Re: [Openvpn-users] Hostnames and OpenVPN

Mon, 29 Dec 2014 05:32:14 -0800 

Hi,

On 27/12/14 05:04, Phoenix wrote:
Hi, I am looking to setup OpenVPN with the ability to access hosts on the OpenVPN network using their certificate name (For example, Emily.srv.startledphoenix.net). I am using a tap-based network, so learn-address spits out a mac address instead of a ip address. Each client connected to OpenVPN needs to have a static address. 

What I have tried so far:
Dnsmasq (bridged tap):
- Hostname resolution works

- Due to the fact that the tap interface mac on the clients keeps on 
changing, it keeps on allocating new addresses to clients. Quite 
annoying when you are attempting to bind nginx to that internal tap 
interface. It also causes SSH to go wild and ask to accept the ssh key 
each time I connect and it has a new ip address



Custom ARP Script (bridged tap, addresses allocated by openvpn) 
(Script: http://pastebin.com/rM6tkKgE):

- Hostname resolution works

- Script is finicky, it seems that finding the IP Address using the 
MAC address and ARP is not such a good idea.



If anyone has any idea how I can get this to work, or solutions to 
either of the above, that would be awesome.





as Gert already pointed out, avoid tap+bridging if you can. Do you 
really need tap ?
I don't understand your remark about nginx - is that happening on the 
client?



As for your learn-address or client-connect script - in both cases the 
script knows the IP address that OpenVPN has allocated for it. It's not 
on the command line, but the env var $ifconfig_pool_remote_ip contains 
the client IP; a simple client-connect or learn-address script that 
dumps the environment will tell you all available env vars:


[...]
ifconfig_pool_remote_ip=192.168.200.2
ifconfig_local=192.168.200.1
ifconfig_netmask=255.255.255.0
X509_0_CN=client3
[...]


If you use an external DHCP server then you should query that server for 
the assigned IPs.



Finally, it *is* possible to use static MAC addresses for your TAP 
adapter (--lladdr HW) , but this needs to be done on each client.


HTH,

JJK



------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to