[Openvpn-users] OpenVPN to filter out dhcp traffic?

  • Subject: [Openvpn-users] OpenVPN to filter out dhcp traffic?
  • From: Johan Dahlberg <jodahlberg@xxxxxxxxx>
  • Date: Sat, 19 Mar 2005 10:15:36 +0100

I have a question which I can't get an answer to anywhere on the net.
So I thougt maybe you can help me. But first I must thank you for a
truly great piece of software. :-)

My problem is DHCP. I'm running a VPN between two sites using ethernet
bridging, both sites has their own DHCP-server up and running, and
this is causing quite a mess for the network since the networks has
their own subnets/routes. And on occasion the clients on one network
get it's IP assigned by the DHCP-server on the other side of the VPN.
Since the default route for that client will be trough the VPN, it
drains a lot of bandwidth and also adds lots of both latency and
unnecessary bandwidth usage when talking to clients standing right
beside it.

I've been pulling my hair out for days trying to solve this. Over here
OpenVPN is running on Linux 2.6 on both ends, and I've tried all kinds
of tricks with the kernel & filtering to block dhcp from passing
through the vpn-link, without success.

As I've understood it (ISC) DHCP uses raw sockets which cannot be
filtered. So for now I guess I'm out of luck. But one thought crossed
my mind.. can't OpenVPN itself filter out DHCP from the VPN link? That
would be the simplest solution I think. Looking at the mailing lists
or googling for a while it seems a lot of people are having the exact
same problem as me. So it would no doubt be useful for a lot of

I'm not a coder myself, if I was I would get right on with trying to
implement this, trust me. :-)
Of course, maybe it can't be done, or it's not useful enough to be
implemented. But I would appreciate it if you could at least give it a
tought, and maybe even send me an answer to this mail. :)

Once again, thanks for a great piece of software!


