1.\" $OpenBSD: dhcrelay.8,v 1.16 2017/02/15 19:36:24 krw Exp $ 2.\" 3.\" Copyright (c) 1997 The Internet Software Consortium. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of The Internet Software Consortium nor the names 16.\" of its contributors may be used to endorse or promote products derived 17.\" from this software without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND 20.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 21.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 22.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23.\" DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR 24.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 27.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 28.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31.\" SUCH DAMAGE. 32.\" 33.\" This software has been written for the Internet Software Consortium 34.\" by Ted Lemon <mellon@fugue.com> in cooperation with Vixie 35.\" Enterprises. To learn more about the Internet Software Consortium, 36.\" see ``http://www.isc.org/isc''. To learn more about Vixie 37.\" Enterprises, see ``http://www.vix.com''. 38.\" 39.Dd $Mdocdate: February 15 2017 $ 40.Dt DHCRELAY 8 41.Os 42.Sh NAME 43.Nm dhcrelay 44.Nd Dynamic Host Configuration Protocol relay agent 45.Sh SYNOPSIS 46.Nm 47.Op Fl dor 48.Op Fl C Ar circuit-id 49.Op Fl R Ar remote-id 50.Fl i Ar interface 51.Ar destination ... 52.Sh DESCRIPTION 53The 54.Nm 55utility provides a means for relaying DHCP and BOOTP requests from a subnet 56to which no DHCP server is directly connected to one or more DHCP servers on 57other subnets. 58.Pp 59.Nm 60listens for DHCP requests on a given interface. 61When a query is received, 62.Nm 63forwards it to the list of DHCP destinations specified on the command line. 64When a reply is received, it is broadcast or unicast on the network from 65whence the original request came. 66.Pp 67The server might be a name, address or interface. 68.Nm 69will operate in layer 2 mode when the specified servers are interfaces, 70otherwise it will operate in layer 3 mode. 71.Pp 72The name of at least one DHCP server to which DHCP and BOOTP requests 73should be relayed, 74as well as the name of the network interface that 75.Nm 76should attempt to configure, 77must be specified on the command line. 78.Pp 79.Nm 80supports relaying of DHCP traffic to configure IPsec tunnel mode 81clients when listening on the 82.Xr enc 4 83interface using layer 3 mode only. 84The DHCP server has to support RFC 3046 to echo back the relay agent 85information to allow stateless DHCP reply to IPsec tunnel mapping. 86.Pp 87The options are as follows: 88.Bl -tag -width Ds 89.It Fl C Ar circuit-id 90The 91.Ar circuit-id 92relay agent information sub-option value that 93.Nm 94should append on relayed packets. 95If this option is not specified it will use the interface number by default. 96.It Fl d 97Do not daemonize. 98If this option is specified, 99.Nm 100will run in the foreground and log to 101.Em stderr . 102.It Fl i Ar interface 103The name of the network interface that 104.Nm 105should attempt to configure. 106For layer 3 mode at least one IPv4 address has to be configured on this 107interface. 108.It Fl o 109Add the relay agent information option. 110By default, this is only enabled for the 111.Xr enc 4 112interface. 113.It Fl R Ar remote-id 114The 115.Ar remote-id 116relay agent information sub-option value that 117.Nm 118should append on relayed packets. 119If this option is not specified it will use the destination address by default. 120.It Fl r 121Replace incoming Relay Agent Information with the one configured. 122.El 123.Sh SEE ALSO 124.Xr dhclient 8 , 125.Xr dhcpd 8 126.Sh STANDARDS 127.Rs 128.%A R. Droms 129.%D March 1997 130.%R RFC 2131 131.%T Dynamic Host Configuration Protocol 132.Re 133.Pp 134.Rs 135.%A S. Alexander 136.%A R. Droms 137.%D March 1997 138.%R RFC 2132 139.%T DHCP Options and BOOTP Vendor Extensions 140.Re 141.Pp 142.Rs 143.%A M. Patrick 144.%D January 2001 145.%R RFC 3046 146.%T DHCP Relay Agent Information Option 147.Re 148.Pp 149.Rs 150.%A B. Patel 151.%A B. Aboba 152.%A S. Kelly 153.%A V. Gupta 154.%D January 2003 155.%R RFC 3456 156.%T Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode 157.Re 158.Sh AUTHORS 159.An -nosplit 160.Nm 161was written by 162.An Ted Lemon Aq Mt mellon@fugue.com . 163.Pp 164The current implementation was reworked by 165.An Henning Brauer Aq Mt henning@openbsd.org . 166.Sh BUGS 167Relayed DHCP traffic could actually safely be protected by IPsec but, 168like 169.Xr dhcpd 8 170and 171.Xr dhclient 8 , 172.Nm 173will bypass IPsec for all its traffic. 174