I have a dropbear setup that allows me to remotely ssh and unlock the encrypted luks volumes holding the root filesystem. This involves first a DHCP request by initramfs to get an IP address, and later another DHCP request after the system has booted to configure auto
network interfaces.
I'd like both these DHCP requests to either be identical, or have an identical client identifier, so that the interface will get assigned the same IP address whether requested by initramfs' ipconfig or networking's dhclient.
I am aware of man dhclient.conf(5)
which allows me to specify what to send as part of the DHCP request, including the ``send dhcp-client-identifier = hardware;` option as referred to by this answer.
On the initramfs side, I've found that ip=
variable can be configured to control the hostname and other parameters related to setting up the IP address.
From the referenced documentation, it is possible to tell ipconfig which dhcp identifier to use:
if dhcp is used, the client identifier can be used by following format "ip=dhcp,client-id-type,client-id-value"
However, I have tried several ip=
options--including some that completely broke initramfs and required a significant recovery effort--, and:
- I can't find a way to assign the dhcp client identifier. I tried using
ip=dhcp,01,<mac-address>
, but this failed with aninvalid proto
error. - I can't find a way to remove the
vendor-identifer
which is by default set toLinux ipconfig
.
Looking for the relevant sources, I found https://git.kernel.org/pub/scm/libs/klibc/klibc.git/tree/usr/kinit/ipconfig/README.ipconfig from the debian package description of klibc-utils. This README no longer mentions the option to explicitly set the dhcp client identifier, and the source for parse_proto
does not appear to handle the referenced format ip=dhcp,client-id-type,client-id-value
. The vendor identifier appears to be set via a flag and not by the ip=...
device spec, so there seems to be no way to influence either option from configuring iniramfs.conf
.
How can I ensure that both DHCP requests before and after cryptroot unlocking have the same parameters?
I found a way that appears to work by forcing dhclient to avoid sending a client identifier in the DHCP request. This was achieved by commenting out all the '# send' directives in dhclient.conf as well as setting
client no
for each interface managed by networking (/etc/network/interfaces*).