DHCP client Option 60 on WAN Interfaces (for IPTV in Singapore)
In singapore the IPTV Services requires DHCP Option 60 to be a specific string before the DHCP Server assigns an IP Address.
With an option to send a DHCP Option 60 together with the DHCP Discover packet would be great to have, to enable the XG Firewall to get an IP Address form the ISP's DHCP for IPTV
Any news in this topic?
also for Fastweb in Italy option 60 must be sent (in addition to the mac address of the original modem) to be able to connect to FTTH withoiut ISP's modem.
I cannot think of a good reason, why Sophos should not let users to configure DHCP options on the WAN client interface. As Andy commented below, the tool that the Sophos XG uses for requesting an IP on the WAN interface supports to send the DCHP Option 60. (see: option -V). This missing feature prevents most users from using a simple WAN setup using the XG as (the only) firewall/router without the router from the ISP.
This feature is also needed for Swisscom (most important ISP in Switzerland).
The DHCP distribution is made only if the DHCP Option 60 are sended on the client side (Vendor Class ID 100008,0001).
Without this option it is not possible to connect the XG Firewall through a router in bridge mode.
Andy Neillans commented
It's really frustrating that this has not been done. The underlying system, udhcp, is easily capable of handling this request - all Sophos devs need to do is expose the ability to set Option 60 and 61 values :/
BusyBox v1.21.1 (2017-11-13 09:04:04 UTC) multi-call binary.
Usage: udhcpc [-fbnqvoCRB] [-i IFACE] [-r IP] [-s PROG] [-p PIDFILE]
[-V VENDOR] [-x OPT:VAL]... [-O OPT]...
-i,--interface IFACE Interface to use (default eth0)
-p,--pidfile FILE Create pidfile
-s,--script PROG Run PROG at DHCP events (default /scripts/dhclient.sh)
-B,--broadcast Request broadcast replies
-t,--retries N Send up to N discover packets
-T,--timeout N Pause between packets (default 3 seconds)
-A,--tryagain N Wait N seconds after failure (default 20)
-f,--foreground Run in foreground
-b,--background Background if lease is not obtained
-n,--now Exit if lease is not obtained
-q,--quit Exit after obtaining lease
-R,--release Release IP on exit
-S,--syslog Log to syslog too
-a,--arping Use arping to validate offered address
-O,--request-option OPT Request option OPT from server (cumulative)
-o,--no-default-options Don't request any options (unless -O is given)
-r,--request IP Request this IP address
-x OPT:VAL Include option OPT in sent packets (cumulative)
Examples of string, numeric, and hex byte opts:
-x hostname:bbox - option 12
-x lease:3600 - option 51 (lease time)
-x 0x3d:0100BEEFC0FFEE - option 61 (client id)
-F,--fqdn NAME Ask server to update DNS mapping for NAME
-V,--vendorclass VENDOR Vendor identifier (default 'udhcp VERSION')
-C,--clientid-none Don't send MAC as client identifier
USR1 Renew lease
USR2 Release lease
This is also required for any Sky VDSL connections in the UK, would be very useful.