Question about tun/tap (remote DHCP addresses being handled

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
OpenVPN User
Posts: 10
Joined: Wed Aug 25, 2010 12:26 pm

Question about tun/tap (remote DHCP addresses being handled

Post by simon » Wed Aug 25, 2010 12:28 pm

I am using openvpn server on my network at home on an Ubuntu machine. I have the following server config:
mode server
port 1194
proto udp
#bridging directive
dev tap0 ## If you need multiple tap devices, add them here
up "/etc/openvpn/ br0"
down "/etc/openvpn/ br0"
#certificates and encryption
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
#log and security
user nobody
group nogroup
keepalive 10 120
status /var/log/openvpn-status.log
verb 3

DHCP is being provided by the server with a split pool using the tap mac address.

The client config is:
### Client configuration file for OpenVPN
# Specify that this is a client
# Bridge device setting
dev tap
#dev tun
# Host name and port for the server (default port is 1194)
# note: replace with the correct values your server set up
remote 1194
# Client does not need to bind to a specific local port
# Keep trying to resolve the host name of OpenVPN server.
## The windows GUI seems to dislike the following rule.
##You may need to comment it out.
resolv-retry infinite
# Preserve state across restarts
# SSL/TLS parameters - files created previously
ca ca.crt
cert client.crt
key client.key
# Since we specified the tls-auth for server, we need it for the client
# note: 0 = server, 1 = client
tls-auth ta.key 1
# Specify same cipher as server
cipher BF-CBC
# Use compression
# Log verbosity (to help if there are problems)
verb 3

Now I'm virtually certain (but not positive) that my DHCP server is handing out IP addresses to clients on the client LAN (from looking at the /var/log/syslog messages and the hostnames I don't recognise in bind). How can I ensure that the openvpn client is tunneling, rather than bridging whilst still using DHCP ?


OpenVpn Newbie
Posts: 3
Joined: Mon Aug 30, 2010 11:45 am

Re: Question about tun/tap (remote DHCP addresses being hand

Post by huntly001 » Wed Sep 08, 2010 9:19 am

Hi Simon,
I'm sorry i don't have an answer for you query, however i reckon you may be able to answer mine...
i hope i'm not breaking any forum rules, however my post is at
viewtopic.php?f=6&t=7069&sid=db8375053d ... 0061fdcdac
would you mind having a gander and letting me know if what i'm trying to accomplish is what's in your setup?
never put off till tomorrow that which you can put off indefinitely

Post Reply