Daniel L. Miller wrote:
Can I use a DHCP3 server to assign IP's to routed VPN clients? Or will
it only work in bridged configurations?
It "just works" in a bridged configuration because the DHCP request is
broadcasted just as any PC local to the target subnet would do. In a
routed configuration IP broadcasts (such as a DHCP discover request) do
not pass the routing barrier and stay only on the virtual subnet
assigned to VPN clients. To work around this you have 4 options:
- Configure a machine on the virtual routed subnet to act as a DHCP
relay agent which listens for broadcasts on the virtual subnet and
forwards them to the real DHCP server.
Configure a machine on the virtual routed subnet to be a DHCP
server itself and hand out IP addresses.
Let OpenVPN hand out IP addresses with the ifconfig-pool
directive allowing OpenVPN to be the DHCP server.
- Note that you cannot use ISC's DHCP-forwarding agent because it
requires a layer-2 address (MAC) to be assigned to the network device
on both ends. The dhcp-fwd project will work over tun adapters and
plays quite well with OpenVPN.
Configure all devices with static addresses (or in OpenVPN with
the ifconfig-push directive in ccd files or a dynamic
- If you go this route you might want to consider also using the
'push "dhcp-option ..."' syntax to give options like DNS/WINS, etc to
Description: OpenPGP digital signature