# OpenVPN Clients and DHCP

## Duck Man

I have a little server at home that my friends connect to with OpenVPN and I noticed today that mac users who use Viscosity to connect get their normal IP from OpenVPN and then they also get one from Dnsmasq. I am pretty sure there is an option in Viscosity I could tell them to turn off but I would prefer to figure out a way to make it so the server won't give them one. I tried DROPing all the traffic on port 67 and 68 on the tap0 device but that didn't stop it. I think it is because of the bridge. So then I looked into ebtables but that didn't work either. Any other ideas?

Thank you

----------

## Rexilion

So, by 'get one from Dnsmasq', you mean that they also send their DHCP broadcast of their normal connection over the VPN?

If yes, you could disable incoming DHCP broadcasts from the VPN subnet but that will not stop your friends from trying which could interrupt their normal connection. I think it's just better to ask them to disable that option. Correct me if I'm wrong...

----------

## Duck Man

OpenVPN can give out IPs from 50-99, Dnsmasq gives out from 100-200. So they are both on the same subnet. I did this because we want to be able to broadcast to each other no matter if we are plugged right in or connected via VPN. This works really well, and even with them somehow having 2 ip address (can ping both of them), things still work. I just don't like the idea and feel that it may cause problems later on. For example its sometimes hard to tell if I am just getting an extra device from a vpn user, or did someone hack my wireless and are now sucking my bandwidth dry.

And about asking them to just turn that feature off. I just don't like relying on users to do something.

----------

