[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN Bridging - Windows XP - DHCP


  • Subject: Re: [Openvpn-users] OpenVPN Bridging - Windows XP - DHCP
  • From: "Ben Sheron" <ben@xxxxxxxxxxxxxxxx>
  • Date: Tue, 24 Jul 2007 08:24:26 -0400 (EDT)
  • Importance: Normal

> Josh Cepek schrieb:
>> Vincent wrote:
>>> I have, hopefully, an easy question.  I have setup a small, bridged
>>> OpenVPN
>>> across our different store locations under Windows XP.  All seems to
>>> work well
>>> with one small hiccup.  Occasionally, one of the client computers at
>>> one
>>> location will pull a DHCP lease from  a router at one of the other
>>> stores.
>>> Needless to say, this leads to some problems.  Is there a way to
>>> prevent DHCP
>>> traffic from crossing the VPN or a way to specify the DHCP server to be
>>> used
>>> under Windows XP?  Thank you for your assistance.
>>>
>>> Vincent
>>
>> With DHCP most clients accept the first offer it gets, and that's
>> usually going to be the local DHCP server, but not always depending on
>> conditions; this leads to the behavior your noticed.  Don't use a
>> bridged setup if you don't want all the DHCP servers to respond to every
>> DHCP request.  Bridging is logistically the same as connecting each site
>> together with a switch.  If you don't want broadcast traffic (like DHCP
>> requests) to traverse the sites then use a routed setup with tun
>> adapters (not tap.)
> That's good advice, however broadcasts are needed for services like
> WINS, rendezvous and others. If the OpenVPN bridge runs linux you can
> selectively filter layer2 stuff with ebtables. There might be other
> solutions for other operating systems for layer2 filtering worth googling.
>
> cheers
>   Paul

Paul,

I'm not sure about rendezvous, but with WINS you could always set up a
WINS server say with Samba right on the Linux gateway machine, and point
the Windows clients to this server.  That way you should still be able to
see them across the bridge.  You might also consider setting up an
internal DNS server to resolve computer names to internal IPs.  This might
help for some other services that need to discover other computers on the
network.  Just a thought.

Ben

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users