From 03731db31bfb22fcd0f169c692757826638dcc57 Mon Sep 17 00:00:00 2001 From: james Date: Sat, 2 Aug 2008 08:02:53 +0000 Subject: Added "--server-bridge" (without parameters) to enable DHCP proxy mode: Configure server mode for ethernet bridging using a DHCP-proxy, where clients talk to the OpenVPN server-side DHCP server to receive their IP address allocation and DNS server addresses. Added "--route-gateway dhcp", to enable the extraction of the gateway address from a DHCP negotiation with the OpenVPN server-side LAN. Modified client.conf and server.conf to reflect new option modes. Incremented version to 2.1_rc9a. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3164 e7ae566f-a301-0410-adde-c780ea21d3b5 --- sample-config-files/client.conf | 2 +- sample-config-files/server.conf | 30 +++++++++++++++++++----------- 2 files changed, 20 insertions(+), 12 deletions(-) (limited to 'sample-config-files') diff --git a/sample-config-files/client.conf b/sample-config-files/client.conf index 9dd3a65..58b2038 100644 --- a/sample-config-files/client.conf +++ b/sample-config-files/client.conf @@ -100,7 +100,7 @@ key client.key # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. -;ns-cert-type server +ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. diff --git a/sample-config-files/server.conf b/sample-config-files/server.conf index f80ce8b..f483b6b 100644 --- a/sample-config-files/server.conf +++ b/sample-config-files/server.conf @@ -114,6 +114,18 @@ ifconfig-pool-persist ipp.txt # out unless you are ethernet bridging. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 +# Configure server mode for ethernet bridging +# using a DHCP-proxy, where clients talk +# to the OpenVPN server-side DHCP server +# to receive their IP address allocation +# and DNS server addresses. You must first use +# your OS's bridging capability to bridge the TAP +# interface with the ethernet NIC interface. +# Note: this mode only works on clients (such as +# Windows), where the client-side TAP adapter is +# bound to a DHCP client. +;server-bridge + # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these @@ -170,22 +182,18 @@ ifconfig-pool-persist ipp.txt # all IP traffic such as web browsing and # and DNS lookups to go through the VPN # (The OpenVPN server machine may need to NAT -# the TUN/TAP interface to the internet in -# order for this to work properly). -# CAVEAT: May break client's network config if -# client's local DHCP server packets get routed -# through the tunnel. Solution: make sure -# client's local DHCP server is reachable via -# a more specific route than the default route -# of 0.0.0.0/0.0.0.0. -;push "redirect-gateway" +# or bridge the TUN/TAP interface to the internet +# in order for this to work properly). +;push "redirect-gateway def1 bypass-dhcp" # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats -;push "dhcp-option DNS 10.8.0.1" -;push "dhcp-option WINS 10.8.0.1" +# The addresses below refer to the public +# DNS servers provided by opendns.com. +;push "dhcp-option DNS 208.67.222.222" +;push "dhcp-option DNS 208.67.220.220" # Uncomment this directive to allow different # clients to be able to "see" each other. -- cgit