-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks for that, with a bit of tinkering, it became more reliable than
looking up ip addresses in arp.
On 12/29/2014 05:28 AM, Jan Just Keijser wrote:
> Hi,
>
> On 27/12/14 05:04, Phoenix wrote:
>> Hi, I am looking to setup OpenVPN with the ability to access hosts on
the OpenVPN network using their certificate name (For example,
Emily.srv.startledphoenix.net). I am using a tap-based network, so
learn-address spits out a mac address instead of a ip address. Each
client connected to OpenVPN needs to have a static address.
>>
>> What I have tried so far:
>> Dnsmasq (bridged tap):
>> - Hostname resolution works
>> - Due to the fact that the tap interface mac on the clients keeps on
changing, it keeps on allocating new addresses to clients. Quite
annoying when you are attempting to bind nginx to that internal tap
interface. It also causes SSH to go wild and ask to accept the ssh key
each time I connect and it has a new ip address
>>
>> Custom ARP Script (bridged tap, addresses allocated by openvpn)
(Script: http://pastebin.com/rM6tkKgE):
>> - Hostname resolution works
>> - Script is finicky, it seems that finding the IP Address using the
MAC address and ARP is not such a good idea.
>>
>> If anyone has any idea how I can get this to work, or solutions to
either of the above, that would be awesome.
>>
>
> as Gert already pointed out, avoid tap+bridging if you can. Do you
really need tap ?
> I don't understand your remark about nginx - is that happening on the
client?
>
> As for your learn-address or client-connect script - in both cases the
script knows the IP address that OpenVPN has allocated for it. It's not
on the command line, but the env var $ifconfig_pool_remote_ip contains
the client IP; a simple client-connect or learn-address script that
dumps the environment will tell you all available env vars:
>
> [...]
> ifconfig_pool_remote_ip=192.168.200.2
> ifconfig_local=192.168.200.1
> ifconfig_netmask=255.255.255.0
> X509_0_CN=client3
> [...]
>
> If you use an external DHCP server then you should query that server
for the assigned IPs.
>
> Finally, it *is* possible to use static MAC addresses for your TAP
adapter (--lladdr HW) , but this needs to be done on each client.
>
> HTH,
>
> JJK
>
>
- --
StartledPhoenix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUpMYmAAoJEM/lhNBdSZ3Fy0YP/0QLgW6JuvH3ANw3/OeqZ6UA
8wCgTZUGXCL5CmMLrjZPXxuU65UekcYzok1un8V1XUOXweR+u0T3ze7o1LmamWr4
IPzdpZkxwH2NtDzo8hk8kBz0QBCj7tRtIqoLW/pqrOzA0tc9vUmaRVcTB4DZWzeE
ZCJ1ndofoJTQRS8jZkhXB3u64N0CWFDsT1tuMCkANGd64wmyVF+c1pLAOtk/1R40
6OnTMK43eo8hx4wXOKZFyz1wOW6wQqvV9W8sdc/8LgSL3JJB+5ZRqf0Ktc89ut5e
jSh1Vh/4PE1ShNGIH1Db/vXNHYv+NTwwCnhputUFfCFKxaFIfKBZQNeDmyw8PlLR
c3ntrC8TTZe05WkbERUHVG9RmnUM2pLfoCmK0Mq3gxPm0K1gpXd683vb+P4aiepV
32DCUbILYfFHf4k9eJwqt7qcFjo3tzMhY/e7vmX9xCsQxSuj8Kf+bEg3peDLC6Qz
sQ0gDIo9esFOpf3aF0MG97W25q6TW1cfLTstTP2D4aOAt18vd5kSWZb2yDERHf8o
mqGskOIHwhSlOoHctZZ2VLB7DgKCoXGLXrtsfH9UQeNIiI0yJV1q4lKzO3IJmDGL
ByTPk89xLPCQU4fCPFOJQdPRauTuH7cAFXp95lEyl7rEfBxM1mZ05PuSuZYfs7Se
peRdxeRhZlxdW9tOCuaB
=8X9L
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
