On Fri, Apr 06, 2012 at 10:33:57AM +0200, Dennis Wichmann wrote: > My problem is, I use a Tinc bridged network with 5 Fritz!Boxes > routers to connect my whole family together. But I canĀ“t use a DHCP > service in the Tinc VPN, because if someone use DHCP request on a > fare away location, he probability get my gateway for internet > traffic, although he has is own local DHCP service in his own > router. I know that a briged network is not separated, but I only > want to block the DHCP ports 67/68.
For this you need to use ebtables to block DHCP traffic crossing the bridge. You can find an example here: http://serverfault.com/questions/284290/two-dhcp-servers-block-clients-for-one-of-them/284401#284401 This does require that ebtables support is compiled into your Fritz!Box's kernel though. Another option might be to use proxy-ARP instead of a bridge to connect the VPN to your LANs. This will prevent broadcast traffic, including DHCP discovery packets, from crossing the VPN. Have a look at this example: http://tinc-vpn.org/examples/proxy-arp/ -- Met vriendelijke groet / with kind regards, Guus Sliepen <[email protected]>
signature.asc
Description: Digital signature
_______________________________________________ tinc mailing list [email protected] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
