Clients and unkown DHCP Address

This is where we can discuss what we would like to see added or changed in OpenVPN.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
duckie
OpenVpn Newbie
Posts: 4
Joined: Thu Jul 04, 2019 11:50 am

Clients and unkown DHCP Address

Post by duckie » Fri Jul 05, 2019 2:54 pm

It would be nice if the client side can have a setting to automatically update the server with its subnet routes on connecting instead of the server having to put the route in manually on the server side. Even if the setting is required to be put manually in the config by the user.

This is why it would be nice. I am setting up what we call a drone device that I send to customers that will connect back to my server. I don't want to keep having to reconfigure the server with 20 different subnets that the server can route too. These are pass through NAT devices.
I am basically trying to turn OpenVPN into a site-to-site VPN like a pair of routers would do this with dynamic IP's.

Tech support said it wasn't secure but that makes no sense. As the server side, if I can manually put the clients' subnet info under the VPN gateway config and access the client's network then what's the difference if the client device has a setting that automatically updates that info for me in the server on connect?

Thank you kindly.
Best Regards

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Clients and unkown DHCP Address

Post by TinCanTech » Fri Jul 05, 2019 3:09 pm

duckie wrote:
Fri Jul 05, 2019 2:54 pm
It would be nice if the client side can have a setting to automatically update the server with its subnet routes on connecting instead of the server having to put the route in manually on the server side
That is simply not how openvpn works.

On top of the routes there also needs to be --iroute

duckie
OpenVpn Newbie
Posts: 4
Joined: Thu Jul 04, 2019 11:50 am

Re: Clients and unkown DHCP Address

Post by duckie » Fri Jul 05, 2019 4:09 pm

TinCanTech wrote:
Fri Jul 05, 2019 3:09 pm
duckie wrote:
Fri Jul 05, 2019 2:54 pm
It would be nice if the client side can have a setting to automatically update the server with its subnet routes on connecting instead of the server having to put the route in manually on the server side
That is simply not how openvpn works.

On top of the routes there also needs to be --iroute
This is why I put in the wishlist. If OpenVPN doesn't work like this then why is there an "Allow client to act as VPN gateway
for these client-side subnets:" in the user configuration? So why not put another option "Allow the client to update its subnet to the server on connet to act as VPN gateway for these client-side-subnets" so you don't have to do it manually every time the internal subnet changes?

Furthermore. This is a common Site-to-Site VPN function with most site to site plattforms. If OpenVPN claims to have a Site-to-Site functionality then this wouldn't seem too far outside of the scope of purpose.

I guess I can write a post-connect script to connect to the server after connection and add the routes manually to the server but this just seems to be a mess to do.

Thanks for replying..

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Clients and unkown DHCP Address

Post by TinCanTech » Fri Jul 05, 2019 4:48 pm

The developers of openvpn are volunteers, so if you want this wish then write us a patch for the source code and offer to maintain the code for the foreseeable future and if it passes muster maybe it will be added. Otherwise, it is (very likely) not going to happen.


There may be ways you could craft this yourself using scripts in openvpn.

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Clients and unkown DHCP Address

Post by Pippin » Fri Jul 05, 2019 4:52 pm

"Allow client to act as VPN gateway for these client-side subnets:"
Where do you see that?

You have some misunderstandings it seems.

Anyway, for a good GUI search "Netgate pfSense"

duckie
OpenVpn Newbie
Posts: 4
Joined: Thu Jul 04, 2019 11:50 am

Re: Clients and unkown DHCP Address

Post by duckie » Fri Jul 05, 2019 5:11 pm

TinCanTech wrote:
Fri Jul 05, 2019 4:48 pm
The developers of openvpn are volunteers, so if you want this wish then write us a patch for the source code and offer to maintain the code for the foreseeable future and if it passes muster maybe it will be added. Otherwise, it is (very likely) not going to happen.


There may be ways you could craft this yourself using scripts in openvpn.
I didn't think about adding it into the code. That's a good idea. If it doesn't pass the mustard, I guess I can just use that branch myself privately.
I understand where you are coming from. Thank you for the suggestion.

Duck

duckie
OpenVpn Newbie
Posts: 4
Joined: Thu Jul 04, 2019 11:50 am

Re: Clients and unkown DHCP Address

Post by duckie » Fri Jul 05, 2019 5:17 pm

Pippin wrote:
Fri Jul 05, 2019 4:52 pm
"Allow client to act as VPN gateway for these client-side subnets:"
Where do you see that?

You have some misunderstandings it seems.

Anyway, for a good GUI search "Netgate pfSense"
Maybe I am not explaining correctly.
https://openvpn.net/vpn-server-resource ... in-detail/
Look for Configure VPN gateway.
It works great. You just enter the clients' subnet and then you can route to the whole network from the server side of the network. I am doing somewhat of a hybrid thing because the internal network will change as I move the client side around to other sites for temp access.

Thanks for the Netgate suggestion, I will check it out.

Cheers,

Post Reply