Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 08 Apr 2009 12:29:42 +0200
From:      Sebastiaan van Erk <sebster@sebster.com>
To:        freebsd-cluster@freebsd.org
Subject:   CARP, openvpn in bridged mode, and ping
Message-ID:  <49DC7C96.2050203@sebster.com>
index | next in thread | raw e-mail 

[-- Attachment #1 --]
Hi,

I have the following setup: two servers with a virtual LAN IP address 
shared with CARP (the hosts are 10.0.80.77 and 10.0.80.76 and the 
virtual IP address is 10.0.80.1).

When I ping the VIP from any host on the LAN, it works fine.

Next I have some openvpn clients (both 10.0.80.77 and 10.0.80.76 have 
openvpn servers on their external IPs). The client IPs are on the LAN 
using a bridge and are 10.0.80.150 (linux client) and 10.0.80.6 (freebsd 
client).

 From linux I can ping the VIP (10.0.80.1) just fine, but when I do 
arping I see (with tcpdump) that the the ARP requests are received by 
the carp master on the tap0 device, but that it does not reply.

 From a FreeBSD VPN client I cannot ping the VIP (10.0.80.1), because it 
does the ARP requests indefinitely and gets no answer.

Both machines ping to the other hosts on the LAN just fine (e.g., all of 
them can ping 10.0.80.77 just fine).

Is there any way to get ARP to work (and thereby, ping to work) in this 
configuration?

Regards,
Sebastiaan

PS: the relevant ifconfig info is:

10.0.80.77 (carp master and vpn server):
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
mtu 1500
	options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:0c:29:61:2a:55
	inet 10.0.80.77 netmask 0xffffff00 broadcast 10.0.80.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
1500
	ether 12:d8:09:8d:1b:88
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 9 priority 128 path cost 2000000
	member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 2 priority 128 path cost 20000
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
	inet 10.0.80.1 netmask 0xffffff00
	carp: MASTER vhid 174 advbase 1 advskew 0
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
0 mtu 1500
	ether 00:bd:c0:02:00:00
	Opened by PID 1199

10.0.80.150 (the linux openvpn client):
tap0      Link encap:Ethernet  HWaddr 46:c2:27:c9:36:e3
           inet addr:10.0.80.150  Bcast:10.0.80.255  Mask:255.255.255.0
           inet6 addr: fe80::44c2:27ff:fec9:36e3/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:34336 errors:0 dropped:0 overruns:0 frame:0
           TX packets:12951 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:11939564 (11.9 MB)  TX bytes:1191746 (1.1 MB)

10.0.80.6 (the freebsd openvpn client):
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 00:bd:bf:f6:08:00
	inet 10.0.80.6 netmask 0xffffff00 broadcast 10.0.80.255
	Opened by PID 71953



[-- Attachment #2 --]
0	*H
010	+0	*H
	Q00lS|
6$1-~j0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080630135157Z
090630135157Z0h10Uvan Erk10U*
Sebastiaan10USebastiaan van Erk1"0 	*H
	sebster@sebster.com0"0
	*H
0
Va\bEnݚa<M8ʄ^tv>x73bohi2oqS_¶Bm^p*I	x"9pt!jar#)n)^?'z<).+Ѐ4igR'UP*\Ւ,?.;?fBܯTzM IDվCK*3Yŧ
mcaztxʐsq/00.0U0sebster@sebster.com0U00
	*H
KT4W6ӽq]
tS` %f1G:HbzJj$EjE'JV~-VbVnJZE/`@@04!+T:c	پf`$Z=1#|oG[OBRG00lS|
6$1-~j0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080630135157Z
090630135157Z0h10Uvan Erk10U*
Sebastiaan10USebastiaan van Erk1"0 	*H
	sebster@sebster.com0"0
	*H
0
Va\bEnݚa<M8ʄ^tv>x73bohi2oqS_¶Bm^p*I	x"9pt!jar#)n)^?'z<).+Ѐ4igR'UP*\Ւ,?.;?fBܯTzM IDվCK*3Yŧ
mcaztxʐsq/00.0U0sebster@sebster.com0U00
	*H
KT4W6ӽq]
tS` %f1G:HbzJj$EjE'JV~-VbVnJZE/`@@04!+T:c	پf`$Z=1#|oG[OBRG0?0
0
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
	*H
0Ħ<UsUNʙZhup[v:aQP
0cZ,p+Z?qV˯<6$*+w=+>@dקe*TH<a@dr`00U00CU<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 010UPrivateLabel2-1380
	*H
HP.
fgCL!6-6/P p<ab:~t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$F]_eO1q0m0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
6$1-~j0	+0	*H
	1	*H
0	*H
	1
090408102942Z0#	*H
	1Fj-\oZH30_	*H
	1R0P0	`He0
*H
0*H
0
*H
@0+0
*H
(0	+71x0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
6$1-~j0*H
	1xv0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
6$1-~j0
	*H
ju56lxҒֱfÞEe\Nu p|}1Wއ6d^<S>jMY@*LRtwY4''fb23䇼O}OWVeSʑzILU94?98!VQ{Ouqv,kWW(pjh+f\-,C;-C!g֋A<+YLZJIRepؘĢs_6%Ԃ
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49DC7C96.2050203>