A couple of thoughts come to mind. First, if node 254 is always active then "well-behaved" DHCP clients should test for that and never accept that address. Second, if OpenVPN is using that address then hopefully the developers had enough foresight to prevent it from passing out that address. Third, if two devices start using .254 and one of them is a DHCP server and the other isn't then there is still no problem because the client request is a broadcast and the DHCP server will offer an IP address while the other unit won't respond. The problem situation would be if the OpenVPN (i.e. DHCP) server was down and only the other device was up but, in that case, is it really an issue since the OpenVPN server is down - is anything going to work in that case?
I hope x.y.x.0/24 isn't in the 192.168.0.0/16 range, especially the low end, the reason is that a lot of hardware devices providing DHCP support use that range. If you are using something in that range you might actually have a rogue DHCP server somewhere, I realize that's probably not a high likelihood but should at least be mentioned so it can be ruled out. A possible approach to gaining additional insight would be to look at MAC addresses. In particular, what are the MAC addresses for nodes 1 and 254? Knowing that might help. I'm assuming that the OpenVPN subnet is different than the physical media subnet and different than any other subnet in the intranetwork, correct? In other words, if the OpenVPN subnet is x.y.z.0/24 then the "cable" subnet it is on is something like a.b.c.0/24 and no other subnet within the internal network uses x.y.z.0/24. I understand your not wanting to share too many technical details about your network but some context might help. Other than the WAN address(s) are you using private or Internet routable IP addresses? Are the VPN clients coming in over a firewall or some other configuration? Are they "road warrior" (non-VPN IP address likely varies) or fixed location (less likelihood of varying non-VPN IP address). If so is the OpenVPN server on the firewall or elsewhere on the internal network? If it's on the firewall, does it have a unique Internet routable address or is it sharing the address with the firewall? More out of curiosity than anything else, what distribution is hosting the OpenVPN server? On 12/01/2015 07:11 PM, Jason Haar wrote: > Hi there > > I'm running an openvpn server with a /24 netmask for available IP client > addresses. We're still under 100 clients so this hasn't become an issue > yet, but I just noticed that a Windows client was saying it got it's > openvpn IP client address from a DHCP server running on the .254 address... > > The server is actually set up to use the .1 address (ie "ifconfig > x.y.z.1 255.255.255.0"), so as far as I'm concerned, the .254 address is > available for a client. But the last thing I want is a client getting > that address and suddenly unicast DHCP queries start failing (because > they're hitting a client instead of a server) > > I know the is "DHCP emulation" - which could mean this is all > smoke-n-mirrors and doesn't actually have any negative effect - but I > thought I'd ask. But I would also ask why it couldn't have declared > itself to be the .1 address - as that is internally consistent? > > Thanks > ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
