Question about tun/tap (remote DHCP addresses being handled

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
simon
OpenVpn Newbie
Posts: 10
Joined: Wed Aug 25, 2010 12:26 pm

Question about tun/tap (remote DHCP addresses being handled

Post by simon » Wed Aug 25, 2010 12:28 pm

I am using openvpn server on my network at home on an Ubuntu machine. I have the following server config:
mode server
tls-server
local 192.168.1.1
port 1194
proto udp
#bridging directive
dev tap0 ## If you need multiple tap devices, add them here
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
persist-key
persist-tun
#certificates and encryption
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
comp-lzo
#log and security
user nobody
group nogroup
keepalive 10 120
status /var/log/openvpn-status.log
verb 3

DHCP is being provided by the server 192.168.1.1 with a split pool using the tap mac address.

The client config is:
### Client configuration file for OpenVPN
# Specify that this is a client
client
# Bridge device setting
dev tap
#dev tun
# Host name and port for the server (default port is 1194)
# note: replace with the correct values your server set up
remote 123.123.123.123 1194
# Client does not need to bind to a specific local port
nobind
# Keep trying to resolve the host name of OpenVPN server.
## The windows GUI seems to dislike the following rule.
##You may need to comment it out.
resolv-retry infinite
# Preserve state across restarts
persist-key
persist-tun
# SSL/TLS parameters - files created previously
ca ca.crt
cert client.crt
key client.key
# Since we specified the tls-auth for server, we need it for the client
# note: 0 = server, 1 = client
tls-auth ta.key 1
# Specify same cipher as server
cipher BF-CBC
# Use compression
comp-lzo
# Log verbosity (to help if there are problems)
verb 3

Now I'm virtually certain (but not positive) that my DHCP server is handing out IP addresses to clients on the client LAN (from looking at the /var/log/syslog messages and the hostnames I don't recognise in bind). How can I ensure that the openvpn client is tunneling, rather than bridging whilst still using DHCP ?

cheers
Simon

huntly001
OpenVpn Newbie
Posts: 3
Joined: Mon Aug 30, 2010 11:45 am

Re: Question about tun/tap (remote DHCP addresses being hand

Post by huntly001 » Wed Sep 08, 2010 9:19 am

Hi Simon,
I'm sorry i don't have an answer for you query, however i reckon you may be able to answer mine...
i hope i'm not breaking any forum rules, however my post is at
viewtopic.php?f=6&t=7069&sid=db8375053d ... 0061fdcdac
would you mind having a gander and letting me know if what i'm trying to accomplish is what's in your setup?
cheers
never put off till tomorrow that which you can put off indefinitely

Post Reply