Proxy ARP for address behind tun link does not work in 8
Frank Behrens
frank at harz2012.behrens.de
Fri Jan 6 13:31:25 UTC 2012
I have a small vpn (OpenVPN) setup. To make the configuration easy the remote client gets an
address from "main" network and the remote client is announced via proxy arp. This worked well
and reliably for FreeBSD until (and including) version 7.x.
My new server uses FreeBSD 8.2-STABLE-r223473 and this setup does not longer work:
The ethernet interface for the internal network has an usual private address range:
net0:
ether 90:e6:ba:73:ca:f2
inet 192.168.50.10 netmask 0xffffff00 broadcast 192.168.50.255
A subnet is routed via the tun interface:
tun3:
inet 192.168.50.161 netmask 0xffffffe0 broadcast 192.168.50.191
This routing works well between the remote client, the vpn server and hosts in other networks. But
to reach the remote client from hosts in my local network I need a proxy arp entry. When I try to
insert a proxy arp entry I get an error:
# arp -s 192.168.50.166 90:e6:ba:73:ca:f2 pub only
cannot intuit interface index and type for 192.168.50.166
The error message is generated in arp.c, because the address 192.168.50.166 has type IFT_PPP
and not IFT_ETHER (or other). I thought this was an oversight and added the type IFT_PPP to
arp.c's valid_type() routine. But I had no luck, now I get
"arp: writing to routing socket: Invalid argument" and the kernel writes in the log
"lla_rt_output: RTM_ADD publish (proxy only) is invalid"
So my questions come:
Is this a configuration error or a regression in proxy arp processing?
Why is there a check for the IP address type? Should we allow to use any address?
Regards,
Frank
--
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.
More information about the freebsd-net
mailing list