Openvpn and dhcp client
| (One intermediate revision by one user not shown) | |||
| Line 39: | Line 39: | ||
|   dhcp-range=net:#ovpn,192.168.1.100,192.168.1.199,255.255.255.0,48h |   dhcp-range=net:#ovpn,192.168.1.100,192.168.1.199,255.255.255.0,48h | ||
|   dhcp-range=net:ovpn,10.0.0.100,10.0.0.199,255.255.255.0,48h |   dhcp-range=net:ovpn,10.0.0.100,10.0.0.199,255.255.255.0,48h | ||
| + | |||
| + | ==BSD or GNU/linux Clients== | ||
| + |  remote 192.168.1.1 | ||
| + |  client | ||
| + |  dev tap | ||
| + |  nobind | ||
| + |  tls-client | ||
| + |  ca /etc/openvpn/ca.crt | ||
| + |  cert /etc/openvpn/port4.crt | ||
| + |  key /etc/openvpn/port4.key | ||
| + |  #pull | ||
| + |  verb 4 | ||
| + |  #remote-cert-tls server | ||
| + |  #auth-user-pass | ||
| + |  #redirect-gateway | ||
| + |  lladdr 00:FF:00:00:00:24 | ||
| + |  #route-delay 5 | ||
| + |  route-up "./dhcpcd-up.sh" | ||
| + |  down "./dhcpcd-down.sh" | ||
| + | in this configuration we call a dhcpcd script indirrectly because openvpn pass argument to the script by default and so dhcpcd won't work...<br> | ||
| + | We use dhcpcd because it can be easely killed with this command: <i>dhcpcd -k tap0</i>,otherwise you would need to know the pid and if there is multiple dhcpcd(which is possible because you need an ip before connecting to openvpn) it becomes complicated and not so cross-platform | ||
| + | here's dhcpcd-up.sh: | ||
| + |  #!bin/sh | ||
| + |  dhcpcd tap0 | ||
| + | here's dhcpcd-down.sh | ||
| + |  #!/bin/sh | ||
| + |  dhcpcd -k tap0 | ||
| + | of course we could use the paramether passed to the script to get the tap0 interface but this script is sufficent for me as i have only one tap interface(feel free to modify the script) | ||
| + | |||
| + | |||
| + | [[Category: Common Tasks]] | ||
Latest revision as of 08:03, 3 January 2009
[edit] Introduction
We will modify the configuration in AccessPoint in order to make work the clients pull the dns server(/etc/resolv.conf),the ip address and the default route via dhcpd
[edit] Dnsmasq configuration
here's the modified dnsmasq configuration:
# filter what we send upstream domain-needed bogus-priv filterwin2k localise-queries # allow /etc/hosts and dhcp lookups via *.lan local=/lan/ domain=workgroup expand-hosts dhcp-hostsfile=/etc/hosts.dnsmasq #resolv-file=/tmp/resolv.conf.auto dhcp-mac=ovpn,00:FF:*:*:*:* dhcp-authoritative dhcp-leasefile=/tmp/dhcp.leases # use /etc/ethers for static hosts; same format as --dhcp-host # <hwaddr> <ipaddr> read-ethers # other useful options: # default route(s): dhcp-option=#ovpn,3,192.168.1.1 dhcp-option=ovpn,3,10.0.0.1 # dns server(s): dhcp-option=#ovpn,6,192.168.1.1 dhcp-option=ovpn,6,10.0.0.1 dhcp-range=net:#ovpn,192.168.1.100,192.168.1.199,255.255.255.0,48h dhcp-range=net:ovpn,10.0.0.100,10.0.0.199,255.255.255.0,48h
[edit] BSD or GNU/linux Clients
remote 192.168.1.1 client dev tap nobind tls-client ca /etc/openvpn/ca.crt cert /etc/openvpn/port4.crt key /etc/openvpn/port4.key #pull verb 4 #remote-cert-tls server #auth-user-pass #redirect-gateway lladdr 00:FF:00:00:00:24 #route-delay 5 route-up "./dhcpcd-up.sh" down "./dhcpcd-down.sh"
in this configuration we call a dhcpcd script indirrectly because openvpn pass argument to the script by default and so dhcpcd won't work...
We use dhcpcd because it can be easely killed with this command: dhcpcd -k tap0,otherwise you would need to know the pid and if there is multiple dhcpcd(which is possible because you need an ip before connecting to openvpn) it becomes complicated and not so cross-platform
here's dhcpcd-up.sh:
#!bin/sh dhcpcd tap0
here's dhcpcd-down.sh
#!/bin/sh dhcpcd -k tap0
of course we could use the paramether passed to the script to get the tap0 interface but this script is sufficent for me as i have only one tap interface(feel free to modify the script)
