The result of a blogging accident

Bridged OpenVPN and DHCP

I’ve setup a VPN recently, and I created a large bridged VPN. I had a little problem though - the DHCP server from the remote network was leaking through to mine, causing all sorts of troubles, as my network devices were trying to use the remote router, which I had of course blocked VPN access to the Internet.

So, lets take a hypothetical network:

* eth0: Internet Connection ( * eth1: LAN Connection * tap0: VPN Connection * br0: Bridge between eth1 and tap0 (

Now, your local DHCP server is saying the subnet is, and it gives out IPs in the range - The remote end ( gives out -, and sets the routing accordingly. I found running the DHCP server on the bridge was a problem, particulary with the ISC DHCP server, as it uses raw sockets, thus making it quite hard to try and firewall out. The solution?

Set an IP for eth1 locally (and remotely), that is in the range, say, with the netmask Bind your DHCP server (in /etc/default/dhcp3-server) to eth1. Then restart the DHCP servers, and voila. The DHCP servers only give out addresses locally. To your clients it will appear that is giving out IP addresses.