Fedora Networking :: How Can Openvpn Get An Ip From Dhcp
May 14, 2009
i've set up an openvpn server (with dhcp running on it) and i have to create compatible clients.the problem is how to get an ip by dhcp.with ubuntu i made a script like this
/sbin/ifconfig tap0 up
/sbin/dhclient -e tap0
and everything works fine:tap0 goes up and then start a dhcp request to the server on tap0with fedora there is a nice problem i've noticed that is impossible to run dhclient later on a new interface because i receive this error "dhclient is already running".the tap0 goes up normally but i receive this error when i attempt to get an ip.is there a simple way to get an ip?if i try to kill or restart dhclient when the vpn tunnel is up,all'interfaces lost theirs ip and network goes down crashing my vpn...
I have openvpn tunnel setup between two CentOS servers. One of the CentOS servers also acts as a DHCP server for some client computers.
Server A= OpenVPN server Server B= OpenVPN client (connects to Server A with OpenVPN)
The two CentOS servers can ping each other (172.16.0.0/24) via the tun0.
However, client computer connected to Server B (DHCP server) can't reach 172.16.0.1 (which is the OpenVPN server).
I think I am missing some routing in my "ip route show". Following is the full picture:
What command can I issue to get this fixed? something along ip route add?
There is no firewall service on both end. service iptables stop! I can't bridge eth1 and tun0 as DHCP server might mess up the other side. I can't do a push of "redirect-gateway def1" because then clients loose their IP as they send DHCP requests to Server A.
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
Is there anyway you can configure either OpenVPN client or the system to allow connections using OpenVPN to be made to computers on the OpenVPN network using their alias rather than their IP address. This may sound blasphemous but you can in Windows. That is if the VPN network is say 10.x.0.x I could connect to Comp4 or Comp2 using Comp4 or Comp2 not 10.x.0. 4 or 10.x.0.2 or whatever IP is allocated by the OpenVPN server. If the OpenVPN server has not been restarted then it will usually allocate the same IP every time the same client connects.
This is the first one of probably many posts as I am new to Fedora having lots of questions. This one is about the openvpn client which is used by me to connect to my company network. Thanks to the Fedora FAQ it was easy for me to set up the client and establish a connection. There is just one problem every time I open a connection I am disconnected from my local Internet. I was using openvpn on my Windows XP PC before and there was no problem keeping two Network connections, the (W)LAN and the vpn tunnel. Does anyone know how to solve this? I am utilizing the latest Fedora 11 release and configured openvpn client via the Network Manager GUI.
I have (seemingly regretfully) finally upgraded my Fedora Core 7 linux machine that has served me so well for the past decade. One of the final pieces to put in place was my Openvpn config (which was running flawlessly on my FC7) which I cannot get to work.
Here are my steps.
1. Disabled SELinux
2. Added the following entry in my iptables: (although I've stopped iptables to help troubleshoot) -A INPUT -i tap0 -j ACCEPT -A INPUT -i br0 -j ACCEPT -A FORWARD -i br0 -j ACCEPT
3. Yum installed openvpn and bridge-utils (btw I'm using bridging)
4. Configured my bridge-start script as such: #!/bin/bash # Set up Ethernet bridge on Linux # Requires: bridge-utils # Define Bridge Interface br="br0" .....
5. Configured my openvpn server conf as such: proto tcp-server port 5990 dev tap0 .....
When I execute my bridge-start script it creates the br0 and tap0 then all connectivity vanishes (I can only ping my gateway 10.0.0.50) - internet and any other addresses time out.
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address. When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo iface lo inet loopback auto vlan100 iface vlan100 inet static
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address.
When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo iface lo inet loopback auto vlan100
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
I am puzzled with trying to configure a linux (openSUSE) client to dhcp to eBox DHCP server. I am using dhclient to lease an IP address with dhclient eth0 -s 10.45.48.108 and get a response
openSUSE11232CL1 dhclient: DHCPDISCOVER on eth0 to 10.45.48.108 port 67 interval 4 openSUSE11232CL1 dhclient: DHCPOFFER from 10.45.48.108 openSUSE11232CL1 dhclient: DHCPREQUEST on eth0 to 10.45.48.108 port 67 openSUSE11232CL1 dhclient: send_packet: Network is unreachable openSUSE11232CL1 dhclient: send_packet: please consult README file regarding broadcast address.
The server reports eBox141 dhcpd: DHCPDISCOVER from 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0 eBox141 dhcpd: DHCPOFFER on 10.45.200.2 to 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
I interpret this as the server receives the request and the client accepting it but the lease does not last long and the connection breaks. what this could be and why the connection breaks? Or my undestanding is totally wrong on how it works and should work? And BTW, where is that README file that's referenced in the message I receive on the client?
