You are here: start / linux / debian / openvpn_dhcp_interface

Table of Contents

About

OpenVPN can be used to connect to an OpenVPN server after which it is possible to run dhclient in order to pull an address from the server. However, there is a Debian way to accomplish that by letting the distribution take care of bringing the interface up and acquiring a lease from the OpenVPN server.

Server

The OpenVPN server can be configured to bridge the OpenVPN interface to the interface that DHCP listens on or it can be a standalone interface as long as DHCP is configured via /etc/default/isc-dhcp-server to listen on the tap interface created by OpenVPN.

Client

In order to configure the client to let Debian bring up the tap interface once OpenVPN establishes a connection, the /etc/network/interfaces file has to be edited in order to add the following configuration: 

auto tap0
iface tap0 inet dhcp
    hostname rw
    client rw
    hwaddress ether A6:07:AD:7E:54:8F

where:

  • tap0 is the tap interface created by OpenVPN and configured in /etc/openvpn/
  • rw is the DHCP client-id that is sent to the DHCP server when requesting an address lease - it can be any name and it should most likely be the hostname of the connecting machine.
  • A6:07:AD:7E:54:8F is a MAC hardware address that you can generate in order to ensure that openvpn will always send the same MAC address to the DHCP server such that the client always gets the same IP address on the network you are connecting to.

After that, the OpenVPN configuration has to be altered in order to make OpenVPN execute some scripts telling Debian to bring the interface up and down whilst requesting, respectively releasing the IP address. In order to do that, edit the client configuration in the /etc/openvpn/ directory and add the following directives to the client configuration file: 

script-security 2
up "scripts/up.sh"
down-pre "scripts/down.sh"

Next, create the directory /etc/openvpn/scripts where the two scripts (up.sh and down.sh) will be placed.

The up.sh script consists in:

up.sh
#!/bin/sh
ifdown tap0 2>/dev/null
ifup tap0 &

and the down.sh script is:

down.sh
#!/bin/sh
ifdown tap0 2>/dev/null

where tap0 is the tap device and may have to be amended.

Capturing DHCP Client Identifier for Static Leases

On the server side it is possible to capture the DHCP client identifier sent by dhclient in order to give an OpenVPN client a static lease. The following example captures the DHCP client identifier rw (configured in /etc/network/interfaces as per the previous section) and assigns a fixed address 192.168.1.30: 

host rw {
    option dhcp-client-identifier "rw";
    fixed-address 192.168.1.30;
}
linux/debian/openvpn_dhcp_interface.txt ยท Last modified: 2022/04/19 08:28 by 127.0.0.1
You are here: start / linux / debian / openvpn_dhcp_interface

Wizardry and Steamworks

© 2025 Wizardry and Steamworks

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.