Macbook DHCP issue.

Guus Sliepen guus at tinc-vpn.org
Wed Nov 28 23:41:28 CET 2012 

On Wed, Nov 28, 2012 at 09:25:50AM -0700, Matthew Tolle wrote:

> I set the MAC address by hand on the laptop when I connect so it stays consistent. That way I get the same DHCP address when DHCP is working. 
> 
> The script I use to kick off tinc on the laptop does the following: 
> 
> clears the logfile /var/log/tinc
> opens logfile for reading
> starts tinc: /opt/local/sbin/tincd --logfile=/var/log/tinc --pidfile=/var/run/tincd.pid --debug=5 -n vpn
> waits till tap0 comes online. uses ifconfig to gather this info.
> sets MAC addr: /sbin/ifconfig tap0 ether <MAC>
> Waits for tinc to come online. Reads the log file for this information. 
> sleep 2
> requests a DHCP address: /usr/sbin/ipconfig set tap0 DHCP
> waits for interface to get an address. Uses ifconfig to gather this info.
> adds a bunch of routes.

Hm, that sounds a bit complicated. I think you can do it without having a
script that parses tinc's log output. You should have two scripts:

tinc-up:

#!/bin/sh
ifconfig $INTERFACE ether <MAC>

hosts/remote-up:

#!/bin/sh
ipconfig set $INTERFACE DHCP
route add ...

The script "remote-up" in the hosts/ directory is executed as soon as the node
"remote" comes online. If you can really only add routes after DHCP finished
configuring the interface, then you should either check if the DHCP client can
somehow execute a script when it's done, or otherwise run another script from
remote-up in the background, which then polls the interface.

> As to a firewall.. not sure my laptop has a firewall. The remote side does have one. I don't think it's the problem. A linux box at home with the same configuration a the laptop works just fine. If I understand Tinc correctly once the link is up it acts as just a normal interface. So if my laptop can DHCP an address when at the remote site then it should work exactly the same remotely when tinc is connected and online. It would be different if it didn't work both onsite and didn't work remotely with tinc. 

Well, the firewall rules can be different for the LAN interface than for the
VPN interface. Also, the DHCP server might only listen on the LAN interface for
some reason.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20121128/85504f1b/attachment.pgp>

More information about the tinc mailing list