I decided to post here about an issue I was not the same to encounter (https://bugs.launchpad.net/ubuntu/+sour ... ug/1193614).
Indeed, with an OpenVPN bridged linux server, a linux OpenVPN client doesn't manage to acquire an IP address for the tap interface from the DHCP server located on the VPN server.
However, it is working on Windows?!
Furthermore, trying to make the dhcp request manually as an up script launched by OpenVPN doesn't work, whereas the same script, launched after the "Initialization Sequence Completed" manages to acquire the address lease.
The server is deployed on a debian with OpenVPN 2.3.8 with a bridged configuration to allow clients to send the traffic through the VPN.
Code: Select all
#Server configuration.
local 192.168.50.2
dev tap0
proto udp
port 1194
persist-key
persist-tun
keepalive 10 120
#Cryptographic & compression informations.
ca ca.crt
cert OpenVPN-Server.crt
key OpenVPN-Server.key
dh dh1024.pem
tls-auth ta.key 0
cipher AES-128-CBC
comp-lzo
#Bridge, dhcp & gateway.
server-bridge nogw
push "route-gateway 192.168.50.1"
script-security 3 system
up ./scripts/bridge-start2
down-pre ip link set tap0 nomaster
down ./scripts/bridge-stop2
#Logs.
status /etc/openvpn/openvpn-status_server-bridge2.log
log /etc/openvpn/openvpn_server-bridge2.log
verb 1
Code: Select all
#The bridge-start2 script
ip address flush dev eth0
ip link set dev eth0 promisc on
ip link set dev tap0 promisc on
ip link add name br0 type bridge
ip link set dev br0 up
ip link set dev eth0 master br0
ip link set dev tap0 master br0
ip addr add dev br0 192.168.50.2/24
ip route add default via 192.168.50.1Code: Select all
#The bridge-stop2 script
ip link set dev eth0 nomaster
ip link delete br0
ip link set dev eth0 promisc off
ifdown eth0
ifup eth0Code: Select all
#The /etc/network/interfaces file
auto lo eth0
iface lo inet loopback
iface eth0 inet static
address 192.168.50.2
network 192.168.50.0
netmask 255.255.255.0
broadcast 192.168.50.255
gateway 192.168.50.1Code: Select all
client
dev tap0
proto udp
remote webanck.no-ip.biz 1194
resolv-retry infinite
nobind
redirect-gateway def1
persist-key
persist-tun
#mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 3
mute 20
<ca>
-----BEGIN CERTIFICATE-----
#[...]
Code: Select all
#[...]
Tue Oct 27 16:31:44 2015 [OpenVPN-Server] Peer Connection Initiated with [AF_INET]<remote_IP>:1194
Tue Oct 27 16:31:46 2015 SENT CONTROL [OpenVPN-Server]: 'PUSH_REQUEST' (status=1)
Tue Oct 27 16:31:46 2015 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.50.1,ping 10,ping-restart 120'
Tue Oct 27 16:31:46 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Oct 27 16:31:46 2015 OPTIONS IMPORT: route-related options modified
Tue Oct 27 16:31:46 2015 ROUTE_GATEWAY <client_gateway_IP>/255.255.254.0 IFACE=eth0 HWADDR=00:23:55:7c:73:92
Tue Oct 27 16:31:46 2015 TUN/TAP device tap0 opened
Tue Oct 27 16:31:46 2015 TUN/TAP TX queue length set to 100
Tue Oct 27 16:31:46 2015 /sbin/ip route add <remote_IP>/32 via <client_gateway_IP>
Tue Oct 27 16:31:46 2015 /sbin/ip route add 0.0.0.0/1 via 192.168.50.1
RTNETLINK answers: Network is unreachable
Tue Oct 27 16:31:46 2015 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Oct 27 16:31:46 2015 /sbin/ip route add 128.0.0.0/1 via 192.168.50.1
RTNETLINK answers: Network is unreachable
Tue Oct 27 16:31:46 2015 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Oct 27 16:31:46 2015 Initialization Sequence CompletedCode: Select all
#!/bin/sh
sudo /sbin/ip address add 192.168.50.2/24 dev tap0
sudo /sbin/dhclient -v tap0
sudo /sbin/ip route add 0.0.0.0/1 via 192.168.50.1
sudo /sbin/ip route add 128.0.0.0/1 via 192.168.50.1Code: Select all
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/tap0/fa:3c:d7:73:ed:e4
Sending on LPF/tap0/fa:3c:d7:73:ed:e4
Sending on Socket/fallback
DHCPREQUEST of 192.168.50.123 on tap0 to 255.255.255.255 port 67 (xid=0x1c735ddf)
DHCPNAK from 192.168.50.2 (xid=0xdf5d731c)
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 3 (xid=0xd1c83119)
DHCPREQUEST of 192.168.50.143 on tap0 to 255.255.255.255 port 67 (xid=0x1931c8d1)
DHCPOFFER of 192.168.50.143 from 192.168.50.2
DHCPACK of 192.168.50.143 from 192.168.50.2
bound to 192.168.50.143 -- renewal in 16613 seconds.Code: Select all
Tue Oct 27 17:47:22 2015 [OpenVPN-Server] Peer Connection Initiated with [AF_INET]<remote_IP>:1194
Tue Oct 27 17:47:24 2015 SENT CONTROL [OpenVPN-Server]: 'PUSH_REQUEST' (status=1)
Tue Oct 27 17:47:24 2015 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.50.1,ping 10,ping-restart 120'
Tue Oct 27 17:47:24 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Oct 27 17:47:24 2015 OPTIONS IMPORT: route-related options modified
Tue Oct 27 17:47:24 2015 ROUTE_GATEWAY <client_gateway_IP>/255.255.254.0 IFACE=eth0 HWADDR=00:23:55:7c:73:92
Tue Oct 27 17:47:24 2015 TUN/TAP device tap0 opened
Tue Oct 27 17:47:24 2015 TUN/TAP TX queue length set to 100
Tue Oct 27 17:47:24 2015 /tmp/up.sh tap0 1500 1590 init
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/tap0/32:6b:1b:d7:6e:95
Sending on LPF/tap0/32:6b:1b:d7:6e:95
Sending on Socket/fallback
DHCPREQUEST of 192.168.50.143 on tap0 to 255.255.255.255 port 67 (xid=0x31537b)
DHCPREQUEST of 192.168.50.143 on tap0 to 255.255.255.255 port 67 (xid=0x31537b)
DHCPREQUEST of 192.168.50.143 on tap0 to 255.255.255.255 port 67 (xid=0x31537b)
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 3 (xid=0xc3073427)
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 5 (xid=0xc3073427)
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 14 (xid=0xc3073427)
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 11 (xid=0xc3073427)
I can post more details if you wish, just let me know.
