dhcp-relay over tun interface - solution?
Simon Hobson
dhcp1 at thehobsons.co.uk
Thu Dec 19 13:03:52 UTC 2013
Stefan_Bauer wrote:
>we want to use the dhcp-relay binary to relay over a openvpn tunnel interface:
>
>12: tunTEST: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
> link/none
> inet 1.2.3.6 peer 1.2.3.5/32 scope global tunTEST
> valid_lft forever preferred_lft forever
>
>
>How can we achieve this?
>
>I found this
>
>http://kabru.eecs.umich.edu/bin/view/Main/DhcpRelayUseSocket
>
>but the patch is not working with newer releases.
OK, the problem is that back when the code was originally designed, there was no obvious need to work over anything but "ethernet like" networks. The code uses packet filters to access the packets before the OS gets a look at them - this is *required* in order to talk to clients (to receive their broadcast requests, and to broadcast replies back to them).
AIUI, it's a compile time switch to use sockets - which will let you talk to the server - but then won't let you talk to the clients on the local network.
While many people recognise the need to alter this (eg talk broadcast to the client while using a non-broadcast medium (VPN, PPP, etc) to the server), it's not likely to happen unless someone sponsors or contributes the code.
One option is to run a relay on <some device> on the client network. It can be pretty well anything and does *NOT* have to be in the router. This can then use unicast packets back to the server which will be routed just fine over the VPN.
More information about the dhcp-users
mailing list