How to block DHCP traffic in bridged Tinc VPN?
Guus Sliepen
guus at tinc-vpn.org
Fri Apr 6 12:49:14 CEST 2012
On Fri, Apr 06, 2012 at 10:33:57AM +0200, Dennis Wichmann wrote:
> My problem is, I use a Tinc bridged network with 5 Fritz!Boxes
> routers to connect my whole family together. But I can´t use a DHCP
> service in the Tinc VPN, because if someone use DHCP request on a
> fare away location, he probability get my gateway for internet
> traffic, although he has is own local DHCP service in his own
> router. I know that a briged network is not separated, but I only
> want to block the DHCP ports 67/68.
For this you need to use ebtables to block DHCP traffic crossing the bridge.
You can find an example here:
http://serverfault.com/questions/284290/two-dhcp-servers-block-clients-for-one-of-them/284401#284401
This does require that ebtables support is compiled into your Fritz!Box's
kernel though.
Another option might be to use proxy-ARP instead of a bridge to connect the VPN
to your LANs. This will prevent broadcast traffic, including DHCP discovery
packets, from crossing the VPN. Have a look at this example:
http://tinc-vpn.org/examples/proxy-arp/
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120406/c25f2cac/attachment.pgp>
More information about the tinc
mailing list