pfSense

Essentially this relates to the fact when you have an interface bound to an OpenVPN tun device when the VPN is a client, the interface doesn't configure itself as normal.

Firstly, the interface has to be defined as a static IP address, which OpenVPN will change via ifconfig to it's dynamic address. It's a bit disingenuous. We should be able to set the interface to DHCP and a dynamic gateway and IP address is assigned when OpenVPN sets up the interface, even though it's not dhclient that is doing the work as a normal DHCP interface, but a script that reads all the information from OpenVPN's connection set up.

Similarly, via DHCP, there are a number of DHCP options that OpenVPN supports, such as setting up the DNS server and other stuff, which aren't pulled from the OpenVPN device when the connection is established.

While the pfSense OpenVPN server mode supports all the configuration of these options, when in client mode it doesn't.

For reference here are all the options in question:

- push "dhcp-option DOMAIN domain.com"
- push "dhcp-option DNS 10.0.0.1"
- push "dhcp-option WINS 10.0.0.2"
- push "dhcp-option NBDD 10.0.0.3"
- push "dhcp-option NTP 10.0.0.4"
- push "dhcp-option NBT 1"
- push "dhcp-option NBS DOMAIN_REALM"
- push "dhcp-option NBS DISABLE-NBT"

What is really needed is when an interface is brought up, some something like this pseudocode needs to be run:

if (interface_type openvpn) {
create_interface_from_openvpn_interface()
create_gateway_from_openvpn_interface()
set_up_dhcp_options_on_openvpn_interface()
}
else if (interface_type standard_ethernet) {
run_ifconfig_to_setup_normal_interface()
run_dhclient_to_setup_normal_interface()
}