[SOLVED] Client has no ip addressed assigned

[hudony]

Hi,

I'm using bridged openvpn server and the openvpn 'dhcp' emulation (server-bridge instruction in my server.conf) to assign ip addresses to my clients. When I connect to it, I see no errrors in logs and everthing seems to be fine. However, the tap0 interface on the client side has no ip address assigned.

If I set up one manually using ifconfig, it works fine and I can browser my local network.

Any idea anyone?

[janjust]

this is "by design" : server-bridge + remote DHCP has the side effect that the openvpn client does not bring up the tap0 interface by itself - this is left to the OS; on windows this is done automagically, on linux you need to run something like 'dhclient tap0' ; this can be added to the client config using

Code: Select all

script-security 2
up /sbin/dhclient tap0

[hudony]

Thanks for the answer.

So I can only, if using linux, get an ip from my dhcp server so not from the range defined in the server-bridge instruction?

[janjust]

whoops I may have misread you:

if you use

Code: Select all

server-bridge 10.8.0.1 255.255.255.0 10.8.0.100 10.8.0.200

or something similar then the VPN client Is assigned an address from the 'server-bridge' address pool.

[hudony]

Weird :

I have server-bridge

Code: Select all

172.16.0.1 255.255.255.0 172.16.0.90 172.16.0.99

in my server.conf but as I said, I got no ip. When I do

Code: Select all

dhclient tap0

, I receive one but I guess it then comes from the real dhcp server not the openvpn server ip pool.

[Mimiko]

Will be interesting to see client log with verb 3 where it must ask for ip.

[hudony]

Here is a pastebin :

http://pastebin.com/MhrUhwiF

Note that I did ctrl+c at the end.

[Mimiko]

After using dhclient what ip does tap0 get?

Did you check the firewall on server, may be it blocks input or output packets on bridge for tap end.

[hudony]

I receive 172.16.0.241 so obviously not coming from the openvpn pool.

Ya, i used iptables but I was sure everything was correctly set up :

Not that all INPUT and FORWARD are dropped by default :


#OPENVPN
iptables -A INPUT -i $EXTERNAL_INT -m state --state NEW,ESTABLISHED,RELATED -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
iptables -A FORWARD -i $EXTERNAL_INT -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT

[Mimiko]

Interesting problem you have. Can you also check firewall on client for tun adapter?

Show complet server config, the log, the routing table, the interface configuration, and the output of iptables -L -n and iptables -L -t nat.

[hudony]

Iptables server : http://pastebin.com/qBehcw1b
IpTables client : http://pastebin.com/sfMamSky

server.conf : http://pastebin.com/ry2tesma
client.conf : http://pastebin.com/ExdzVnWj

server interfaces: http://pastebin.com/b0GLgqej
client interfaces: http://pastebin.com/LHicZf03

Thanks,

[janjust]

your client config contains only 'tls-client', not 'client' : the result is that settings from the server are not pulled in (which I also could not find in the cllient log).

Either use

Code: Select all

client

or add

Code: Select all

pull

to the client config file.

[hudony]

That did it!

Thank you guys for your fast answers. Now I'm getting an ip form the pool.