pavement

Openvpn and dhcp client

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
Line 39: Line 39:
 
  dhcp-range=net:#ovpn,192.168.1.100,192.168.1.199,255.255.255.0,48h
 
  dhcp-range=net:#ovpn,192.168.1.100,192.168.1.199,255.255.255.0,48h
 
  dhcp-range=net:ovpn,10.0.0.100,10.0.0.199,255.255.255.0,48h
 
  dhcp-range=net:ovpn,10.0.0.100,10.0.0.199,255.255.255.0,48h
 +
 +
==BSD or GNU/linux Clients==
 +
remote 192.168.1.1
 +
client
 +
dev tap
 +
nobind
 +
tls-client
 +
ca /etc/openvpn/ca.crt
 +
cert /etc/openvpn/port4.crt
 +
key /etc/openvpn/port4.key
 +
#pull
 +
verb 4
 +
#remote-cert-tls server
 +
#auth-user-pass
 +
#redirect-gateway
 +
lladdr 00:FF:00:00:00:24
 +
#route-delay 5
 +
route-up "./dhcpcd-up.sh"
 +
down "./dhcpcd-down.sh"
 +
in this configuration we call a dhcpcd script indirrectly because openvpn pass argument to the script by default and so dhcpcd won't work...<br>
 +
We use dhcpcd because it can be easely killed with this command: <i>dhcpcd -k tap0</i>,otherwise you would need to know the pid and if there is multiple dhcpcd(which is possible because you need an ip before connecting to openvpn) it becomes complicated and not so cross-platform
 +
here's dhcpcd-up.sh:
 +
#!bin/sh
 +
dhcpcd tap0
 +
here's dhcpcd-down.sh
 +
#!/bin/sh
 +
dhcpcd -k tap0
 +
of course we could use the paramether passed to the script to get the tap0 interface but this script is sufficent for me as i have only one tap interface(feel free to modify the script)

Revision as of 18:17, 29 June 2008

Introduction

We will modify the configuration in AccessPoint in order to make work the clients pull the dns server(/etc/resolv.conf),the ip address and the default route via dhcpd

Dnsmasq configuration

here's the modified dnsmasq configuration:

# filter what we send upstream
domain-needed
bogus-priv
filterwin2k
localise-queries

# allow /etc/hosts and dhcp lookups via *.lan
local=/lan/
domain=workgroup
expand-hosts
dhcp-hostsfile=/etc/hosts.dnsmasq

#resolv-file=/tmp/resolv.conf.auto

dhcp-mac=ovpn,00:FF:*:*:*:*


dhcp-authoritative
dhcp-leasefile=/tmp/dhcp.leases 

# use /etc/ethers for static hosts; same format as --dhcp-host
# <hwaddr> <ipaddr>
read-ethers

# other useful options:
# default route(s):
dhcp-option=#ovpn,3,192.168.1.1
dhcp-option=ovpn,3,10.0.0.1

#    dns server(s):
dhcp-option=#ovpn,6,192.168.1.1
dhcp-option=ovpn,6,10.0.0.1


dhcp-range=net:#ovpn,192.168.1.100,192.168.1.199,255.255.255.0,48h
dhcp-range=net:ovpn,10.0.0.100,10.0.0.199,255.255.255.0,48h

BSD or GNU/linux Clients

remote 192.168.1.1
client
dev tap
nobind
tls-client
ca /etc/openvpn/ca.crt
cert /etc/openvpn/port4.crt
key /etc/openvpn/port4.key
#pull
verb 4
#remote-cert-tls server
#auth-user-pass
#redirect-gateway
lladdr 00:FF:00:00:00:24
#route-delay 5
route-up "./dhcpcd-up.sh"
down "./dhcpcd-down.sh"

in this configuration we call a dhcpcd script indirrectly because openvpn pass argument to the script by default and so dhcpcd won't work...
We use dhcpcd because it can be easely killed with this command: dhcpcd -k tap0,otherwise you would need to know the pid and if there is multiple dhcpcd(which is possible because you need an ip before connecting to openvpn) it becomes complicated and not so cross-platform here's dhcpcd-up.sh:

#!bin/sh
dhcpcd tap0

here's dhcpcd-down.sh

#!/bin/sh
dhcpcd -k tap0

of course we could use the paramether passed to the script to get the tap0 interface but this script is sufficent for me as i have only one tap interface(feel free to modify the script)

Personal tools