1 |
Hi, |
2 |
|
3 |
Patrick Holthaus schrieb: |
4 |
> Hello everybody! |
5 |
> |
6 |
> Maybe this is a bit Off-Topic here, but maybe some of you like to help me |
7 |
> anyway. |
8 |
> |
9 |
> I am trying to build a VPN network where the clients get their IP adresses |
10 |
> from a local DHCP server (because it should notify the nameserver of the |
11 |
> clients). The VPN should have its own adress pool 10.8.0.* while the |
12 |
> unsecured clients in the server's LAN should get an 192.168.1.* adress. |
13 |
> |
14 |
> I got the VPN working but the clients do appearently not get their IP from the |
15 |
> DHCP server but some random IP from the OpenVPN server. (The DHCP server only |
16 |
> assignes 10.8.0.100-200 adresses but the clients get .8 or .10 for example) |
17 |
> |
18 |
> Now my questions are: |
19 |
> Do I need bridging for making the DHCP server work in the VPN? |
20 |
> |
21 |
|
22 |
Yes. DHCP is an ethernet protocol. DHCP over IP wouldn't make much |
23 |
sense, would it? To use your existing DHCP Server you need OSI Layer 2 |
24 |
VPN connections (TAP devices). |
25 |
|
26 |
> How should the configuration files look like? |
27 |
> |
28 |
|
29 |
Uhm, in your testing files, you try to configure IP's on a tap device? I |
30 |
think you mix the concepts up here. If you have a tap tunnel, your |
31 |
client sends ethernet frames to the server, who, when properly bridged, |
32 |
sends them to a local LAN, and vice versa. No IP involved on that level, |
33 |
you could use IPX or SCTP if you wanted. The only IP you mention in the |
34 |
config file is that of the server. |
35 |
|
36 |
But then a client could connect and use any IP you ask? Well, yes, as in |
37 |
any LAN. You can use iptables on the bridge to filter spoofed packets |
38 |
out, though. |
39 |
|
40 |
It's more easy and faster to stick with Layer3 vpn, though. |
41 |
|
42 |
Regards and HTH, |
43 |
Thomas |
44 |
-- |
45 |
gentoo-user@g.o mailing list |