Currently I have my eth0 interface getting a DHCP address but at times the DHCP server will not be reachable. Sooo what I would like my server to do is if it cannot find a DHCP server assign a static address to eth0. Then start the DHCP service so it can then dish out some addresses.How can I do this? Surely it is possible
I've recently installed OpenVPN on my dedicated server (Fedora) in order to have full internet access for all of my WinXP clients. In case somebody is interested in the details of the OpenVPN installation, I followed this documentation: Rootserver-as-OpenVPN-Gateway. The installation runs quire nicely, I'm able to surf the net and even file-sharing programs work on the XP clients - at least to some extent. There is a slight problem though: the file-sharing programs complain that they have a "NAT problem" or that they are "Firewalled".
Most likely, this problem can be addressed by configuring remote port forwarding (RPF) on the server. The only routing rules which I've added on the server during the OpenVPN installation are these: Code: # initialize natting for openvpn iptables -t nat -F POSTROUTING echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -s 10.66.66.0/24 -j MASQUERADE Let's assume a certain application on a client is listening on e.g. port 1234. How do I configure RPF for this port on the server side.
This was working and stable on f-10 and f-11. Fresh f-12 install including openvpn, Copied /etc/openvpn/* to new system as root from working f-11 syatem. /etc/init.d/openvpn start (and stop) works as advertised HOWEVER when set to start at boot using chkconfig or Services Configuration program, openvpn does not start. I must manually start it every time. When started, it does work without error messages in the log.
I tried removing the NetworkManager-vpn module with no effect. Thought it could somehow be overriding the auto startup of openvpn at boot.
I'm using Fedora Core 11 and the client OpenVPN on the network-manager into a segmented infrastructure. It works well.
My laptop is on a dmz wireless Zone 192.168.3.0/24 and access Internet through a firewall via a front-end zone 192.168.65.0/24 with wlan0 interface.
But my laptop can access on a back-end zone 192.168.2.0.24 to a server.
When I start the OpenVPN tunnel, I cannot access on my back-end zone because the kernel routing table is modified (all the traffic is routed through the tun vpn interface)
If I define a static route like route add -host 192.168.2.x gw 192.168.3.2 where x is my file serveur, I cannot connect to this server because the routing is make through the tun interface and not by the wlan0 who can access on is gateway
I want to know where changing the kernel routing table file to access on the Internet and on my back-end zone in a same time.
I have a problem with the Fedora 12 Network Manager - OpenVPN configuration. If I use the same configuration and manually start openvpn (as client) I get connected to the OpenVPN server and I can ping the network that I am accessing. With Network Manager - I get connected but when I try to ping is giving me "Destination host unreachable". The routing table looks similar except that when connecting with network manager is giving me on more route in table
Destination Gateway Genmask Flags Metric Ref Use Iface xxx.xxx.xxx.xxx 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0 192.168.0.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 192.168.171.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
Where xxx.xxx.xxx.xxx is the IP of the OpenVPN server. When connecting "manually" I this routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 192.168.171.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
What I do wrong in Network Manager? If I try to delete the route with xxx.xxx.xxx.xxx is disconnecting the vpn connection.
I want to run networking on my laptops in different environment (home, office, airport etc). I found that Netowrk Manager assigns information from DHCP although I requested fixed IP and configured the gateway and DNS. If I reconfigure the DHCP server so that there is no free IP address, the laptop refuses to connect. When I remove the interfaces from the network manager, I get the fixed IP address, /etc/resolv.conf is not overwritten from DHCP but WiFi connection cannot be established, there is no dialog for setting WPA-PSK. The static IP address seems to be taken into account only if the DHCP server is not found. I need the static address at home and in my office because I need the possibility to ssh to my laptop from another computer but I need IP from DHCP possibly authenticating against RADIUS (Eduroam) when travelling somewhere else. Is there an easy way how to achieve it and how to switch profiles easily? And I cannot switch DHCP off because some devices in my LAN cannot work without it.
how to let iptables to allow dns & dhcp distributions from the server to the clients only w/out exposing the port dhcp port udp 67,68 and tcp port 67,68 as well from the outside world.DHCP only uses udp, but still I also allowed tcp ports as well just to be sure & also I already allow DNS ports in the firewall w/c is not inluded below. linux newbie here,
when i issued the command below to allow those ports only to the internal network the firewall still blocking it. what seems to be the problem?? #iptables -A INPUT -m iprange --src-range 192.168.0.1-192.168.0.254 -p udp --dport 67 -j ACCEPT
I have got DHCP issues with Network Manager. Whenever I try to connect using static IP it works, but when I use use Netowork Manager with DHCP, it seems to try to connect and soon says "Network Disconnected"..I've managed to connect to wlan and eth using network, so there shouldn't be any hardware/driver issue.
