tap interface forcing a permanent ARP association
- Reply: Paul Procacci : "Re: tap interface forcing a permanent ARP association"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 30 Nov 2023 03:34:59 UTC
Hi, I have an OpenVPN server running on FreeBSD (13.2-p5). I have included the following in /etc/rc.conf: cloned_interfaces="tap0 bridge0" ifconfig_bridge0="addm vmx0 addm tap0" ifconfig_tap0="UP" openvpn_enable="YES" And it works fine, except that ip maps the MAC address of tap0 to the IP of my web server (on another machine), and the mapping is "permament": www.cs.ait.ac.th (10.41.170.42) at aa:bb:cc:dd:ee:ff on tap0 permanent [ethernet] That has two adverse effects: - any VPN client cannot access my web server as they would get a wrong MAC address; - the VPN server will sometime reply to an ARP request on my LAN, providing an obviously wrong answer. Poking around, I found out that it was due to the "ifconfig_tap0=UP" line. Further more, that line is not needed for OpenVPN to start properly; so I have disabled it. But I would like to understand why turning up the tap interface causes it to update the ARP table. Best regards, Olivier --