I have got working VPN connection through openvpn, but I would like to use also my DHCP server and not openvpn's push feature.
Currently everything works fine, but I have to manually start dhcp client, eg. dhclient tap0 and I get IP and other important stuff from my DHCP, is there any directive which start DHCP Client when connection is established?
There is my client's config:
remote there.is.server.com
float
dev tap
tls-client
#pull
port 1194
proto tcp-client
persist-tun
dev tap0
#ifconfig 192.168.69.201 255.255.255.0
#route-up "dhclient tap0"
#dhcp-renew
ifconfig 0.0.0.0 255.255.255.0
ifconfig-noexec
ifconfig-nowarn
ca /etc/openvpn/ca.crt
cert /etc/openvpn/encyNtb_openvpn_client.crt
key /etc/openvpn/encyNtb_openvpn_client.key
dh /etc/openvpn/dh-openvpn.dh
ping 10
ping-restart 120
comp-lzo
verb 5
log-append /var/log/openvpn.log
Here comes server's config:
mode server
tls-server
dev tap0
local servers.ip.here
port 1194
proto tcp-server
server-bridge
# Allow comunication between clients
client-to-client
# Allowing duplicate users per one certificate
duplicate-cn
# CA Certificate, VPN Server Certificate, key, DH and Revocation list
ca /etc/ssl/CA/certs/ca.crt
cert /etc/ssl/CA/certs/openvpn_server.crt
key /etc/ssl/CA/private/openvpn_server.key
dh /etc/ssl/CA/dh/dh-openvpn.dh
crl-verify /etc/ssl/CA/crl.pem
# When no response is recieved within 120seconds, client is disconected
keepalive 10 60
persist-tun
persist-key
user openvpn
group openvpn
# Log and Connected clients file
log-append /var/log/openvpn
verb 3
status /var/run/openvpn/vpn.status 10
# Compression
comp-lzo
#Push data to client
push "route-gateway 192.168.69.1"
push "redirect-gateway def1"
Yes, it is possible.
if you pass "--up cmd" to the openvpn process.
the UP switch is defined as " Shell command to run after successful TUN/TAP device open (pre --user UID change). The up script is useful for specifying route commands which route IP traffic destined for private subnets which exist at the other end of the VPN connection into the tunnel."
You can use standard network management scripts from your distribution. I solved this problem in CentOS 6.6 and the trick was to use different interface name than tap0. The problem was that scripts assume that tap* interfaces are brought up during boot and that prevents hotplug scripts from configuring openvpn interface. So,
In the /etc/openvpn/client.conf write:
instead of:
Next create configuration file /etc/sysconfig/network-scripts/ifcfg-priv0
And you are done! /etc/sysconfig/network-scripts/net.hotplug script will call "ifup priv0" after openvpn service has created priv0 interface. The problem however is that dhcp leases are not released when openvpn service is brought down. That's because interface is already removed when net.hotplug script is informed, so dhcp client cannot pass any data throug the tunnel. This could be fixed by adding pre-down script, like "ifdown priv0", to openvpn configuration. I had selinux running and I didn't bother to workout new rules to allow openvpn process call ifdown script.