I have a server with both OpenVPN and a DHCP server installed on it. I want my DHCP server to deliver an IP address to every VPN client on my subnet.
I've read some documentation online, and tried to make the simplest configuration file possible to begin with:
Server config
tls-server
proto udp
port 1194
dev tap0
server-bridge
remote-cert-tls client
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
persist-key
persist-tun
keepalive 10 60
verb 5
daemon
status /var/log/openvpn-status.log
log-append /var/log/openvpn-log.log
proto udp
port 1194
dev tap0
server-bridge
remote-cert-tls client
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
persist-key
persist-tun
keepalive 10 60
verb 5
daemon
status /var/log/openvpn-status.log
log-append /var/log/openvpn-log.log
But no tap0 interface is created on my server. With a fixed-IP setting, without the tls-server setting and using "server 10.0.1.0 255.255.255.0" instead of an empty "server-bridge" setting, I do have a tap0 device and the ping between my client and my server works in both directions.
Needless to say the logs shows everything is going fine:
Log file
Mon Feb 19 13:12:00 2018 us=136004 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Mon Feb 19 13:12:00 2018 us=136024 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Mon Feb 19 13:12:00 2018 us=138510 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Feb 19 13:12:00 2018 us=138999 Diffie-Hellman initialized with 2048 bit key
Mon Feb 19 13:12:00 2018 us=139577 TLS-Auth MTU parms [ L:1653 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Feb 19 13:12:00 2018 us=140476 TUN/TAP device tap0 opened
Mon Feb 19 13:12:00 2018 us=140505 TUN/TAP TX queue length set to 100
Mon Feb 19 13:12:00 2018 us=140532 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
Mon Feb 19 13:12:00 2018 us=140543 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Feb 19 13:12:00 2018 us=140561 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Feb 19 13:12:00 2018 us=140581 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Feb 19 13:12:00 2018 us=140591 UDPv4 link remote: [AF_UNSPEC]
Mon Feb 19 13:12:00 2018 us=140601 MULTI: multi_init called, r=256 v=256
Mon Feb 19 13:12:00 2018 us=140652 Initialization Sequence Completed
Mon Feb 19 13:12:00 2018 us=136024 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Mon Feb 19 13:12:00 2018 us=138510 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Feb 19 13:12:00 2018 us=138999 Diffie-Hellman initialized with 2048 bit key
Mon Feb 19 13:12:00 2018 us=139577 TLS-Auth MTU parms [ L:1653 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Feb 19 13:12:00 2018 us=140476 TUN/TAP device tap0 opened
Mon Feb 19 13:12:00 2018 us=140505 TUN/TAP TX queue length set to 100
Mon Feb 19 13:12:00 2018 us=140532 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
Mon Feb 19 13:12:00 2018 us=140543 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Feb 19 13:12:00 2018 us=140561 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Feb 19 13:12:00 2018 us=140581 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Feb 19 13:12:00 2018 us=140591 UDPv4 link remote: [AF_UNSPEC]
Mon Feb 19 13:12:00 2018 us=140601 MULTI: multi_init called, r=256 v=256
Mon Feb 19 13:12:00 2018 us=140652 Initialization Sequence Completed
Any insights of what is missing in my configuration ?
Regards,