[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] fixing a tap interface ip

  • Subject: Re: [Openvpn-users] fixing a tap interface ip
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Thu, 13 Dec 2007 16:40:09 -0600
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID169LLmwOq0402X36

You probably want to use the persistent state options.  Try adding the following 2 lines to your config file:
The first will keep the tap adapter connected between VPN restarts (such as when the client gets a new address and must re-connect to the VPN server.)  The 2nd option will keep the decrypted private key accessible to the OpenVPN process so you won't need to re-enter the passphrase next time it reconnects.

Unless you have created a persistent tap adapter (with openvpn --mktun --dev tap#) the dynamically created tap device may have a different MAC address each time, and this is why your DHCP server hands out a new address.  To insure the same host has the same IP each time, create a static tap adapter and set your client config to use that device by specifying the --dev tap# option (replace # with the device number created with the --mktun option.)  The only way to insure that your DHCP server doesn't issue an address to another client after the lease expires is to set a reservation.

For ISC DHCP the following section will create a static address for a sample host:
host example {
    hardware ethernet 00:FF:11:22:33:44;
Set the proper MAC address from the client's tap adapter and the desired IP address and you're all set.

George Georgalis wrote:
I have a host on an ISP dhcp which gets a new ip
every 3 or 4 weeks and maintains an openvpn client
tap by manual as needed passphrase entry.

On static ip, the openvpn server host uses a
tap bridge and is configured for persistant ip

Ocasionally I find the dhcp client with an
established connection but a new ip on the lan/tap
network (and my lan systems can't find it anymore).
So I break the connection and reestablish it to get
the expected IP on the lan.

I presume what's happening is the client dhcp lease
expires, it gets a new ip and establishes a new
connection before the server releases the connection
to the old IP.

So, my question is how do I assign a permanant tap
ip for the client? I have full control of the lan
dhcp, PTR and A records, and would prefer to use
that for assignments, if possible.

// George



Attachment: signature.asc
Description: OpenPGP digital signature