Today I wanted to share a bug I had with some Juniper SRX-100 model and newer, when with the SSG5 it was ok.
The bug appear on the terminal when they boot on a remote subnet (DHCP relay), the DHCP take time to deliever them an IP from the DHCP relay. The problem does not appear in the local subnet where the DHCP server is. The problem appear only on newer tunnel with the Juniper.
After a *lot* of research I found out that the newest JunosOS does not handle correctly custom DHCP’s option when the relay happen…
For reference all the possible option. The important’s one in my case is the 161
The terminal were getting the IP of the server where the root configuration is, where the root configuration to pre-configure the terminal with all my RDS’s option.
The problem found was the Juniper don’t handle correctly an IP into that field, like if the ftp server is named CENTRAL_FTP with the IP 192.168.1.50, then you must use the short DNS’s name, not the full FQDN.
In my case I changed the DHCP option from 192.168.1.50 to CENTRAL_FTP and maked sure the DNS option was set correctly, and voila, the DHCP’s option started to work flawlessly via my VPN tunnel with the Juniper !
Strange bug it’s, but kinda why I share it, took time to find that culprit !