On Fri, Dec 4, 2015 at 7:16 PM, Jan Just Keijser <janj...@nikhef.nl> wrote:
> Hi Selva, *,
>
>
Hi!
>
> On 04-Dec-15 06:55, Selva Nair wrote:
>
> On Fri, Dec 4, 2015 at 12:01 AM, Leroy Tennison <
> <leroy.tenni...@verizon.net>leroy.tenni...@verizon.net> wrote:
>
>> A couple of thoughts come to mind. First, if node 254 is always active
>> then "well-behaved" DHCP clients should test for that and never accept
>> that address.
>>
>
> All this dhcp thing is just an exchange between the TAP interface and the
> DHCP client on the same machine. Its not a "rogue dhcp server" on the
> network.
>
> I think I have added way too much to the confusion...
>
> let's add some more confusion:
>
>
I've set up an openvpn server with a 10.200.0.0/24 subnet and two clients.
> One windows client, the other linux (I don't have many windows clients
> available). The windows client got a regular address from the pool, the
> linux client received 10.200.0.254 using 'ifconfig-push'.
> The "dhcp server address" listed on the windows client is 10.200.0.254 but
> when the linux client is not connect there are no responses to ping. I do
> see the traffic entering the vpn server, however.
> When the linux client is connect, I can ping the 10.200.0.254 address from
> Windows and traffic does indeed appear on the linux client.
>
As expected :)
To add to that, try to push 254 to the windows client (change the linux
client's IP, to be nice ) and you will rightly get an fatal error saying
the dhcp IP cannot be the same as that of the client. Then try running the
windows client with "--ip-win32 dynamic 0" and it will now take the 254
happily as the dhcp server address with offset 0 will be 10.200.0.0
>
> My conclusion would be : the 10.200.0.254 dhcp server address is truly a
> bogus address and can be safely used.
>
Bogus or clever, the way you look at it. In the dhcp-masquerade mode, local
DHCP packets from the kernel are intercepted and replied to by the tap
driver on the client -- OpenVPN or the tunnel network sees nothing of it.
> What I do not know is what will happen if a second *windows* client gets
> this address.
>
That would be fine too. Say the second client gets 10.200.0.3 with dhcp
server at 10.200.0.254 (the default). The client will send the dhcp packet
to .254 (or to 255.255.255.255 if its the first time), the tap driver will
reply to it and all will be fine. The dhcp server being just some magic
serviced by the local tap driver, there should be no issues.
The suggestion to use .0 as the dhcp server address is meaningful, but
> using the .0 address (i.e. the subnet network address) can break legacy
> software under rare circumstances.
>
I think all modern versions of windows should be ok with it and dhcp server
is used only on windows, right? I'll do a test on XP if I can get hold of a
machine.
The nice thing about using .0 by default is that it will then agree with
the documentation !
Cheers,
Selva
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
