|
|
John Locke <mail@xxxxxxxxxxxx> said: > Hello, > > I see lots of posts in the group about these issues, and have spent days > reading through, but still haven't figured out the best way to do this. > I'm trying to set up OpenVPN for a small network, and make client > configuration as easy as possible for all concerned. > > 1. How do I get a bridged connection to get an address from a DHCP > server on the other side? > > I've read through the list, and seen some posts indicating there were > problems with this, and recommending against it--why? I'm not sure there's any problem with this configuration. This is a common practice and is described in the OpenVPN win32 install notes. > Here's my basic configuration: > > WinXP client, tap interface, connecting to remote network. > > Remote network has the UDP port forwarded through the firewall to a Red > Hat box that's the other end of the tunnel. The red hat box is also > running ISC DHCPD, Bind, and Samba, with an internal TLD set up. I need > the remote clients to be able to use DNS to get to a bunch of different > virtual hosts on other web servers on the LAN. I also need Windows file > sharing to work over the connection. > > I can get the tunnel up, manually enter the DNS address, and see all the > virtual web sites from the remote Windows box, but I'd like to have the > dhcp server assign the DNS settings to the Windows box. > > I've tried all sorts of --ifconfig options on both ends of the tunnel: > on the LAN subnet, on a different subnet, no --ifconfig settings at all, > etc. > > I've found that it doesn't matter what --ifconfig setting I use on the > Red Hat end (the bridged side), as long as it's different than the > Windows --ifconfig setting. It can be unset, or on a different subnet, > doesn't seem to make a difference. On the other hand, the Windows box > only connects successfully if I set an --ifconfig option to a valid, > unused address on the LAN subnet. How do I get this to accept the DHCP > settings? If you are using DHCP on the OpenVPN client side, you shouldn't use the --ifconfig option. Both accomplish the same purpose, and using both together is redundant and likely not to work. There's a sample DHCP server config in the win32 install notes. > 2. If I don't use DHCP over the bridged connection, how can I script the > set up for the DNS and WINS server on a Windows box? > > I'm deploying this for a small company, and many of the remote users are > not very technical. I'd like to be able to have them run the installer, > copy their key and configuration, and start it up from the configuration > file. Does anyone have a good way of programmatically setting up the > WINS/ DNS server settings on a Windows box? Or is there a configuration > option I've overlooked? > > 3. What's the recommended way to stop the tunnel on the Windows box? > I've been just closing the command window. I don't want to set it up as > a service--is there a way to get it to run on demand without the command > window, and if so, how do you stop it? Again, this is mainly for my > non-technical users, I'm sure I'm going to get asked about it. There's no connect-on-demand feature at present. You can run either from the command line or as a service. > 4. Completely different client question: Connecting to the same Red Hat > server on the same LAN from a Linux box. My Linux box connects, and > everything is working flawlessly. Except that when my local connection > renews its DHCP settings, it deletes the nameserver I added to > /etc/resolv.conf, and names stop resolving on the remote network. > Anybody have a suggestion for dealing with this? There's a command line flag for the DHCP server that tells it not to overwrite /etc/resolv.conf > Thanks for your help. I'm really liking the looks of this--and the first > connection I made, I couldn't believe how quick it was, tunneling > through two slower DSL connections across the Internet... Cool. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2003-12/msg00058.html on line 262 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2003-12/msg00058.html on line 262 |