Date: Sun, 27 Jul 2003 19:08:46 +0100 From: "Company 2210" <company2210@hotmail.com> To: <freebsd-questions@freebsd.org> Subject: ARP Problem - Please Help Message-ID: <Law12-OE51A9KxLt3zP000066af@hotmail.com>
next in thread | raw e-mail | index | archive | help
Hi,
My problem is this (and it's driving me nuts as I can't see the
solution). I have two freebsd boxes acting as routers, the layout is like
this:
Clients (12.20.78.0/25) <----->(eth0) ROUTER A (eth1)<=======> (eth1) ROUTER
B (eth0) <----> (12.20.65.69) Upstream ISP & Internet
Router A Configuration:
eth0: 12.20.78.1 Subnet 255.255.255.128
eth1: 10.0.0.1 Subnet 255.255.255.0
Router B Configuration:
eth0: 12.20.65.70 Subnet 255.255.255.252
eth1: 10.0.0.2 Subnet 255.255.255.0
The private IP's denote an IPSEC VPN connection (Wireless) between ROUTER A
& B, all the client PC's are on public IP's. Now, the VPN works perfectly,
encrypting the packets over the wireless link, however ROUTER A's eth0
interface does not appear in the arp -a lookup:
? (10.0.0.1) at 00:05:5d:a6:15:78 on eth1 permanent [ethernet]
? (10.0.0.2) at 00:c0:dd:ea:ac:5c on eth1 [ethernet]
? (12.20.78.0) at ff:ff:ff:ff:ff:ff on eth0 permanent [ethernet]
? (12.20.78.2) at 00:0c:cd:53:d9:f3 on eth0 [ethernet]
? (12.20.78.42) at 00:9a:17:90:d3:b4 on eth0 [ethernet]
? (12.20.78.52) at 00:2b:18:2e:22:21 on eth0 [ethernet]
? (12.20.78.127) at ff:ff:ff:ff:ff:ff on eth0 permanent [ethernet]
If I try and force the entry, I receive the following error:
routera# arp -s 12.20.78.1 00:0c:5d:e6:16:75
set: can only proxy for 12.20.78.1
The big problem this is causing is that clients cannot ping the gateway, and
it responds to no requests (i.e I can't ssh into it), but it still forwards
packets perfectly. Basically it's like 12.20.78.1 was invisible. The other
strange thing is, that if I ssh into ROUTER B and ping 12.20.78.1 I receive
replies:
routerb# ping 12.20.78.1
PING 12.20.78.1 (12.20.78.1): 56 data bytes
64 bytes from 12.20.78.1: icmp_seq=0 ttl=64 time=3.577 ms
64 bytes from 12.20.78.1: icmp_seq=1 ttl=64 time=3.724 ms
64 bytes from 12.20.78.1: icmp_seq=2 ttl=64 time=3.817 ms
^C
--- 12.20.78.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.577/3.706/3.817/0.099 ms
The output of ROUTER B's arp table is displayed below:
? (10.0.0.1) at 00:05:5d:a6:15:78 on eth1 [ethernet]
? (10.0.0.2) at 00:c0:dd:ea:ac:5c on eth1 permanent [ethernet]
? (12.20.65.69) at 00:d0:03:ba:bb:fc on eth0 [ethernet]
I am completely at a loss as to how to get around this problem. Any help or
advice would be really great as I've spend the past 3 days, and the floor is
littered with tufts of hair ;) Just incase this is any help, this is the
output from setkey -DP (For encrypting the packets across the 10.0.0.x link)
on each router:
ROUTER A:
0.0.0.0/0[any] 12.20.78.0/25[any] any
in ipsec
esp/tunnel/10.0.0.2-10.0.0.1/require
spid=2 seq=1 pid=778
refcnt=1
12.20.78.0/25[any] 0.0.0.0/0[any] any
out ipsec
esp/tunnel/10.0.0.1-10.0.0.2/require
spid=1 seq=0 pid=778
refcnt=1
ROUTER B:
12.20.78.0/25[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/10.0.0.1-10.0.0.2/require
spid=8 seq=1 pid=24377
refcnt=1
0.0.0.0/0[any] 12.20.78.0/25[any] any
out ipsec
esp/tunnel/10.0.0.2-10.0.0.1/require
spid=7 seq=0 pid=24377
refcnt=1
Please help!!! :))
Many Thanks
Colin Watson
(Nearly bald guy)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Law12-OE51A9KxLt3zP000066af>