Feature #753
openAdd OpenVPN foreign_option support
0%
Description
- redirect-gateway def1
- DNS server(s)
- domain name
Those look to be the only ones applicable here.
Updated by Ermal Luçi over 14 years ago
- Status changed from New to Feedback
Can you please be more specific on this?
Updated by Mr Horizontal about 14 years ago
Essentially this relates to the fact when you have an interface bound to an OpenVPN tun device when the VPN is a client, the interface doesn't configure itself as normal.
Firstly, the interface has to be defined as a static IP address, which OpenVPN will change via ifconfig to it's dynamic address. It's a bit disingenuous. We should be able to set the interface to DHCP and a dynamic gateway and IP address is assigned when OpenVPN sets up the interface, even though it's not dhclient that is doing the work as a normal DHCP interface, but a script that reads all the information from OpenVPN's connection set up.
Similarly, via DHCP, there are a number of DHCP options that OpenVPN supports, such as setting up the DNS server and other stuff, which aren't pulled from the OpenVPN device when the connection is established.
While the pfSense OpenVPN server mode supports all the configuration of these options, when in client mode it doesn't.
For reference here are all the options in question:
- push "dhcp-option DOMAIN domain.com"
- push "dhcp-option DNS 10.0.0.1"
- push "dhcp-option WINS 10.0.0.2"
- push "dhcp-option NBDD 10.0.0.3"
- push "dhcp-option NTP 10.0.0.4"
- push "dhcp-option NBT 1"
- push "dhcp-option NBS DOMAIN_REALM"
- push "dhcp-option NBS DISABLE-NBT"
What is really needed is when an interface is brought up, some something like this pseudocode needs to be run:
if (interface_type openvpn)
{
create_interface_from_openvpn_interface()
create_gateway_from_openvpn_interface()
set_up_dhcp_options_on_openvpn_interface()
}
else if (interface_type standard_ethernet)
{
run_ifconfig_to_setup_normal_interface()
run_dhclient_to_setup_normal_interface()
}
Updated by Chris Buechler almost 14 years ago
- Tracker changed from Bug to Feature
- Subject changed from OpenVPN 'dhcp-option' commands in push replies aren't honoured to Add OpenVPN foreign_option support
- Status changed from Feedback to New
- Target version deleted (
2.0) - Affected Version deleted (
2.0)
OpenVPN interface assignments work fine set to type "none" as they should be, they have an automatically handled dynamic gateway which works. The only remaining thing here is that we ignore the few options that can be pushed in our up script. Which is by design (it's not broken, it isn't there), hence this is a feature.