T
T
tayanov2017-09-23 12:17:02
openvpn
tayanov, 2017-09-23 12:17:02

How to separate the work of 2 dhcp servers connected by a VPN bridge?

There are two openwrt routers at different points, houses.
Everyone has their own internet connection.
The first 10.0.0.1 VPN client
The second 10.0.0.100 VPN server
between them is an openvpn ethernet tap tunnel, without ip at the end.
Thus, the clients of one are visible to all clients of the other network.
Broadcast packets work. Without any routing. All clients in the same network segment 10.0.0.0
Each has its own local wifi and lan clients.
And each router has its own DHCP.
The problem is that you want to limit the work of DHCP in each home.
Otherwise, sometimes the dhcp client gets the ip and gateway from the remote router. Thus, the Internet does not adequately work on devices.
It seems that some kind of "triangular" routing is obtained - it seems that's what it's called.
and the problem is not in the received ip but in the received gateway.
How to separate their work?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
T
tayanov, 2017-11-26
@tayanov

ebtables will help with the solution
OpenWRT will have to deliver the kernel module kmod-ebtables-ipv4
#!/bin/sh
# Select port $BAN_IF=tap0
# Add rules
ebtables -A INPUT -i $BAN_IF -p ipv4 --ip-prot udp -- ip-sport 67:68 -j DROP
ebtables -A INPUT -i $BAN_IF -p ipv4 --ip-proto udp --ip-dport 67:68 -j DROP
ebtables -A FORWARD -i $BAN_IF -p ipv4 -- ip-proto udp --ip-dport 67:68 -j DROP
ebtables -A FORWARD -i $BAN_IF -p ipv4 --ip-proto udp --ip-sport 67:68 -j DROP

S
satoo, 2017-09-23
@satoo

  • hang dhcp on a specific interface (if possible - the dhcp server used is not specified)
  • block udp 67 from vpn interface. 100% guarantee on any interface

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question