core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon opnsense

GUI: dnsmasq support for non-connected / non-local subnets.

Open buckweet1980 opened this issue 6 months ago • 2 comments

Request: This request is for the GUI, specific to dnsmasq, to be enhanced to have an advanced section to configure DHCP scopes for non-connected / non-local subnets. Today scopes will only be created if there is an interface built on the system.

This can be accomplished today using KEA within opnsense, however dnsmasq is the preferred approach going forward so I'd like it to be enhanced to have this capability. dnsmasq as a standalone product has the ability to do this.

Reasoning: With more and more L3 switches being used in home labs, retail branches, etc. many users want to have internal subnet routing for the same security tier on the L3 switch instead opnsense. It provides higher speed capabilities, building out a 10gig+ capable opnsense system can be costly compared to cheap L3 switches that are available.

Because DHCP services are still required, it'd be ideal for opnsense to still host that vs having to run a separate system with DHCP services.

To clarify this topology, this means that the vlan interface (SVI in Cisco speak) is built on the layer 3 switch and then DHCP relay is used to direct the request to the DHCP server. Opnsense doesn't see the vlan, there is a routed link established between the L3 switch and opnsense.. Routing could be static routes, or using FRR with OSPF or BGP.

buckweet1980 avatar May 28 '25 14:05 buckweet1980

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

OPNsense-bot avatar May 28 '25 15:05 OPNsense-bot

A dhcp range can be defined with a freely chosen start and end address. That is the only requirement in the GUI.

Monviech avatar May 28 '25 16:05 Monviech

I was able to make this work using tags and such, however one thing that is missing is the subnet size declaration within the range. By default dnsmasq pulls its from the network interface, when that fails it uses the ipv4 classful ranges..

As I don't this request will go anywhere, I put in another request to get the subnet size declaration added.. That should be an easy add I'd hope? I was able to make dnsmasq work using custom files, putting my ranges in that custom file.

https://github.com/opnsense/core/issues/8924

buckweet1980 avatar Jul 09 '25 14:07 buckweet1980