OpenVPN 2.1 has a relatively recent feature that allows a TAP-based
OpenVPN session to be established where the client gets its IP address
assignment and other attributes from the server-side DHCP server.
The feature is enabled by the "route-gateway dhcp" directive on the client.
It's a pretty cool feature because it allows you to set up a TAP-based
VPN server without configuring IP addresses, routes, etc. because you
can simply leverage on the existing server-side DHCP server
configuration. When a client connects to the VPN, it gets an IP address
assignment just as if it were physically "plugged into" the server-side LAN.
The problem is that "route-gateway dhcp" only works on platforms where
the TAP driver negotiates a DHCP client handshake. Currently, only
Windows support this out-of-the-box (Windows supports it not because of
any special code in the Windows TAP driver, but because the Windows DHCP
client automatically binds to TAP adapter instances when they transition
to the "up" state).
I'm hoping that we can make "route-gateway dhcp" work on Unix platforms
as well. I'm thinking there are two possible ways we could do this:
(1) Simple method: Trigger a DHCP client bind on TAP interfaces when
they are instantiated. (This is what Windows does automatically)
(2) Complex method: Write code in OpenVPN to simulate a DHCP client,
then translate the settings received in the DHCP reply to OpenVPN
push-style directives (such as ifconfig, route, etc.) as if they had
been pushed by the OpenVPN server.
It would be great if someone wanted to volunteer to work on this. I'm
hoping that Mac and Linux could be supported via the Simple method.
James
