OPNsense dnsmasq + UniFi adoption (option 43)
OPNsense dnsmasq + UniFi adoption: Howto implement option 43 in DHCP
Introduction
OPNsense is going to remove ISC DHCP from the core packages and I found myself forced to switch. The choice between Kea DHCP and dnsmasq was easy enough for my home network, read about it in this article in OPNsense docs. There are a lot of places where you can find how to implement option 43 in DHCP, to facilitate new UniFi devices can be found on the controller automatically when the controller is not on the same subnet/VLAN as the subnet/VLAN where you put your switches and AP’s. Unfortunately, none that tell you how to do it in OPNsense in combination with dnsmasq (at least I didn’t find it). Note: This only works with IPv4.
Steps
1. Convert IP address of controller to HEX value
Take a note of the IP address of your controller and go to this website. Put in the IP(v4) address, for instance 172.16.30.3, and convert it. In this example you will get: AC.10.1E.03.
2. Adjust HEX value
The periods have to be converted to colons, so in this example you will get: AC:10:1E:03. Now, put 01:04: in front of this value, so in this example you will get: 01:04:AC:10:1E:03 as end result
3. Make a DHCP tag in OPNsense
Now in OPNsense go to: Services-Dnsmasq DNS & DHCP-DHCP tags and press the + to add a value. You can name it anything you like, but it should match with the next steps.
| Tag | ubntdevice |
|---|
4. Make a DHCP “Match” rule
Now in OPNsense go to: Services-Dnsmasq DNS & DHCP-DHCP options and press the + to add a value. The “Value” must be “ubnt”, do not change this.
| Type | Match |
|---|---|
| Option | vendor-class [60] |
| Option6 | none |
| Tag [set] | ubntdevice |
| Value | ubnt |
| Description | IPv4 UniFi Adoption Match |
5. Make a DHCP “Set” rule
Now in OPNsense go (again) to: Services-Dnsmasq DNS & DHCP-DHCP options and press the + to add a value. The Interface is the interface where the DHCP request is sent from, so where you add your to-be-adopted device. The “Value” is the HEX value you calculated in steps 1 and 2. This rule sets the value to be sent to the client that matched in the previous step (4).
| Type | Set |
|---|---|
| Option | vendor specific [43] |
| Option6 | none |
| Interface | [Interface UniFi device] |
| Tag | ubntdevice |
| Value | [HEX value] |
| Force | Leave unchecked |
| Description | IPv4 UniFi Adoption Set |
Apply and you are good to go! When you plug in a new UniFi device on a different subnet than your controller, you should see it ready to be adopted on the controller.
