I have found an article describing how to configure dhcp3 server to update a Bind9 zone with the hostnames and assigned ip addresses.
I want to achieve the same effect, but inside a VPN subnet, where each VPN client will receive an IP address, and it's hostname/client-name will be added to the local domain zone.
However, OpenVPN seems to have it's own dhcp server, and I can't find anything about linking it to bind.
One solution would be to configure the VPN as a tap device, and bridge it to a virtual network interface on which to use the dhcp3 server. But this seems like overkill.
Is there a simpler, cleaner solution?
UPDATE:
Even that doesn't work. Somehow the dhcp server sees the DHCPDISCOVER request as comming from the tap0 MAC address, so when it sends a response, the VPN client doesn't get it:
Feb 7 00:41:22 vpn-server1 dhcpd[7601]: DHCPDISCOVER from fe:b4:3f:fe:9d:0e via tap0
Feb 7 00:41:23 vpn-server1 dhcpd[7601]: DHCPOFFER on 172.16.0.2 to fe:b4:3f:fe:9d:0e (vpn-server1) via tap0
ifconfig
tap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::5c70:cea0:5619:ac47 prefixlen 64 scopeid 0x20<link>
ether fe:b4:3f:fe:9d:0e txqueuelen 100 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 95 bytes 14590 (14.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
OpenVPN Server log:
Fri Feb 7 00:41:21 2020 MULTI: no dynamic or static remote --ifconfig address is available for Client-1/192.168.1.105:39069
Fri Feb 7 00:41:23 2020 Client-1/192.168.1.105:39069 PUSH: Received control message: 'PUSH_REQUEST'
Fri Feb 7 00:41:23 2020 Client-1/192.168.1.105:39069 SENT CONTROL [Client-1]: 'PUSH_REPLY,peer-id 1' (status=1)
Best Answer
I make a couple of assumptions on your OpenVPN and Bind9 configuration, which simplify the configuration:
DC=com, DC=example, CN=client1.example.com
.In order to register the address of a newly connected client, you need a simple script (let's call it
/etc/openvpn/update-dns
):and add it to the OpenVPN configuration:
PS: Your initial attempt using a tap interface and a real dhcpd to provide client addresses should also work, e.g. with a server configuration of:
and a client configuration:
and Bind9 listening on
tap0
, adhclient -d tap0
called on the OpenVPN client will obtain an address. The change of MAC in theDHCP
packets you observe are caused by OpenVPN acting as a DHCP proxy:Source: OpenVPN reference manual.
However I am note sure what's OpenVPN's definition of server-side LAN.