re [KLUG Members] OpenVPN & DHCP

Mike Williams knightperson at zuzax.com
Sun Jun 19 17:50:37 EDT 2005

Previous message: [KLUG Members] OpenVPN & DHCP
Next message: re [KLUG Members] OpenVPN & DHCP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>
>I'm getting very close to testing an OpenVPN setup, but have become
>stumped at the server config.
>
>1. How can I limit the OpenVPN server to a DHCP range subset when
>another DHCP server exists on the LAN?
>
>Current DHCP server serves range x.x.x.100 to x.x.x.175
>
>I want the OpenVPN server to use x.x.x.76 to x.x.x.200
>
>The only related config parameter in server.conf is
> 
>server x.x.x.0 255.255.255.0
>
>2. The above config line also sets the OpenVPN server at x.x.x.1
>
>But the current DHCP server is at that address.  The OpenVPN server
>already has it's own address on the LAN, will it assume another one as
>the VPN server?  If so, how do I set it so it won't conflict?
>  
>
The new IPs that OpenVPN needs will not be created on the LAN, they'll 
be created in a new range, as part of a new network.

When OpenVPN starts it creates tun0, which appears as an additional 
network adapter.  The tunnel interface needs an IP address on an IP 
range separate from what you're using on the other adapters so it can 
route properly.  Pick a private range that you're not using for anything 
else.  If you're establishing secure communictation between two machines 
on the Internet, each machine will have an IP address on two networks:  
the Internet, and the encrypted network with the private range.  If the 
machines are also firewalls or routers for private IPs on an inside LAN, 
they will be members of three networks:  private LAN, Internet, and tunnel.

My firewall/VPNs are set up this way:  Each has an Internet IP, an 
internal IP (192.168.40.x and 192.168.41.x for the two sides), and a 
tunnel IP (172.16.5.1 and 172.16.5.2).  So there's a total of four 
networks between them, if you count the Internet only once:  Kalamazoo 
internal, Grand Rapids internal, Internet, and the tunnel "network" of 
IPs.  In theory, I could add a third machine (and more if I wanted to 
deal with some really messy routing tables) at 192.168.42.x inside and 
172.16.5.3 for the tunnel IP. 

Does that help?

Previous message: [KLUG Members] OpenVPN & DHCP
Next message: re [KLUG Members] OpenVPN & DHCP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list