src/test/setup/radius-config/freeradius/sites-available/dhcp

# -*- text -*-
######################################################################
#
#	This is a virtual server that handles DHCP.
#
#	$Id: 170e2b191af7184b519d3594fa99476c857dfda5 $
#
######################################################################

#
#  The DHCP functionality goes into a virtual server.
#
server dhcp {

#  Define a DHCP socket.
#
#  The default port below is 6700, so you don't break your network.
#  If you want it to do real DHCP, change this to 67, and good luck!
#
#  You can also bind the DHCP socket to an interface.
#  See below, and raddb/radiusd.conf for examples.
#
#  This lets you run *one* DHCP server instance and have it listen on
#  multiple interfaces, each with a separate policy.
#
#  If you have multiple interfaces, it is a good idea to bind the
#  listen section to an interface.  You will also need one listen
#  section per interface.
#
#  FreeBSD does *not* support binding sockets to interfaces.  Therefore,
#  if you have multiple interfaces, broadcasts may go out of the wrong
#  one, or even all interfaces.  The solution is to use the "setfib" command.
#  If you have a network "10.10.0/24" on LAN1, you will need to do:
#
#  Pick any IP on the 10.10.0/24 network
#	$ setfib 1 route add default 10.10.0.1
#
#  Edit /etc/rc.local, and add a line:
#	setfib 1 /path/to/radiusd
#
#  The kern must be built with the following options:
#	options    ROUTETABLES=2
#  or any value larger than 2.
#
# The other only solution is to update FreeRADIUS to use BPF sockets.
#
listen {
	#  This is a dhcp socket.
	type = dhcp

	#  IP address to listen on. Will usually be the IP of the
	#  interface, or 0.0.0.0
	ipaddr = 127.0.0.1

	#  source IP address for unicast packets sent by the
	#  DHCP server.
	#
	#  The source IP for unicast packets is chosen from the first
	#  one of the following items which returns a valid IP
	#  address:
	#
	#	src_ipaddr
	#	ipaddr
	#	reply:DHCP-Server-IP-Address
	#	reply:DHCP-DHCP-Server-Identifier
	#
	src_ipaddr = 127.0.0.1

	#  The port should be 67 for a production network. Don't set
	#  it to 67 on a production network unless you really know
	#  what you're doing. Even if nothing is configured below, the
	#  server may still NAK legitimate responses from clients.
	port = 6700

	#  Interface name we are listening on. See comments above.
#	interface = lo0

	# The DHCP server defaults to allowing broadcast packets.
	# Set this to "no" only when the server receives *all* packets
	# from a relay agent.  i.e. when *no* clients are on the same
	# LAN as the DHCP server.
	#
	# It's set to "no" here for testing. It will usually want to
	# be "yes" in production, unless you are only dealing with
	# relayed packets.
	broadcast = no

	# On Linux if you're running the server as non-root, you
	# will need to do:
	#
	#	sudo setcap cap_net_admin=ei /path/to/radiusd
	#
	# This will allow the server to set ARP table entries
	# for newly allocated IPs
}

#  Packets received on the socket will be processed through one
#  of the following sections, named after the DHCP packet type.
#  See dictionary.dhcp for the packet types.

#  Return packets will be sent to, in preference order:
#     DHCP-Gateway-IP-Address
#     DHCP-Client-IP-Address
#     DHCP-Your-IP-Address
#  At least one of these attributes should be set at the end of each
#  section for a response to be sent.

dhcp DHCP-Discover {

	#  Set the type of packet to send in reply.
	#
	#  The server will look at the DHCP-Message-Type attribute to
	#  determine which type of packet to send in reply. Common
	#  values would be DHCP-Offer, DHCP-Ack or DHCP-NAK. See
	#  dictionary.dhcp for all the possible values.
	#
	#  DHCP-Do-Not-Respond can be used to tell the server to not
	#  respond.
	#
	#  In the event that DHCP-Message-Type is not set then the
	#  server will fall back to determining the type of reply
	#  based on the rcode of this section.

