[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] DHCP Server on Routed VPN

  • Subject: Re: [Openvpn-users] DHCP Server on Routed VPN
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Fri, 31 Aug 2007 18:12:43 -0500
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID372LHEXmz0160X28

Daniel L. Miller wrote:
Can I use a DHCP3 server to assign IP's to routed VPN clients?  Or will 
it only work in bridged configurations?

It "just works" in a bridged configuration because the DHCP request is broadcasted just as any PC local to the target subnet would do.  In a routed configuration IP broadcasts (such as a DHCP discover request) do not pass the routing barrier and stay only on the virtual subnet assigned to VPN clients.  To work around this you have 4 options:
  1. Configure a machine on the virtual routed subnet to act as a DHCP relay agent which listens for broadcasts on the virtual subnet and forwards them to the real DHCP server.
    • Note that you cannot use ISC's DHCP-forwarding agent because it requires a layer-2 address (MAC) to be assigned to the network device on both ends.  The dhcp-fwd project will work over tun adapters and plays quite well with OpenVPN.
  2. Configure a machine on the virtual routed subnet to be a DHCP server itself and hand out IP addresses.
  3. Let OpenVPN hand out IP addresses with the ifconfig-pool directive allowing OpenVPN to be the DHCP server.
    • If you go this route you might want to consider also using the 'push "dhcp-option ..."' syntax to give options like DNS/WINS, etc to Windows clients.
  4. Configure all devices with static addresses (or in OpenVPN with the ifconfig-push directive in ccd files or a dynamic client-connect-script.)


Attachment: signature.asc
Description: OpenPGP digital signature