WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

How to prevent DHCP requests over bridged OpenVPN tunnel ? - RUT240

0 votes
376 views 1 comments
by anonymous
Hi all, I'm using several RUT240 as OpenVPN clients in bridged network setup (TAP), this is needed for my application.

Every RUT240 has its own DHCP server enabled with different pool segments:

Other router (OpenVPN server): 192.168.223.254, DHCP pool 192.168.223.129-250

RUT240_1 (OpenVPN client) 192.168.223.1, DHCP pool: 192.168.223.10-19

RUT240_2 (OpenVPN client) 192.168.223.2, DHCP pool: 192.168.223.20-29

....

I need that every client, connected to each RUT240, get its IP from the RUT240 where it is connected to. So I have to block DHCP request through OpenVPN tunnel. Unfortunately I cannot prevent DHCP request on OpenVPN server side, due to server router firmware bug.

On other router, this could be done using ebtables eg.:

ebtables -A INPUT --in-interface tap11 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap11 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap11 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap11 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

How can I do this in RUT240? Is there a way to do it using the web interface?

Thank you
by anonymous
I answer myself, I simply add following lines to Network->Firewall->Custom Rules:

ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface ta0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

and everything works as expected: every client takes its IP from the DHCP server of the RUT240 where it is connected. Non more DHCP request over bridged tunnel.

1 Answer

0 votes
by anonymous
Hi,

Glad you've answered your own question.

Have a nice day!

EB.