[Dnsmasq-discuss] how to push static routes to DHCP clients

Jochen Schulz ml at well-adjusted.de
Sun Jan 15 18:01:44 GMT 2006


Hi!

Short story:
=============
How can I push a static route (preferably -host, not -net) to all DHCP
clients?

Long story:
============
I have dnsmasq v2.22 running on OpenWrt on a Linksys WRT54G. This box
lives in two subnets for which it acts as DHCP and DNS server:

dhcp-range=wifi,192.168.1.2,192.168.1.254,255.255.255.0,2h
dhcp-range=wired,172.16.27.3,172.16.27.254,255.255.255.0,12h

Currently, dnsmasq sets itself as the default gateway for all the
clients, which is fine. Wired clients can reach wifi clients and vice
versa. But I would like dnsmasq to tell the wifi clients a more specific
route to the wired subnet since I want use an OpenVPN server on
192.168.1.2 to encrypt the complete wifi traffic.[1]

Because of this, the default route of the wifi clients gets overwritten
to the server's VPN address (10.27.0.1 on a TUN device). But then the
clients cannot reach the OpenVPN server's real IP address anymore, since
the default route has gone.

I read RFC2132 and found out that I should be able to specify a static
route with DHCP option 33 like this:

dhcp-option=wifi,33,172.16.27.2,192.168.1.1

If I understand it correctly, this should be equivalent to doing

# route add -host 172.16.27.2 gw 192.168.1.1

on the clients, which works well. But somehow dnsmasq seems to ignore
this line. I sniffed one of my wifi clients running dhclient and the
DHCP ACK message it receives from dnsmasq doesn't include option 33
(while everything else is alright). I also tried to use DHCP option 121
which should set a static route to a complete network, but that didn't
work either.

So, what am I doing wrong? Do newer versions of dnsmasq behave the same?

Jochen.

[1]: An easier solution would of course be to install OpenVPN on the
     gateway running dnsmasq. But sadly, the box would be a serious
     bottleneck performance-wise.
-- 
I am getting worse rather than better.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20060115/557d02ca/attachment.pgp


More information about the Dnsmasq-discuss mailing list