Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio Control 2 Lans 2 DHCPs...only one working
  •  
vcvbonsai

Messages: 11
Karma: 0
Send a private message to this user
Hi guys, im kinda of losing it...

I'veen working around this issue for over three weeks so far..
Got a Kerio Control server with 3 nics

LAN 1 - 192.168.10.x/24 - WiFi Protected
LAN 2 - 192.168.11.x/24 - WiFi Public
ADSL - x.x.x.x

I have two DHCP Scopes built for each range of IPS, but wheter a client hooks up through any WiFi, the DHCP assings always a 10.x IP...

I cant get it to work, I'veen reading that many users had this issue, but it couldnt find a solution to this...

any hint...
any clue...
anything!!!

will be compensated...from argentina!!!!
  •  
Goran

Messages: 332
Karma: 5
Send a private message to this user
I didn't try how windows DHCP work with two scopes. But you can turn off DHACP in Kerio and start windows DHCP, i use Windows DHCP and work good, but i didn't try Win DHCP with two scopes on different network card. Try and tell us Smile

Question cannot be stupid, but some of the answers can.
  •  
vcvbonsai

Messages: 11
Karma: 0
Send a private message to this user
Goran, thanks for your reply.
I cant use windows DHCP Server, company policies...
any workaround about this issue?

thanks again for your quick reply
cheers!!!
  •  
Goran

Messages: 332
Karma: 5
Send a private message to this user
  •  
vcvbonsai

Messages: 11
Karma: 0
Send a private message to this user
haha I admire your optimism but i cant do it...
they told me to stick to kerio...but i cant see a light at the end of this puzzle....
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Have you tried to contact our technical support?
Did you enable debugging in the logs?
  •  
vcvbonsai

Messages: 11
Karma: 0
Send a private message to this user
I've tried debuing logs, but the only thing that i see is the dhcp bindings to each ip range...the only solution i get is to manualy enable and disable the scopes each time i want to get it done...

it shouldnt be so hard...

if a request from an access point that travels in the 192.168.11.x range should be attend in the 192.168.11.x scope...i dont understand why the 192.168.10.x scope delivers ip...

plus the clients are shown duplicated in the dhcp leases tab...
  •  
Goran

Messages: 332
Karma: 5
Send a private message to this user
Ok i will do this then... (Or i will try)
In rules deny port 67 and 68 (DHCP ports) outgoing for NIC 192.168.11.x, and setup one more DHCP server for this network, OR,
in rules you can setup that DHCP port will be only allowed from your Server (host ip) NIC for 11.x and do the same thing for 10.x. but then you must separate LOCAL TRANSFER (firewall, NIC1) and (Firewall, NIC2) if you didn't maybe...

Sorry is hard to say but i think that must work try with that... Good luck

O and btw. on what version you have?
On 7.0.1 work great.

[Updated on: Thu, 14 October 2010 20:09]


Question cannot be stupid, but some of the answers can.
  •  
vcvbonsai

Messages: 11
Karma: 0
Send a private message to this user
Goran wrote on Thu, 14 October 2010 19:41
...in rules you can setup that DHCP port will be only allowed from your Server (host ip) NIC for 11.x and do the same thing for 10.x. but then you must separate LOCAL TRANSFER (firewall, NIC1) and (Firewall, NIC2) if you didn't maybe......


thanks for your support...but i didnt get the "seperate LOCAL TRANSFER"....could you give me a hint about that?

cheers!!
  •  
Goran

Messages: 332
Karma: 5
Send a private message to this user
Can be that i make picture little wrong, you will need to play with that little...

  • Attachment: Kerio.png
    (Size: 13.78KB, Downloaded 535 times)

Question cannot be stupid, but some of the answers can.
  •  
vcvbonsai

Messages: 11
Karma: 0
Send a private message to this user
Goran, i admire your patience about this...youre to me extremly helpefull....after your image I started to analyze and to realize that both nics can comunicate between them just for being in the "Trusted" segment...so I audit the DHCP trafic and this is what i got...


Quote:
[13/Oct/2010 19:40:50] PERMIT "DHCP WiFi 10.x" packet from AccessPoint 10.x, proto:UDP, len:328, ip/port:192.168.10.14:68 -> 192.168.10.253:67, udplen:300
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 10.x" packet from AccessPoint 10.x, proto:UDP, len:328, ip/port:0.0.0.0:68 -> 255.255.255.255:67, udplen:300
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 11.x" packet from AccessPoint 11.x, proto:UDP, len:328, ip/port:0.0.0.0:68 -> 255.255.255.255:67, udplen:300
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 10.x" packet from AccessPoint 10.x, proto:UDP, len:330, ip/port:192.168.10.253:67 -> 255.255.255.255:68, udplen:302
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 11.x" packet from AccessPoint 11.x, proto:UDP, len:330, ip/port:192.168.11.253:67 -> 255.255.255.255:68, udplen:302
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 11.x" packet from AccessPoint 11.x, proto:UDP, len:330, ip/port:192.168.10.253:67 -> 255.255.255.255:68, udplen:302
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 10.x" packet from AccessPoint 10.x, proto:UDP, len:330, ip/port:192.168.11.253:67 -> 255.255.255.255:68, udplen:302
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 10.x" packet from AccessPoint 10.x, proto:UDP, len:367, ip/port:0.0.0.0:68 -> 255.255.255.255:67, udplen:339
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 11.x" packet from AccessPoint 11.x, proto:UDP, len:367, ip/port:0.0.0.0:68 -> 255.255.255.255:67, udplen:339
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 10.x" packet from AccessPoint 10.x, proto:UDP, len:330, ip/port:192.168.10.253:67 -> 255.255.255.255:68, udplen:302
[13/Oct/2010 19:40:59] PERMIT "DHCP WiFi 11.x" packet from AccessPoint 11.x, proto:UDP, len:330, ip/port:192.168.10.253:67 -> 255.255.255.255:68, udplen:302


it seems that the DHCP handle both request at the same time...

hahah
i think im gonna be a budist monk after this..
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Which means either that both NIC1 and NIC2 are not physically separated (on IP level) or the client is connected to both access points. In both cases it is a network topology problem in your network.

BTW: Still no need t to contact our technical support? I wonder why.
  •  
Goran

Messages: 332
Karma: 5
Send a private message to this user
Ha ha ha ha LOL
Then go on version 7.0.1 ther you can separate DHC scopes (how i see)

Question cannot be stupid, but some of the answers can.
  •  
vcvbonsai

Messages: 11
Karma: 0
Send a private message to this user
Kerio_pdobry wrote on Fri, 15 October 2010 21:36
...
BTW: Still no need t to contact our technical support? I wonder why.



Now I see why the only things that sucks from kerio is the support...

If i'am in a thread asking for a solution...dont you think that the technical support didnt have a clue about this?...they spent 3 weeks..i the only reply i got was...WE DONT KNOW..

so please, if youre not going to help...please avoid posting in this thread...

technical support
Rolling Eyes

anyway...i migrate to Win2k8...and problem solve...same TCP settings...i think that kerio is great but needs greater config systems...

still i want to get the kerio workin...so any ideas will be great!

styson

Messages: 29
Karma: 0
Send a private message to this user
vcvbonsai - I don't have an answer to your problem but these are user forums. AFAIK, they are not official support forums but community based support forums. If you want support direct from Kerio, go here: http://www.kerio.com/support. You submit tickets and/or call them. IF you do that, they will get back to you quickly. At least they have for me.
Previous Topic: Botnet
Next Topic: Don't show users on Kerio Star
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 19:38:47 CET 2017

Total time taken to generate the page: 0.00523 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.