Date: Thu, 30 Nov 2023 10:34:59 +0700 From: Olivier <Olivier.Nicole@cs.ait.ac.th> To: questions@freebsd.org Subject: tap interface forcing a permanent ARP association Message-ID: <wu7jzpzc3rw.fsf@banyan.cs.ait.ac.th>
next in thread | raw e-mail | index | archive | help
Hi, I have an OpenVPN server running on FreeBSD (13.2-p5). I have included the following in /etc/rc.conf: cloned_interfaces="tap0 bridge0" ifconfig_bridge0="addm vmx0 addm tap0" ifconfig_tap0="UP" openvpn_enable="YES" And it works fine, except that ip maps the MAC address of tap0 to the IP of my web server (on another machine), and the mapping is "permament": www.cs.ait.ac.th (10.41.170.42) at aa:bb:cc:dd:ee:ff on tap0 permanent [ethernet] That has two adverse effects: - any VPN client cannot access my web server as they would get a wrong MAC address; - the VPN server will sometime reply to an ARP request on my LAN, providing an obviously wrong answer. Poking around, I found out that it was due to the "ifconfig_tap0=UP" line. Further more, that line is not needed for OpenVPN to start properly; so I have disabled it. But I would like to understand why turning up the tap interface causes it to update the ARP table. Best regards, Olivier --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wu7jzpzc3rw.fsf>