openvpn + dhcpd, jak na to ?

[Premysl Hruby]

On (22/09/08 15:08), Havrla wrote:
> To: Diskuse o Linuxu v cestine <linux na linux.cz>
> From: Havrla <havrla na lhotkanet.cz>
> Subject: openvpn + dhcpd, jak na to ?
> User-Agent: Thunderbird 2.0.0.16 (X11/20080723)
> Reply-To: Diskuse o Linuxu v cestine <linux na linux.cz>
> List-Id: Diskuse o Linuxu v cestine <linux.linux.cz>
> 
> Zdravim ...
> 
> Mam openvpn v nasledujici konfiguraci, a nejak se mi nedari vypnout 
> vastni dhcp z openvpn a prirazovat VPN stanicim ip z lokalniho dhcpd:
> 
> cat /etc/openvpn/server.conf
> port 1194
> proto udp
> dev tap0
> ca klice/ca.crt
> cert klice/server.crt
> key klice/server.key  # This file should be kept secret
> dh klice/dh1024.pem
> ifconfig-pool-persist ipp.txt
> server-bridge 192.168.185.1 255.255.255.0 192.168.185.110 192.168.185.150
> #push "route 192.168.11.0 255.255.255.0"
> ;push "redirect-gateway"
> push "dhcp-option DNS 192.168.185.2"
> client-to-client
> #duplicate-cn
> keepalive 10 120
> cipher AES-128-CBC   # AES
> comp-lzo
> max-clients 100
> #user nobody
> #group nobody
> persist-key
> persist-tun
> log-append  /var/log/openvpn.log
> verb 3
> ;mute 20
> crl-verify klice/crl.pem
> #learn-address ./client_upd.sh
> 
> co tu smazat a pridat ?
> 
> 
> Prosim prosim nakopnete mne nekdo. Ja zkousel ledascos, ale nikdy mi 
> openvpn server nenajel :-(
> 
> 
> havrla

Hi,

jednoduche, nepouzivejte volbu server-bridge, ta je vlastne jenom
syntactic sugar, expanduje na volby mode server, tls-server,
ifconfig-pool (to je ve vasem pripade prave ten dhcp server, viz ten
rozsah 192.168.185.110-150), a pushne defaultni gateway pro routy,

ve vasem pripade tak staci misto toho server-bridge pouzit nastaveni:

mode server
tls-server
push "route-gateway 192.168.185.1"

a to je cele, pak se klient normalne zepta vaseho dhcp stroje v siti
192.168.185.0/25

vice viz man openvpn, a zminene optiony.

-Ph

-- 
Premysl "Anydot" Hruby, http://www.redrum.cz/