initramfs ipconfig vs networking dhclient DHCP request using different parameters

555 views Asked by At

I have a dropbear setup that allows me to remotely ssh and unlock the encrypted luks volumes holding the root filesystem. This involves first a DHCP request by initramfs to get an IP address, and later another DHCP request after the system has booted to configure auto network interfaces.

I'd like both these DHCP requests to either be identical, or have an identical client identifier, so that the interface will get assigned the same IP address whether requested by initramfs' ipconfig or networking's dhclient.

I am aware of man dhclient.conf(5) which allows me to specify what to send as part of the DHCP request, including the ``send dhcp-client-identifier = hardware;` option as referred to by this answer.

On the initramfs side, I've found that ip= variable can be configured to control the hostname and other parameters related to setting up the IP address.

From the referenced documentation, it is possible to tell ipconfig which dhcp identifier to use:

if dhcp is used, the client identifier can be used by following format "ip=dhcp,client-id-type,client-id-value"

However, I have tried several ip= options--including some that completely broke initramfs and required a significant recovery effort--, and:

  1. I can't find a way to assign the dhcp client identifier. I tried using ip=dhcp,01,<mac-address>, but this failed with an invalid proto error.
  2. I can't find a way to remove the vendor-identifer which is by default set to Linux ipconfig.

Looking for the relevant sources, I found https://git.kernel.org/pub/scm/libs/klibc/klibc.git/tree/usr/kinit/ipconfig/README.ipconfig from the debian package description of klibc-utils. This README no longer mentions the option to explicitly set the dhcp client identifier, and the source for parse_proto does not appear to handle the referenced format ip=dhcp,client-id-type,client-id-value. The vendor identifier appears to be set via a flag and not by the ip=... device spec, so there seems to be no way to influence either option from configuring iniramfs.conf.

How can I ensure that both DHCP requests before and after cryptroot unlocking have the same parameters?

2

There are 2 answers

0
ealfonso On

I found a way that appears to work by forcing dhclient to avoid sending a client identifier in the DHCP request. This was achieved by commenting out all the '# send' directives in dhclient.conf as well as setting client no for each interface managed by networking (/etc/network/interfaces*).

0
Oleg Golovanov On

I tried the full form of the IP parameter and it works.

echo -e "IP=::::$(hostname)::dhcp:::" | sudo tee /etc/initramfs-tools/conf.d/dropbear

Don't forget to update initramfs after these changes.