Hi! Short story: ============= How can I push a static route (preferably -host, not -net) to all DHCP clients?
Long story:
============
I have dnsmasq v2.22 running on OpenWrt on a Linksys WRT54G. This box
lives in two subnets for which it acts as DHCP and DNS server:
dhcp-range=wifi,192.168.1.2,192.168.1.254,255.255.255.0,2h
dhcp-range=wired,172.16.27.3,172.16.27.254,255.255.255.0,12h
Currently, dnsmasq sets itself as the default gateway for all the
clients, which is fine. Wired clients can reach wifi clients and vice
versa. But I would like dnsmasq to tell the wifi clients a more specific
route to the wired subnet since I want use an OpenVPN server on
192.168.1.2 to encrypt the complete wifi traffic.[1]
Because of this, the default route of the wifi clients gets overwritten
to the server's VPN address (10.27.0.1 on a TUN device). But then the
clients cannot reach the OpenVPN server's real IP address anymore, since
the default route has gone.
I read RFC2132 and found out that I should be able to specify a static
route with DHCP option 33 like this:
dhcp-option=wifi,33,172.16.27.2,192.168.1.1
If I understand it correctly, this should be equivalent to doing
# route add -host 172.16.27.2 gw 192.168.1.1
on the clients, which works well. But somehow dnsmasq seems to ignore
this line. I sniffed one of my wifi clients running dhclient and the
DHCP ACK message it receives from dnsmasq doesn't include option 33
(while everything else is alright). I also tried to use DHCP option 121
which should set a static route to a complete network, but that didn't
work either.
So, what am I doing wrong? Do newer versions of dnsmasq behave the same?
Jochen.
[1]: An easier solution would of course be to install OpenVPN on the
gateway running dnsmasq. But sadly, the box would be a serious
bottleneck performance-wise.
--
I am getting worse rather than better.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature
