[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] fixing a tap interface ip

  • Subject: Re: [Openvpn-users] fixing a tap interface ip
  • From: George Georgalis <george@xxxxxxxxx>
  • Date: Fri, 14 Dec 2007 09:54:44 -0500

Thanks, this looks like all the fix/info I need. :)

It's not clear, if --mktun works with with
FreeBSD/NetBSD, (and I have limited testing
window). Can I get the same effect by simply
creating a tap0 at boot when I start other
network interfaces then just use --dev tapX?

I didn't realize the openvpn server even used
my dhcpd for tap address assignments. In the
conf I have server-bridge and assumed available
addresses where determined from that and my
ifconfig-pool-persist file. Do these become
the basis for a dhcp lease ip request?

// George

On Thu, Dec 13, 2007 at 04:40:09PM -0600, Josh Cepek wrote:
>You probably want to use the persistent state options.  Try adding the
>following 2 lines to your config file:
>    persist-tun
>    persist-key
>The first will keep the tap adapter connected between VPN restarts (such
>as when the client gets a new address and must re-connect to the VPN
>server.)  The 2nd option will keep the decrypted private key accessible
>to the OpenVPN process so you won't need to re-enter the passphrase next
>time it reconnects.
>Unless you have created a persistent tap adapter (with openvpn --mktun
>--dev tap#) the dynamically created tap device may have a different MAC
>address each time, and this is why your DHCP server hands out a new
>address.  To insure the same host has the same IP each time, create a
>static tap adapter and set your client config to use that device by
>specifying the --dev tap# option (replace # with the device number
>created with the --mktun option.)  The only way to insure that your DHCP
>server doesn't issue an address to another client after the lease
>expires is to set a reservation.
>For ISC DHCP the following section will create a static address for a
>sample host:
>    host example {
>        hardware ethernet 00:FF:11:22:33:44;
>        fixed-address;
>    }
>Set the proper MAC address from the client's tap adapter and the desired
>IP address and you're all set.
>George Georgalis wrote:
>> I have a host on an ISP dhcp which gets a new ip
>> every 3 or 4 weeks and maintains an openvpn client
>> tap by manual as needed passphrase entry.
>> On static ip, the openvpn server host uses a
>> tap bridge and is configured for persistant ip
>> assignment.
>> Ocasionally I find the dhcp client with an
>> established connection but a new ip on the lan/tap
>> network (and my lan systems can't find it anymore).
>> So I break the connection and reestablish it to get
>> the expected IP on the lan.
>> I presume what's happening is the client dhcp lease
>> expires, it gets a new ip and establishes a new
>> connection before the server releases the connection
>> to the old IP.
>> So, my question is how do I assign a permanant tap
>> ip for the client? I have full control of the lan
>> dhcp, PTR and A records, and would prefer to use
>> that for assignments, if possible.
>> // George

>SF.Net email is sponsored by:
>Check out the new SourceForge.net Marketplace.
>It's the best place to buy or sell services
>for just about anything Open Source.
>Openvpn-users mailing list

OpenVPN mailing lists