That's wild, and I haven't seen that behaviour with my bridging setup. I do use bridging and do have a DHCP server inside the LAN. I'll study the code to see if I introduced a bug though causing the DHCP packet to get forwarded even when it is processed. It's possible, and your workaround with the firewall rules tends to indicate that it is likely.
I do know many (most?) folks are using this configuration successfully -- if for no other reason than because it used to be broken and there were complaints at that time. It's possible that the problem is masked in the usual case and your device makes the problem visible. What device are you using? Also, how are you determining that there are two addresses on the TAP device? > -----Original Message----- > From: openvpn-devel-boun...@lists.sourceforge.net > [mailto:openvpn-devel-boun...@lists.sourceforge.net] On > Behalf Of Mathias Sundman > Sent: Tuesday, June 20, 2006 9:10 AM > To: openvpn-devel@lists.sourceforge.net > Cc: Christer Lindell; Kenneth Karlsson > Subject: [Openvpn-devel] DHCP on PocketPC port > > > When pushing an IP to an OpenVPN client and using the DHCP > feature in the > TAP-Win32 driver to have it assigned to the windows client, I believe > OpenVPN or the TAP-Win32 driver is blocking the DHCP requests from > traversing the VPN tunnel. This is the behavior I'd expect as well. > > Now, while testing the PocketPC port, I just realized that I > recieved two > IP addresses! One from the TAP-Win32 driver, pushed from the OpenVPN > server, the correct one, but also one from my real DHCP server on the > remote network. We're using TAP and bridging... So obviously > the PocketPC > port does not block these packets, even though the build-in > DHCP server in > the TAP driver is replying to the DHCP requests. > > So, is this a bug in the PocketPC port of OpenVPN/TAP-Win32 or is > this expected behaviour? Or is there simply no blocking > feature in the > WinXP TAP-Win32 driver either, but these O/S only care about > the first > DHCP server that it gets a reply from? > > As a workaround, I just used iptables on my linux server to block > forwarding of UDP67/68 packets over the bridge and the things > worked just > fine. > > -- > _____________________________________________________________ > Mathias Sundman (^) ASCII Ribbon Campaign > OpenVPN GUI for Windows X NO HTML/RTF in e-mail > http://openvpn.se/ / \ NO Word docs in e-mail > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
smime.p7s
Description: S/MIME cryptographic signature