	update reply {
	       DHCP-Message-Type = DHCP-Offer
	}

	#  The contents here are invented.  Change them!
	update reply {
		DHCP-Domain-Name-Server = 127.0.0.1
		DHCP-Domain-Name-Server = 127.0.0.2
		DHCP-Subnet-Mask = 255.255.255.0
		DHCP-Router-Address = 192.0.2.1
		DHCP-IP-Address-Lease-Time = 86400
		DHCP-DHCP-Server-Identifier = 192.0.2.1
	}

	#  Do a simple mapping of MAC to assigned IP.
	#
	#  See below for the definition of the "mac2ip"
	#  module.
	#
	#mac2ip

	#  If the MAC wasn't found in that list, do something else.
	#  You could call a Perl, Python, or Java script here.

	#if (notfound) {
	# ...
	#}

	#  Or, allocate IPs from the DHCP pool in SQL. You may need to
	#  set the pool name here if you haven't set it elsewhere.
#	update control {
#		Pool-Name := "local"
#	}
#	dhcp_sqlippool

	#  If DHCP-Message-Type is not set, returning "ok" or
	#  "updated" from this section will respond with a DHCP-Offer
	#  message.
	#
	#  Other rcodes will tell the server to not return any response.
	ok
}

dhcp DHCP-Request {

	# Response packet type. See DHCP-Discover section above.
	update reply {
	       DHCP-Message-Type = DHCP-Ack
	}

	#  The contents here are invented.  Change them!
	update reply {
		DHCP-Domain-Name-Server = 127.0.0.1
		DHCP-Domain-Name-Server = 127.0.0.2
		DHCP-Subnet-Mask = 255.255.255.0
		DHCP-Router-Address = 192.0.2.1
		DHCP-IP-Address-Lease-Time = 86400
		DHCP-DHCP-Server-Identifier = 192.0.2.1
	}

	#  Do a simple mapping of MAC to assigned IP.
	#
	#  See below for the definition of the "mac2ip"
	#  module.
	#
	#mac2ip

	#  If the MAC wasn't found in that list, do something else.
	#  You could call a Perl, Python, or Java script here.

	#if (notfound) {
	# ...
	#}

	#  Or, allocate IPs from the DHCP pool in SQL. You may need to
	#  set the pool name here if you haven't set it elsewhere.
#	update control {
#		Pool-Name := "local"
#	}
#	dhcp_sqlippool

	#  If DHCP-Message-Type is not set, returning "ok" or
	#  "updated" from this section will respond with a DHCP-Ack
	#  packet.
	#
	#  "handled" will not return a packet, all other rcodes will
	#  send back a DHCP-NAK.
	ok
}

#
#  Other DHCP packet types
#
#  There should be a separate section for each DHCP message type.
#  By default this configuration will ignore them all. Any packet type
#  not defined here will be responded to with a DHCP-NAK.

dhcp DHCP-Decline {
	update reply {
	       DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}

dhcp DHCP-Inform {
	update reply {
	       DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}

dhcp DHCP-Release {
	update reply {
	       DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}


}

######################################################################
#
#  This next section is a sample configuration for the "passwd"
#  module, that reads flat-text files.  It should go into
#  radiusd.conf, in the "modules" section.
#
#  The file is in the format <mac>,<ip>
#
#	00:01:02:03:04:05,192.0.2.100
#	01:01:02:03:04:05,192.0.2.101
#	02:01:02:03:04:05,192.0.2.102
#
#  This lets you perform simple static IP assignment.
#
#  There is a preconfigured "mac2ip" module setup in
#  mods-available/mac2ip. To use it do:
#
#    # cd raddb/
#    # ln -s ../mods-available/mac2ip mods-enabled/mac2ip
#    # mkdir mods-config/passwd
#
#  Then create the file mods-config/passwd/mac2ip with the above
#  format.
#
######################################################################


#  This is an example only - see mods-available/mac2ip instead; do
#  not uncomment these lines here.
#
#passwd mac2ip {
#	filename = ${confdir}/mac2ip
#	format = "*DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address"
#	delimiter = ","
#}