Re: [Openvpn-users] --learn-address don't provide IP for dev tap?

  Subject: Re: [Openvpn-users] --learn-address don't provide IP for dev tap?
  From: Didier Conchaudron <didier@xxxxxxxxxxxxxxx>
  Date: Wed, 15 Dec 2004 16:31:12 +0100

Leonard Isham wrote:

Step back for a minute by using TAP you are using bridging  bridging
is based on MAC addresses.  If you use TUN you are using routing,
which is based on Network (read IP) adresses.

If you buy a gasoline vehicle you can't just decide to put diesel in
it one day.  You would have to modify the care to use diesel.

If you are intent on using diesel (TUN) the modify/ replace your engine for one that uses gasoline (TAP).

The problem is that, in my understanding, I do have to know client IP in tun mode, eq "ifconfig server_ip client_ip". I can't use that way because I can't know the ip address of the incoming clients. I'm not doing pptp.

So my question could be this one: How to use tun mode in order to be able to get several clients without knowing their ip address?

I cc my server config, then you can help me to modify it using tun ;-)


dev tap

port 443
proto tcp-server

user nobody
group nobody

dh dh1024.pem

ca /root/CA/ca.crt
cert /root/CA/certs/server.crt
key /root/CA/private/server.key

crl-verify /root/CA/crl/crl.pem

tls-verify /root/openvpn/x509-verify.pl
auth-user-pass-verify /root/openvpn/user-pass.sh via-env
learn-address /root/openvpn/firewall.pl

status-version 1
status /root/openvpn/sessions-status.log 4

verb 3

mode server
push "route-gateway"
push "redirect-gateway"
push "ip-win32 dynamic"
push "dhcp-option DNS x.x.x.x"
push "dhcp-option DNS y.y.y.y"