[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] OpenVPN, dhcpd and ddns

  • Subject: [Openvpn-users] OpenVPN, dhcpd and ddns
  • From: "Tom Cook" <tom.k.cook@xxxxxxxxx>
  • Date: Sat, 13 Oct 2007 18:50:58 +0930


I am a newbie with OpenVPN, so please go a little gently...

I have an office network set up, where local ethernet clients get network information by dhcp (from dhcpd), and dhcpd puts the client's name directly into the DNS server (bind9).  All this runs on a box which is also our boundary router (for the moment - no security comments on this please, we already know and are moving it).

On the router, eth0 is the interface that looks towards the internet, and has a static routable ip address.  eth1 is the interface that looks towards the LAN.  There is a bridge interface, br0, which contains eth1 and has the address  It is this bridge interface over which DHCP is served.

What I would like to do is to add OpenVPN to the router using ethernet bridging, so that an external VPN client can connect to the network and act just as though he was part of the LAN.  At least, that's what I though I wanted.

I have a client connecting and creating a TAP interface, tap0, which is part of the bridge.  The client can then get network information using DHCP.  But of course the DHCP server over-rides the client's default router and nameserver, which is not quite what I want.  What I would like is for the client to become part of the ethernet, have its default route left as is, have traffic to routed over the bridge, and have the remote nameserver appended to the list of nameservers in /etc/resolv.conf, not replace it.

Is there a good way of doing this?  It seems to me there are three options:

1. Figure out how to make dhcpd serve up slightly different information to clients on tap0 than on eth1 - I have yet to find any sign that this is possible.
2. Use OpenVPN to assign the IP address from a pool, use an 'up' script on the client end to reconfigure the client network with the parameters I want, and ignore DHCP.  This is probably the easiest, but then I don't get my dynamic dns updates on the office network.
3. Something else I haven't found out about yet.

Can someone tell me the best way of doing this?