proxy arp - openvpn

Lukasz Polaczyk lpolaczyk at o2.pl
Sun Sep 16 21:34:43 UTC 2012 

Hi.
I am trying to use proxy arp mechanism to create new registration in arp table.
I have three NICs: xl0, em0 and one virtual - tun0.
Default route is going through em0. Route to 10.146.0.0/16 network is
going through xl0.
OS is FreeBSD 9.0-RELEASE amd64

I would like to add registration in arp table for addresses in
10.146.100.0/24 network, so 
all traffic to that network from 10.146.0.0/16 will go through xl0. I
would like to do this dynamically, when openvpn client connects.

The situation is like this:
1. 3 NICs are up:
s1% ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 255.0.0.0
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
        options=82009<RXCSUM,VLAN_MTU,WOL_MAGIC,LINKSTATE>
        ether 00:10:4b:c3:db:5b
        inet 10.146.225.1 netmask 255.255.0.0 broadcast 10.146.255.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
tun0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>

route table is like below:

s1% netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif
Expire
default            A.B.C.D            UGS         0      217    em0
10.146.0.0/16      link#3             U           0    11737    xl0
10.146.225.1       link#3             UHS         0        0    lo0
127.0.0.1          link#2             UH          0        1    lo0
A.B.C.0/24         link#1             U           0   138837    em0
A.B.C.D            link#1             UHS         0        0    lo0
A.B.C.D is my WAN interface.
arp table is like below:
s1% arp -a
s1.lan (10.146.225.1) at S01-3C on xl0 permanent [ethernet]
my.host.pl (A.B.C.D) at S01 on em0 permanent [ethernet]

In this situation I could add new entry in arp table:
s1% # arp -s 10.146.100.1 auto pub
using interface xl0 for proxy with address S01-3C

After adding I could see new entry in arp table:
s1% arp -a
s1.lan (10.146.225.1) at S01-3C on xl0 permanent [ethernet]
? (10.146.100.1) at S01-3C on xl0 permanent published [ethernet]
Proxy ARP is working manually.

2. The second situation is diffrent (before using arp proxy), 
   3 NICs are working, I have added address and new route like below:
s1% ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 255.0.0.0
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
        options=82009<RXCSUM,VLAN_MTU,WOL_MAGIC,LINKSTATE>
        ether 00:10:4b:c3:db:5b
        inet 10.146.225.1 netmask 255.255.0.0 broadcast 10.146.255.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
tun0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet 10.146.100.1 netmask 255.255.255.0 broadcast 10.146.100.255
        Opened by PID 5211

s1% netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif
Expire
default            A.B.C.D            UGS         0      223    em0
10.146.0.0/16      link#3             U           0    11739    xl0
10.146.100.0/24    link#4             U           0        0   tun0
10.146.100.1       link#4             UHS         0        0    lo0
10.146.225.1       link#3             UHS         0        0    lo0
127.0.0.1          link#2             UH          0        1    lo0
A.B.C.0/24         link#1             U           0   146082    em0
A.B.C.D            link#1             UHS         0        0    lo0

When trying to add an entry in arp table I got an error like this:
s1% arp -s 10.146.100.100 auto pub
using interface xl0 for proxy with address S01-3C
cannot intuit interface index and type for 10.146.100.100

I can not delete arp entries provided earlier, if are any:
s1% # arp -d 10.146.100.100
delete: cannot locate 10.146.100.100

Is there any solution to provide arp entries dynamically, after creation
of 10.146.100.0/24 network on xl0 interace
or I have to do this manually before creating this network?


regards,
Lukasz Polaczyk

More information about the freebsd-net mailing list