Different dhcpd.conf options for the same networks

Hello,

QUICK:
how do assign options to remote vpn clients that request ip address
differently from local lan clients even if they share the same subnet ?

LONG:
I have configured an host with OpenVPN in bridged mode.
Here I have:
eth0, internal, bridged with br0
eth1, external, connected to the Nat router.

On this machine runs (don't blame me) dhcpd that (please don't blame me
anymore) give leases to the internal Lan clients, and, because it must
listen on br0, to the 'remote lan' clients.

Problem: local Lan pc's must have as default gateway br0's ip address to
surf the Internet, that is:
option routers a.b.c.d;
Naturally this couldn't be right for the VPN clients,because they will
have a different gateway already assigned, but now they receive the same
configurations.

I have thought to build a 'known clients' pool for the lan with the
gateway option, and an 'unknown clients' pool for the vpn clients
without the gateway option.

Is there another solution based on the fact that dhcp request for the
vpn clients doesn't come from the internal lan ?


I hope I've been clear enough

-- Diesis

Diesis wrote:

> Problem: local Lan pc's must have as default gateway br0's ip address to
> surf the Internet, that is:
> option routers a.b.c.d;
> Naturally this couldn't be right for the VPN clients,because they will
> have a different gateway already assigned, but now they receive the same
> configurations.

Sure it can. When you run openvpn, a net route is added, pointing to the
lan, where it can now find the default gateway. If not, just add the
appropriate route command to the vpn script.

--

(This space intentionally left blank)

James Knott wrote:

> Sure it can. When you run openvpn, a net route is added, pointing to the
> lan, where it can now find the default gateway. If not, just add the
> appropriate route command to the vpn script.

Ok, let me explain again:

Now, via openvpn, the remote client gets all routes correctly, but dhcp
adds this route (that is corrected for lan clients, but not for vpn):

0.0.0.0 0.0.0.0 a.b.c.d
#network #netmask #gw

On the windoze client I need to manually enter
C:\> route delete 0.0.0.0 a.b.c.d.
to clear this added default route, and use the real default route to
surf the Internet and reach my 'remote' host.

Options are:
a) Let openvpn _delete_ this erroneous route on the vpn client (windoze)
b) Let dhcp distinguish between local and remote client and don't send
default gw option to them (seen a patch for this on the isc website, but
this harms me....)

How do I do one of this ?

--
Diesis

Diesis wrote:

> James Knott wrote:
>
>> Sure it can. When you run openvpn, a net route is added, pointing to the
>> lan, where it can now find the default gateway. If not, just add the
>> appropriate route command to the vpn script.
>
> Ok, let me explain again:
>
> Now, via openvpn, the remote client gets all routes correctly, but dhcp
> adds this route (that is corrected for lan clients, but not for vpn):
>
> 0.0.0.0 0.0.0.0 a.b.c.d
> #network #netmask #gw
>
> On the windoze client I need to manually enter
> C:\> route delete 0.0.0.0 a.b.c.d.
> to clear this added default route, and use the real default route to
> surf the Internet and reach my 'remote' host.
>
> Options are:
> a) Let openvpn _delete_ this erroneous route on the vpn client (windoze)
> b) Let dhcp distinguish between local and remote client and don't send
> default gw option to them (seen a patch for this on the isc website, but
> this harms me....)
>
> How do I do one of this ?
>

Assuming you followed the how-to, you have a "home.up" script, that you run
to start the vpn. Place any route commands in there, or what ever script
you use to start the vpn.

man route for details on adding and removing routes



--

(This space intentionally left blank)

James Knott wrote:

> Assuming you followed the how-to, you have a "home.up" script, that you run
> to start the vpn. Place any route commands in there, or what ever script
> you use to start the vpn.
> man route for details on adding and removing routes

The erroneous route is on the windoze machine.
I dunno (I'm a 2 day old user of OpenVPN...) of a route statement in
..ovpn windows config files that could _delete_ routes neither a way to
automatically launch batch files after connecting (Dos prompt windows
are not good looking for my 'management_class' users...).
In the meantime I've found on this document
(http://openvpn.sourceforge.net/INSTALL-win32.html) a reference to a
trick for dhcpd.conf by Dave Lau that is based on the fact that TAP
virtual network card has the MAC address starting with 00:FF:xx:xx:xx:xx.
I think this is enough for me.

--
Diesis

Diesis wrote:

> The erroneous route is on the windoze machine.
> I dunno (I'm a 2 day old user of OpenVPN...)

Well, this is a Linux group. I haven't come across that problem in Windows,
because I don't use Windows. However, there are commands in Windows as
well for controlling routes.


--

(This space intentionally left blank)

James Knott wrote:

> Well, this is a Linux group.

Yo, sure !
The initial question was about isc dhcpd, it wasn't ?


--
Diesis

Diesis wrote:

> James Knott wrote:
>
>> Well, this is a Linux group.
>
> Yo, sure !
> The initial question was about isc dhcpd, it wasn't ?
>
>

That's what I thought, but apparently the OP is talking about Windows.

--

(This space intentionally left blank)