- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DHCP issue
I have a dhcp problem on several of my client sites (spoke). my client has 44 remotes sites, all connected in VPN on the central site (2 VPNs, fiber and Lte links).
For unknown reasons, DHCP requests do not work and users disconnect from the network after the DHCP lease expires. the problem starts working again when I do this:
diag sys session filter dst 10.x.x.x
diag sys session clear
the Problem do not happen on all the site at the same time, and any changed has made on the configuration, and the problem happen randomly
Is someone can help me with please
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have spoke sites experiencing the same issue.
FG-81E's connected back to the hub (VM01, 601E, 501E) via IPsec interface tunnels, OSPF routing. Issue appeared after upgrading to 6.4, not all sites affected. Same work around, cleared sessions with the destination of the DHCP server on the other end of the tunnel.
Sniffing for UDP 67+68 traffic on the spoke shows that the FG is sending DHCP traffic out the physical interface that the IPsec tunnel is attached to, not within the tunnel. All other traffic from the spoke LAN to the hub LAN (same subnet that the DHCP server resides on), exits the spoke through the tunnel and not the physical interface.
Currently running 6.4.7 on the hubs and 6.4.7/6.4.8 on the spokes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No I haven't identified the root cause or opened a ticket with support, but it's on the list of things to do.
The current work around that I'm using is to clear the stuck session that's sending traffic out the physical interface instead of the tunnel interface. I'm only noticing this issue on spoke sites connected via a static VPN tunnels, I have a dial-up VPN tunnel from my home office to hub/HQ (w/ OSPF) and have never had an issue receiving DHCP from the hub.