We have a network of 20 boxes and the router dealt with DHCP, but I'm planning to assign the DHCP task to the linux box. Any heads up? eth card configuration, network topology... etc.?
I noticed that my internet connection wasn't automatically brought up each time I logged into Fedora so I opened the system-config-network tool and edited my network adapter by checking the box marked "automatically start at boot/login." To my surprise, the connection went down and upon trying to click on the device to let the manager bring up the connection the greyed-out phrase "device not managed" appeared underneath the device name and wouldn't allow me to connect.
Even when I used ifconfig/dhclient to get the connection up nothing happened. I could get the router to assign an IP address through DHCP, pinged a few sites to make sure it was legit, but still couldn't use firefox to browse anything. Seems as if network manager GUI is conflicting with command line attempts to bring the network up. I'd like to permanently disable system-config-network if possible because it's acting screwy!
Yes, another newbie question. Just loaded and updated FC 10. Everything works great with dhcp. Tried to setup static ip to learn more about how to set it up and nothing seems to work. I'm connected to DSL via a router when I ifconfig I get:(basic stuff)inet addr: 192.168.1.7 Bcast: 192.168.1.255 Mask: 255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
I have also tried default gateway 192.168.1.255 and 192.168.1.254.Most of what I have tried above has come from linux websites and faq's.Keeping in mind I am worst than any new newbie you have ever worked with
I can access internet when my eth0 is set toDHCP client. But when I set static I can ping goole.com... but my Firefox browser doesn't connect to Interent!
I'm pulling my hair out to figure out what's gone wrong. I have a small home network with a router and 4 computers, 3 linux boxes and 1 windoze machine.The windoze machine and 2 of the linux boxes (newer ones, one with FC11 and the other with Ubuntu Hardy) are using the router's "Set Static IP" option just fine. However an older FC5 machine I have always gets its IP assigned randomly. As this is the machine I ssh into from overseas via a Dynamic DNS, this is a huge frustration when the power goes off or I need to restart the machine. It's usually 192.168.0.2 but sometimes 192.168.0.3 and occasionally other numbers as well. It _should_ be 192.168.0.130. As near as I can tell, I'm doing everything the same between the machines. The router config is very simple and works for the other systems so I suspect I may have a legacy tweak that I did years ago that's causing the problem.
Anyone know what I can try? I'm afraid I'm not a networking guru (ahem, wouldn't be posting if I were!) so things like "check the this" will be more helpful if there's a clear example. "Check the this...emacs /etc/thisfile/config" and see if XYZ option is TRUE" is far more useful. Again, many thanks. If none of the systems were working right then it would be totally different...but 3 seem to work just fine and happily get their assigned static IPs. It's the one non-conformist that's the trouble...
I decided to forgo my router's DHCP capabilites and try to make a random computer at my home take on the job.
First of all here's my network topology:
I have a cable modem hooked up to eth0 on my linux box, and this is where my internet comes from and works fine.
I also have another ethernet, eth1, which is connected to a wireless router in bridge mode. My end goal is to have my linux box sit between my internal network and the outside world. Thus it will need to act as a DHCP server, a NAT and as a firewall. Right now I'm just focused on the DHCP part.
Here is a copy of my dhcpd.conf file:
My /etc/sysconfig/dhcpd file has:
However the issue is that it is still listening on eth0. and not issuing any leases on my internal network.
What I think is happening is that it's not recognizing the 10.0.1.x subnet because my router is issuing leases on the 169.254.193.x, even though I put it on bridge mode. But I could be totally off mark.
Also running tcpdump on eth1, I can see requests coming in for dhcp, but my server isn't responding to them.
I have installed Fedora 10 on my A860 Dell Vostrol Laptop with AR242X Atheros Wireless card. Wireless card worked out of the box and i could detect wireless network and connect to it. But i have a problem that, my wireless connection is not able to get IP address from the DHCP server. Please help me out what can i do to get this working. I am using WEP security and authentication is open system.
I have windows 7 beta installed on the same machine and on that wireless network works fine so i am sure that there is no problem with the wirless network. I am using DIR-300 router from D-LINK. I tried to see packet log on wireshark and there i see that there is no reply to the DHCP discover message. Actually i don't see any RX packets at all. Which is not normal as there is traffic on the network.
When I install Fedora 10 on a new system, I let it default to DHCP. Later, I change the system to a fixed IP address by running system-config-network, selecting eth0, clicking on "Edit", clicking on "Statically set IP addresses:" and filling in the blanks. Is it possible to accomplish the same thing using commands that could be entered in a script? I assume one of them would be
is it possible to setup a DHCP server using the loopback or a virtual interface? I installed Sun VirtualBox on my fedora system and want to try and kickstart them from within the same box on a virtual network. Is this possible and has anyone done it? I only have a single NIC in the box and it is on my public network.
