FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14257 questions

16893 answers

27806 comments

54567 members

0 votes
324 views 1 comments
by
Hi all, I'm using several RUT240 as OpenVPN clients in bridged network setup (TAP), this is needed for my application.

Every RUT240 has its own DHCP server enabled with different pool segments:

Other router (OpenVPN server): 192.168.223.254, DHCP pool 192.168.223.129-250

RUT240_1 (OpenVPN client) 192.168.223.1, DHCP pool: 192.168.223.10-19

RUT240_2 (OpenVPN client) 192.168.223.2, DHCP pool: 192.168.223.20-29

....

I need that every client, connected to each RUT240, get its IP from the RUT240 where it is connected to. So I have to block DHCP request through OpenVPN tunnel. Unfortunately I cannot prevent DHCP request on OpenVPN server side, due to server router firmware bug.

On other router, this could be done using ebtables eg.:

ebtables -A INPUT --in-interface tap11 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap11 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap11 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap11 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

How can I do this in RUT240? Is there a way to do it using the web interface?

Thank you
by
I answer myself, I simply add following lines to Network->Firewall->Custom Rules:

ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface ta0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

and everything works as expected: every client takes its IP from the DHCP server of the RUT240 where it is connected. Non more DHCP request over bridged tunnel.

1 Answer

0 votes
by
Hi,

Glad you've answered your own question.

Have a nice day!

EB.