[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Push DHCP option on Linux


  • Subject: Re: [Openvpn-users] Push DHCP option on Linux
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Mon, 20 Aug 2007 09:16:12 +0000

Hi Peter

Peter Njiiri wrote:
> 
> 
> Hi Erich
> 
> I've gone through the HOWTO's and tried checking for a precedure for
> running a script 

running a script is easy, just include it in the config file like

--up cmd
    Shell command to run after successful TUN/TAP device open (pre
--user UID change). The up script is useful for specifying route
commands which route IP traffic destined for private subnets which exist
at the other end of the VPN connection into the tunnel.

    For --dev tun execute as:

    cmd tun_dev tun_mtu link_mtu ifconfig_local_ip ifconfig_remote_ip [
init | restart ]

    For --dev tap execute as:

    cmd tap_dev tap_mtu link_mtu ifconfig_local_ip ifconfig_netmask [
init | restart ]

    See the "Environmental Variables" section below for additional
parameters passed as environmental variables.

    Note that cmd can be a shell command with multiple arguments, in
which case all OpenVPN-generated arguments will be appended to cmd to
build a command line which will be passed to the shell.

so you have to add a line like

up /my_directory/up_script to the client config file.


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

This here is from the mail archives, note though the script is written
for OS/X and might not work on your SuSE workstation without
modification. do not foget to make it executable.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


In <loom.20060609T045759-788@xxxxxxxxxxxxxx>, Matt Bostock
<matt@xxxxxxxxxxxxxxx> typed:
> Hi,
>
> Is it possible to push a DNS server to Linux clients on a routed VPN? E.g.
> push "dhcp-option DNS 10.0.0.2"

Yes. It'll push the value. However, the Linux system won't do the same
things that a Windows system does with it (at least, no Linux system I
know of will).

What happens (on pretty much any system but Windows) is that the
pushed options get stored in environment variables $foreign_option_N
that are made available in the various scripts that openvpn runs. You
need to provide a script that does the right thing for you.

Here's the script I use on OSX boxes to set up OSX super resolver
based on the DNS server address pushed by the openvpn server.

#!/bin/bash

dns=dns
for opt in ${!foreign_option_*}
do
   eval "dns=\${$opt#dhcp-option DNS }"
   if [ "$dns" != "dns" ]
       then
          cat >/etc/resolver/$(basename $config .conf) <<EOF
nameserver $dns
timeout 10
EOF
          exit 0
       fi
done
				
Note that this is a bash script, not an sh script. And if I controlled
the server in question, I'd push the domain name as well as the DNS
server address, and use that instead of the hack with the config file
name.

> ...also, must I setup a DHCP server for that to work?

No, you don't. Even if you had one, you still have to figure out how
to get the interface to generate a DHCP request when it comes up.

	<mike
-- 
Mike Meyer <mwm@xxxxxxxxx>		http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.

.....

(I've not seen example scripts during my search) to
> push dhcp option on a Linux workstation.I tried running the only script
> given in the web link below (from my previous email) but it proves
> unsuccessful on my openSUSE 10.2 workstation. Please, send me a link on
> sample scripts and procedure/HOWTO to push this option on the client.
> Thanks for your time!

The above example is rather prominent in the mailing list. I have not
tried it and I doubt the entry in the /etc/resolver directory would do
anything useful in your SuSE. So you probably have to store your
existing /etc/resolv.conf before overwriting it.

cheers
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users