Menu
▾
▴
Re: [Openvpn-users] clients getting same DHCP from openvpn
|
From: Jonathan P. <jpe...@ga...> - 2009-01-29 10:47:08
|
Jan, By default tun devices establishes point-to-point tunnels not a subnet which is why you have the topology-options. As you're mentioning ifconfig-pool-perisist is a potential candidate, so is client-config-dir. Why would you rather consider tun over tap anyway? Tun is for sending IP traffic while tap allows Ethernet 802.3. /Jonathan On Thu, Jan 29, 2009 at 1:24 AM, Jan Just Keijser <ja...@ni...> wrote: > Hi Jonathan, > > sorry to correct you but this is not true... tun devices are perfectly fine > for the setup that Darren is attempting and I would strongly recommend to > get 'tun' devices working before attempting a tap (or even bridged) setup. > > Darren, > > can you > - try it without the "ifconfig-pool-persist ipp.txt" statement > - post a server log file snippet after the first client connects and then > after the second client connects > - make sure that both clients are using *different* certificates. > > HTH, > > JJK > > > Jonathan Petersson wrote: >> >> tun devices is generally only for Point-to-Point tunnels. If you want >> multiple people to connect and get individual IPs I would recommend to >> use tap interfaces or: >> >> "subnet -- Use a subnet rather than a point-to-point topology by >> configuring the tun interface with a local IP address and subnet mask, >> similar to the topology used in --dev tap and ethernet bridging mode. >> This mode allocates a single IP address per connecting client and >> works on Windows as well. Only available when server and clients are >> OpenVPN 2.1 or higher, or OpenVPN 2.0.x which has been manually >> patched with the --topology directive code. When used on Windows, >> requires version 8.2 or higher of the TAP-Win32 driver. When used on >> *nix, requires that the tun driver supports an ifconfig(8) command >> which sets a subnet instead of a remote endpoint IP address. " >> >> See http://openvpn.net/index.php/documentation/manuals/openvpn-21.html >> under topology >> >> /Jonathan >> >> On Wed, Jan 28, 2009 at 11:22 AM, Darren Govoni <da...@on...> >> wrote: >> >>> >>> Hi, >>> Here it is. Essentially taken from the example. The clients use the >>> same ca.cert and generate their own certs. This is in linux environment. >>> >>> ---- >>> ;local a.b.c.d >>> >>> port 1194 >>> >>> ;proto tcp >>> proto udp >>> >>> ;dev tap >>> dev tun >>> >>> ;dev-node MyTap >>> >>> ca ca.crt >>> cert server.crt >>> key server.key # This file should be kept secret >>> >>> dh dh1024.pem >>> >>> server 10.8.0.0 255.255.255.0 >>> >>> ifconfig-pool-persist ipp.txt >>> >>> ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 >>> >>> ;push "route 192.168.10.0 255.255.255.0" >>> ;push "route 192.168.20.0 255.255.255.0" >>> >>> ;client-config-dir ccd >>> ;route 192.168.40.128 255.255.255.248 >>> >>> ;client-config-dir ccd >>> ;route 10.9.0.0 255.255.255.252 >>> >>> ;learn-address ./script >>> >>> ;push "redirect-gateway" >>> >>> ;push "dhcp-option DNS 10.8.0.1" >>> ;push "dhcp-option WINS 10.8.0.1" >>> >>> ;client-to-client >>> >>> ;duplicate-cn >>> >>> keepalive 10 120 >>> >>> ;tls-auth ta.key 0 # This file is secret >>> >>> ;cipher BF-CBC # Blowfish (default) >>> ;cipher AES-128-CBC # AES >>> ;cipher DES-EDE3-CBC # Triple-DES >>> >>> comp-lzo >>> >>> ;max-clients 100 >>> >>> ;user nobody >>> ;group nobody >>> >>> persist-key >>> persist-tun >>> >>> status openvpn-status.log >>> >>> ;log openvpn.log >>> ;log-append openvpn.log >>> >>> verb 3 >>> >>> ;mute 20 >>> >>> ---- >>> >>> >>> On Wed, 2009-01-28 at 11:10 -0800, Jonathan Petersson wrote: >>> >>>> >>>> Please post your server-config. >>>> >>>> You might want to have a look at the topology options. >>>> >>>> /Jonathan >>>> >>>> On Wed, Jan 28, 2009 at 10:27 AM, Darren Govoni <da...@on...> >>>> wrote: >>>> >>>>> >>>>> Hi, >>>>> Pardon me if this is well-documented. I read through the website >>>>> looking for an answer. >>>>> >>>>> Basically, I have a server and routed network. The server correctly >>>>> binds to 10.8.0.1 and the tun0 interface comes up. >>>>> >>>>> I run a client and it refers to the server fine and gets an address: >>>>> 10.8.0.6. Works fine. >>>>> >>>>> I run another client on a different machine, and it also gets 10.8.0.6. >>>>> >>>>> There is no local DHCP server other than openvpn. >>>>> >>>>> The clients are using different certificates too. >>>>> >>>>> What could be causing this? >>>>> >>>>> > > |
