Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] OpenVPN over an interface that uses DHCP
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pa4wdh
Guru
Guru


Joined: 16 Dec 2005
Posts: 396

PostPosted: Mon Jul 04, 2011 3:35 pm    Post subject: [SOLVED] OpenVPN over an interface that uses DHCP Reply with quote

Hi All,

I have a question regarding my setup of an OpenVPN client.
The client uses an ethernet interface (wireless or wired) to connect to the internet, this interface is usually configured using dhcp which also takes care of /etc/resolv.conf and the routing table. After that is starts OpenVPN, which connects fine, changes /etc/resolv.conf and modifies the routing table to route all traffic through the VPN.

Now everything works fine, until dhcp decides to renew it's lease. When that's successfully done it rewrites /etc/resolv.conf and modifies the routing table according to the settings it got via dhcp. Of course this breaks the VPN. Is it possible to modify this behavior ? I checked the manpage but i could only find options to make dhcpcd never update /etc/resolv.conf and the routing table, but of course when connecting to a network i do want to settings to be set correctly for that network, i just don't want them to be re-set when the lease is renewed afterwards.

Do you have any clues ?

Thanks in advance.

Best regards,
pa4wdh
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

Free as in Freedom is not limited to software only:
Music: http://www.jamendo.com
Recipes: http://www.opensourcefood.com


Last edited by pa4wdh on Wed Jul 13, 2011 5:31 am; edited 1 time in total
Back to top
View user's profile Send private message
Voorhees51
Guru
Guru


Joined: 05 Nov 2003
Posts: 358

PostPosted: Mon Jul 04, 2011 6:59 pm    Post subject: Reply with quote

create a script to:
- change the dhcpcd options to never update
- start the VPN
- when VPN is finished, revert the changes back to dhcpcd

you could have the script sit and watch ps for openvpn process to end then revert the changes to dhcpcd

not sure if it would work, just a quick thought about it

don't have a openvpn box handy to test on at the moment
Back to top
View user's profile Send private message
pa4wdh
Guru
Guru


Joined: 16 Dec 2005
Posts: 396

PostPosted: Mon Jul 04, 2011 7:31 pm    Post subject: Reply with quote

Thanks for the hints, i'm already using a script to start/stop OpenVPN so adding some dhcp stuff doesn't matter.

What i'm currently thinking about:
On normal boot start dhcpcd with the --persistent option to allow us to restart dhcpcd without losing the interface configuration
When starting OpenVPN restart dhcpcd with the --nohook and --nogateway options to make sure it doesn't modify anything
When stopping OpenVPN restart dhcpcd with it's normal configuration again

I can't try it right now but i'll try to do some experiments tomorrow.
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

Free as in Freedom is not limited to software only:
Music: http://www.jamendo.com
Recipes: http://www.opensourcefood.com
Back to top
View user's profile Send private message
pa4wdh
Guru
Guru


Joined: 16 Dec 2005
Posts: 396

PostPosted: Tue Jul 05, 2011 4:22 pm    Post subject: Reply with quote

I've been using this solution for today and it seems to work nicely. VPN kept running, dhcp leases where extended when needed but no changes to IP, Routing of nameserver settings. I'll test for a few more days and can post my scripts after that if needed.
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

Free as in Freedom is not limited to software only:
Music: http://www.jamendo.com
Recipes: http://www.opensourcefood.com
Back to top
View user's profile Send private message
pa4wdh
Guru
Guru


Joined: 16 Dec 2005
Posts: 396

PostPosted: Wed Jul 13, 2011 5:31 am    Post subject: Reply with quote

I've been working with this solution for a few days now and it seems to work stable.

For those with the same problem here's my solution:

First of all, whenever you start dhcpcd make sure to add the --persistent option. In /etc/conf.d/net that can be done with:
Code:

dhcpcd_eth0=( "--persistent" )

When this option is used dhcpcd doesn't remove the configuration when it's killed.

With that done i made two scripts, one to start openvpn and one to stop it. They can of course be combined and maybe otherwise better integrated with openvpn but this works for me.
The start script is:
Code:

#!/bin/sh

# Check if there is a dhcpcd instance running
INTERFACES=`ps -ef | grep [d]hcpcd | awk '{ print $NF }'`

if [ -n "$INTERFACES" ]
then
# Restart dhcpcd instances with other options
 killall dhcpcd
 for INTERFACE in $INTERFACES
 do
  dhcpcd --persistent --nogateway --nohook resolv.conf $INTERFACE
 done
fi

/etc/init.d/openvpn start

This finds running dhcpcd instances, and since the interface is always the last paramter to dhcpcd the print $NF will catch it.
If it found any interface it kills all running dhcpcd's and restarts them with the options --nogateway and --nohook resolv.conf, this prevents it from updating your route table and /etc/resolv.conf.
After that openvpn is started with it's usual init script.

The stop script is pretty much the same, but in a different order:
Code:

#!/bin/sh

/etc/init.d/openvpn stop

# Check if there is a dhcpcd instance running
INTERFACES=`ps -ef | grep [d]hcpcd | awk '{ print $NF }'`

if [ -n "$INTERFACES" ]
then
# Restart dhcpcd instances with default options
 killall dhcpcd
 for INTERFACE in $INTERFACES
 do
  dhcpcd --persistent $INTERFACE
 done
fi


Have fun with it :-)

Best regards,
pa4wdh
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

Free as in Freedom is not limited to software only:
Music: http://www.jamendo.com
Recipes: http://www.opensourcefood.com
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum