pfsense.
Laquelle est la bonne ? Je suppose qu'il s'agit d'un système de noms interne qui exige le point final.
J'ai vu quelques variations dans les paramètres, comme quelques 00:00, mais je suppose que je devrais utiliser ce que je reçois d'Orange DHCP sur le WAN, n'est-ce pas ?
Ce sont les valeurs exactes que j'ai en ce moment :
OPTION 90 - "00:00:00:00:00:00:00:00:00:00:00:64:68:63:70:6c:69:76:65:62:6f:78:66:72:32:35:30"
OPTION 125 - "00:00:05:58:0c:01:0a:00:01:00:00:00:00:00:00:00:00:00:00"
Je joins également une capture d'écran pour voir comment ils sont entrés dans pfsense en tant que STRING
Pour ce que cela vaut, voici comment il est stocké dans /var/dhcpd/etc/dhcpd.conf
option domain-search-list code 119 = text;
option arch code 93 = unsigned integer 16; # RFC4578
option custom-opt10-0 code 90 = string;
option custom-opt10-1 code 125 = string;
class "s_opt10" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
subnet 192.168.100.0 netmask 255.255.255.0 {
pool {
option domain-name-servers 81.253.149.5;
range 192.168.100.1 192.168.100.20;
}
option routers 192.168.100.254;
option domain-name "orange.fr";
option domain-search "ANN.access.orange-multimedia.net.";
option domain-name-servers 81.253.149.5;
default-lease-time 86400;
max-lease-time 86400;
ping-check true;
option custom-opt10-0 00:00:00:00:00:00:00:00:00:00:00:64:68:63:70:6c:69:76:65:62:6f:78:66:72:32:35:30;
option custom-opt10-1 00:00:05:58:0c:01:0a:00:01:00:00:00:00:00:00:00:00;
}
voici comment il est stocké dans /cf/conf/config.xml
/cf/conf/config.xml- <opt10>
/cf/conf/config.xml- <range>
/cf/conf/config.xml- <from>192.168.100.1</from>
/cf/conf/config.xml- <to>192.168.100.20</to>
/cf/conf/config.xml- </range>
/cf/conf/config.xml- <enable></enable>
/cf/conf/config.xml- <failover_peerip></failover_peerip>
/cf/conf/config.xml- <defaultleasetime>86400</defaultleasetime>
/cf/conf/config.xml- <maxleasetime>86400</maxleasetime>
/cf/conf/config.xml- <netmask></netmask>
/cf/conf/config.xml- <gateway>192.168.100.254</gateway>
/cf/conf/config.xml- <domain>orange.fr</domain>
/cf/conf/config.xml: <domainsearchlist>ANN.access.orange-multimedia.net.</domainsearchlist>
/cf/conf/config.xml- <ddnsdomain></ddnsdomain>
/cf/conf/config.xml- <ddnsdomainprimary></ddnsdomainprimary>
/cf/conf/config.xml- <ddnsdomainprimaryport></ddnsdomainprimaryport>
/cf/conf/config.xml- <ddnsdomainsecondary></ddnsdomainsecondary>
/cf/conf/config.xml- <ddnsdomainsecondaryport></ddnsdomainsecondaryport>
/cf/conf/config.xml- <ddnsdomainkeyname></ddnsdomainkeyname>
/cf/conf/config.xml- <ddnsdomainkeyalgorithm>hmac-md5</ddnsdomainkeyalgorithm>
/cf/conf/config.xml- <ddnsdomainkey></ddnsdomainkey>
/cf/conf/config.xml- <mac_allow></mac_allow>
/cf/conf/config.xml- <mac_deny></mac_deny>
/cf/conf/config.xml- <ddnsclientupdates>allow</ddnsclientupdates>
/cf/conf/config.xml- <tftp></tftp>
/cf/conf/config.xml- <ldap></ldap>
/cf/conf/config.xml- <nextserver></nextserver>
/cf/conf/config.xml- <filename></filename>
/cf/conf/config.xml- <filename32></filename32>
/cf/conf/config.xml- <filename64></filename64>
/cf/conf/config.xml- <filename32arm></filename32arm>
/cf/conf/config.xml- <filename64arm></filename64arm>
/cf/conf/config.xml- <uefihttpboot></uefihttpboot>
/cf/conf/config.xml- <rootpath></rootpath>
/cf/conf/config.xml- <numberoptions>
/cf/conf/config.xml- <item>
/cf/conf/config.xml- <number>90</number>
/cf/conf/config.xml- <type>string</type>
/cf/conf/config.xml- <value>MDA6MDA6MDA6MDA6MDA6MDA6MDA6MDA6MDA6MDA6MDA6NjQ6Njg6NjM6NzA6NmM6Njk6NzY6NjU6NjI6NmY6Nzg6NjY6NzI6MzI6MzU6MzA=</value>
/cf/conf/config.xml- </item>
/cf/conf/config.xml- <item>
/cf/conf/config.xml- <number>125</number>
/cf/conf/config.xml- <type>string</type>
/cf/conf/config.xml- <value>MDA6MDA6MDU6NTg6MGM6MDE6MGE6MDA6MDE6MDA6MDA6MDA6MDA6MDA6MDA6MDA6MDA=</value>
/cf/conf/config.xml- </item>
/cf/conf/config.xml- </numberoptions>
/cf/conf/config.xml- <dnsserver>81.253.149.5</dnsserver>
/cf/conf/config.xml- </opt10>