|
|
Angelo Laub <al <at> rechenknecht.net> writes:
> [SNIP]
> > B- In my -short- experience, the tap device for os X does not get
> >the
> > dhcp servers information (or does not forward it to the resolver ?).
> try putting the line "pull" in your client config file. this tells the
> openvpn client to get the dhcp information from the server.
Isn't "push" and "pull" OpenVPN 2.0-specific ? DNS servers info is
crucial, but I'd like to use the full dhcp capabilities, and provide
goodies like ntp, netbios,.. info if possible.
> > There is a dhcp server attached to my vpn, serving exclusively vpn
> > nodes. Currently I hack /private/etc/resolv.conf at openvpn startup
> > and
> > restore it when the tunnel closes as part of a command shell script
> > that
> What is it exactly you do with this script? To my knowledge there
> shouldn't be the need for any scripts, because openvpn sets the
correct
> routes when it starts, and restores everything to normal when it
> quits.
Well the script does not much. It is a .command file that starts ovpn
with the
options I want.
On windows I have a .bat file, on mac a .command:
>>>
#!/bin/bash
OVPN="/usr/local/openvpn" # OVPN 1.6
OPENVPNDIR="/Users/whatever"
RESOLVDIR="/var/run"
RESOLVCONF="resolv.conf"
VPN_NS="nameserver 192.168.1.1"
pushd $OPENVPNDIR
echo "Updating $RESOLVCONF"
cp $RESOLVDIR/$RESOLVCONF $RESOLVDIR/$RESOLVCONF-bak
awk -v NS="$VPN_NS" '{print;if(NR==1)print NS}'
$RESOLVDIR/$RESOLVCONF-bak > $RESOLVDIR/
$RESOLVCONF
echo "Starting OpenVPN. Press CTRL-C to exit the VPN"
($OVPN --cd $OPENVPNDIR --config ./main.conf --config ./me.conf)
echo "Restoring $RESOLVCONF"
mv $RESOLVDIR/$RESOLVCONF-bak $RESOLVDIR/$RESOLVCONF
echo "You're no longer part of the VPN."
popd
>>>
With win-tap32, the interface gets its IP address and the NS information
served by the dhcpd, no fuss. So this kind of hack is not needed.
> > launches openvpn. Can I put such a script under Library as well ? Or
do
> > some of you guys can make the tap device available in the mac's
Network
> > configuration ?
> interesting idea, i have to think about it. but perhaps this in not
> even necessary.
That would make the mac openvpn setup similar to the one on windows,
where the tap is always up, and the openvpn tunnel started as needed
by clicking a .bat, or using a nice GUI ;-)
Going back to the certs: when I run my CA I go through an EXTRA step to
scratch the passphrase for the certs. I can perfectly live with the
requirement for passphrase in the user cert, in order to use the GUI.
Regarding the version of openvpn: while you're providing the full
binaries for Ovpn, which is great, I did not use that: I already had my
stuff compiled and installed.
Once again, I can certainly live with your .dmg as the full -least
official- openvpn distro for OS X. But in that case, I'd recommand you
include a SINGLE readme that makes clear that all components should be
installed your way.
Since I insist on using a bridged VPN (I want broadcasted services), and
I already have managed the many confs/ports pairs I need for my tunnels
(cf. the conf split between generic main.conf and overriding me.confs),
I don't really feel like going to OpenVPN 2.0 will help me. I am mostly
unaware of OpenVPN 2.0. Would you recommend using Ovpn 2.0 for a
bridged VPN ?
Thanks again. Later,
--JP
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|