[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] DHCP server.


  • Subject: Re: [Openvpn-users] DHCP server.
  • From: Willy Offermans <Willy@xxxxxxxxxxxxxxxxxxx>
  • Date: Sat, 18 Aug 2007 10:08:50 +0200

Hallo Jake and OpenVPN friends,

On Fri, Aug 17, 2007 at 11:53:08AM -0400, Jake Solid wrote:
> I'm currently using OpenVPN and is working fine but I need to lease private
> IP address from the DHCP server.
> 
> The DHCP server is also acting as the gateway inside my LAN with IP address
> 10.0.0.1.
> 
> What I need to configure to allow the OpenVPN server have the DHCP server
> lease IP addresses on the 10.0.0.0 range to the OpenVPN clients?
> 
> This is my current ifconfig output:
> =======================
> 
> (1.2.3.4 is the public IP)
> 
> br0
>           inet addr:1.2.3.4 Bcast:64.105.255.255  Mask:255.255.240.0
> 
> eth2
>           inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
> 
> lo
>           inet addr:127.0.0.1  Mask:255.0.0.0
> 
> tun0
>           inet addr:172.16.0.1  P-t-P:172.16.0.2  Mask:255.255.255.255

It is quite possible to achieve the functionality you are asking for.
But it is not that easy. I do not know how experienced you are with
DNS, DHCP, OpenVPN and routing. The procedure to follow is following:

0) Problems with firewalls are very difficult to trace. Shut down all
your firewall temporarily, till you manage to use the VPN connection in
a proper way. Fire up your firewalls after successfully implementing
the above mentioned functionality. Change the firewall rules if
necessary. 
1) On the server and client site, use tap device to communicate.
2) On the server site, make sure the DHCP server can assign
IP-addresses to requests at the tap device
3) Make sure that you have a connection with Openvpn via tap, but do
not assign IP addresses via Openvpn. That means remove something like
erver-bridge 10.8.0.1 255.255.255.0 10.8.0.100 10.8.0.199
4) ask for an IP address for the tap device on the client site
5) If you receive an IP address for your tap device at the client site
from the DHCP server at the server site you are almost done
6) Now you need to make the right routes for your IP traffic
7) Do not get despondent if things do not work right away. The more you
suffer, the sweeter is the success.
8) Problems with firewalls are very difficult to trace. Shut down all
your firewall temporarily, till you manage to use the VPN connection in
a proper way. Fire up your firewalls after successfully implementing
the above mentioned functionality. Change the firewall rules if
necessary. 

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Willy

*************************************
W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 653 27 16 23
e-mail: Willy@xxxxxxxxxxxxxxxxxxx

                                       Powered by ....

                                            (__)
                                         \\\'',)
                                           \/  \ ^
                                           .\._/_)
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users