New Member
Posts: 4
Registered: ‎07-06-2014

DHCP Relay with upstream behind TUN interface

Hi there,


I am trying to implement DHCP relay on ER-X in a setup in which the DHCP downstream (LAN) interface is a VLAN on switch0 and the upstream server is behind overlay VPN on tun interface. However I came to understanding, that tun devices are not supported by dhcrelay3 used in background by EdgeOS/Vyatta.


Here is the relevant part of the configuration.


 switch switch0 {
     address X.Y.Z.1/24
     address X:Y:Z:W::1/64
     ipv6 {
         dup-addr-detect-transmits 1
         router-advert {
             cur-hop-limit 64
             link-mtu 0
             managed-flag false
             max-interval 600
             other-config-flag false
             prefix X:Y:Z:W::/64 {
                 autonomous-flag true
                 on-link-flag true
                 valid-lifetime 2592000
             reachable-time 0
             retrans-timer 0
             send-advert true
     mtu 1500
     switch-port {
         interface eth0 {
         interface eth2 {
         interface eth3 {
         interface eth4 {
         vlan-aware disable
     vif 50 {
         address X.Y.Z.W/27
         description ........
         firewall {
         mtu 1500

tunnel tun10 {
address X.Y.Z.W/30
description .....
encapsulation gre
local-ip X.Y.Z.W
mtu 1414
multicast enable
remote-ip X.Y.Z.W
ttl 255
} dhcp-relay { interface switch0.50 interface tun10 relay-options { relay-agents-packets forward } server X.Y.Z.W }


However I have seen on my Cisco-based DHCP server that with this setup we received no DHCPDISCOVERs. After removing the tun interface from the setup, the DHCPDISCOVERs are delivered to DHCP server and DHCP server sends DHCPOFFERs - which don't seem to reach the destination - this may be related to the requirement of inserting the upstream interface in the interface list of DHCP relay config.


Trying this manually:

/usr/sbin/dhcrelay3 -d -i switch0.50 -i tun10 -c 10 -A 576 -m forward -a X.Y.Z.W


kills me off with message:


Internet Systems Consortium DHCP Relay Agent 4.1-ESV-R7
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit
Unsupported device type 778 for "tun10"

I also tried creating a bridge interface and attaching a /32 address on it, getting it in the routing process so the DHCP server knew the address and adding that as a interface to the DHCP relay configuration. No success - still no replies from DHCP server arriving at the DHCP client.


When run manually, the DHCP relay agent logs it forwards the packets from the client to the server, but no replies are seen in the debug output.


Any workarounds or actual solutions? Any plans on working on this issue in further releases?

Veteran Member
Posts: 5,530
Registered: ‎03-24-2016
Kudos: 1481
Solutions: 632

Re: DHCP Relay with upstream behind TUN interface

Seems like the problem is in upstream iscdhcp


Workaround: On test bench I was succesfull with using dnsmasq build-in relay (I was at 1.9.1)

But when trying it in real life, it also failed.   I ended up with another device on LAN doing the relay

New Member
Posts: 6
Registered: ‎12-09-2014

Re: DHCP Relay with upstream behind TUN interface

@UBNT-afomins: As I had waste a lot of my time to figure this out, do you think it would be possible, to manage such situations (dhcp-relay through tunnel interface) in a future release?


Thank you very much.