OpenVPN DHCP, DNS problems

Discussion in 'Server Operation' started by DrJohn, Dec 7, 2007.

  1. DrJohn

    DrJohn Member HowtoForge Supporter

    <Gutsy, OpenVPN 2.0.9, Shorewall 3.4.4, Samba 3.0.26 as PDC, dhcpd is running>

    Shorewall server policy is configured for open access between loc <--> vpn and $FW<--> vpn (vpn is the separate zone established for openVPN). OpenVPN is in a routing configuration. Samba is running as PDC and WINS is enabled.

    The WinXP Pro laptop's firewall is on with ports 1024-2096 open, and it reports no blocked packets.

    I have no problems establishing a tunnel from the laptop either 1) when connected directly to the Internet (on a spare fixed IP address), or 2) from behind a NATed corporate firewall at work.

    Once connected, however, I encounter several problems.

    1) I only can connect to the server and the other systems on its local LAN using their IP addresses; network names don't work. This is true for SSH, NetHood shares, Remote Desktop Connections. For the server I can use either its openVNP or its local IP of

    The corporate LAN on which the laptop sits uses subnets and, separate from anything on the vpn or the local LAN.

    From a WinXP system on the LAN I can use network names internally, but the laptop doesn't appear in the NetHood. From a Gutsy client setup on the LAN I see the server and the WinXP machines, but not the laptop.

    It doesn't make any difference if I explicitly enable NetBIOS over TCP/IP in the Tap adapter or not.

    So, routing is up but SMB or NetBIOS aren't hitting the vpn.

    Here's the relevant part of smb.conf:

       passdb backend = tdbsam
       security = user
       username map = /etc/samba/smbusers
       name resolve order = bcast wins host lmhosts
       domain logons = yes
       preferred master = yes
       wins support = yes
       #Control net access
       hosts allow = 192.168.2. 192.168.3. 10.8.0. localhost
       interfaces = eth0 eth2 vpn lo
       bind interfaces only = yes

    2) I get one DHCP lease renewal error in the WinXP application event log with a timestamp that matches the time that the tunnel was established:

    The IP address lease for the Network Card with network address 00FF2B6ED103 has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).​

    ipconfig on the laptop reveals that it was given as DHCP server address for the Tap-Win32 adapter (it also has for DNS and WINS servers as pushed from openVPN's server).

    This isn't really a problem but may be a symptom of another related issue.

    Any comments, hints, suggestions on how to get network browsing to work on OpenVPN are greatly appreciated.

    -- Dr John


Share This Page