|
|
Hi, As requested by Andrew J. Richardson, here is my DHCP config I am using with OpenVPN clients getting their IP addresses by DHCP, using de TAP dev mode: # dhcpd.conf # option definitions common to all supported networks... ddns-update-style none; ## If hardware address begins with 00:FF, the client is an ## openvpn tap adapter, and we do not want to assign a ## default gateway or dns server. Assign then to a special ## subclass and configure a pool which does not hand out ## these parameters. class "openvpn" {
match if substring (hardware, 1, 2) = 00:FF;
}
## end class declaration# subnet instellingen. authoritative; subnet 10.2.1.0 netmask 255.255.255.0 {
option domain-name "...";
option domain-name-servers 10.2.1.1;pool {
deny members of "openvpn";
range 10.2.1.65 10.2.1.180;
option subnet-mask 255.255.255.0;
option broadcast-address 10.2.1.255;
option routers 10.2.1.1;
default-lease-time 86400;
max-lease-time 151200;
}
pool {
allow members of "openvpn";
range 10.2.1.210 10.2.1.240;
default-lease-time 3600;
max-lease-time 14400;
}
}The sad thing is, I have been a little too enthousiastic about this config: During the last day, problems with the normal clients started to appear, the same as the problems I have been trying to solve for over a week now: After a while, when the leases of the normal LAN clients (windows AND linux) begin to expire, the clients do a new request for their IP addresses. They get an IP address from the non-openvpn pool just fine, but they fail to retrieve the default gateway (option routers). This seems very strange to me, as they ARE getting an IP address from the right pool, they get the right lease times for the pool, and so forth. The only option that doesn't seem to apply anymore is the routers option. To make thing even more strange, I had been testing this config by releasing and renewing windows and linux clients manually for several times. All these times, they just got the routers option nicely. Why aren't they getting the default gateway anymore if their leases have expired? Maybe some of you have any experience with this. Anyway, I still wanted to share this with you. Maybe someone gets a good DHCP idea that does work :). For clarity: The clients from the "openvpn" class should NOT get a default gateway, because they already have a default gateway from the internet connection the VPN tunnel runs on and it could lead to conflicts if two default gateways exist. With kind regards, Eymert begin:vcard fn:Eymert Versteegt n:Versteegt;Eymert adr:;;;;;;Netherlands, the email;internet:eymert@xxxxxxxxxxxxx note;quoted-printable:ICQ: 7243180=0D=0A= MSN: eymert@xxxxxxxxxxxxx x-mozilla-html:FALSE version:2.1 end:vcard |