DHCP relay over OpenVPN
-
I have a remote office setup that is connected back to our main building via OpenVPN. I would like to setup a DHCP relay so that the remote office can get IPs from our main DHCP server. When I try to enable DHCP relay I get an error in the log that says "Unsupported device type 23 for ovpnc1". Any suggestions?
-
you don't enable it on the VPN, you enable it on the LAN. But you most likely don't want to rely on a remote site for DHCP, maybe if they're completely down anyway if the main site is down, but if they can function to some extent without the main site, making their network dependent on a remote DHCP server isn't a good idea.
-
Thanks for the reply. I have the relay enabled only on the LAN interface and it still give me this error. Here is the actual error message in the log:
php: /services_dhcp_relay.php: The command '/usr/local/sbin/dhcrelay -i em0 -i ovpnc1 10.1.1.10' returned exit code '1', the output was 'Internet Systems Consortium DHCP Relay Agent 4.2.1-P1 Copyright 2004-2011 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Unsupported device type 23 for "ovpnc1" If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the appropriate mailing list as described in the README file. exiting.'
Since the DHCP server is on the network attached to the OpenVPN interface, it looks like it is automatically starting on that interface as well.
I understand the risk associated with having to rely on a remote DHCP server. If the VPN is down they won't even be able to connect to the network to request a DHCP lease since many of them are wireless clients connecting to a RADIUS authenticating AP.
-
oh that's right, dhcrelay has to bind to the interface facing the server as well, and it doesn't support tun interfaces apparently.