From owner-freebsd-net@FreeBSD.ORG Fri Jan 6 13:31:25 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 405DD106564A for ; Fri, 6 Jan 2012 13:31:25 +0000 (UTC) (envelope-from frank@harz2012.behrens.de) Received: from post.behrens.de (post.behrens.de [IPv6:2a01:170:1023::1:2]) by mx1.freebsd.org (Postfix) with ESMTP id B26CE8FC17 for ; Fri, 6 Jan 2012 13:31:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=behrens.de; h=from:to:date:mime-version:subject:content-type:content-transfer-encoding:content-description; s=pinky1; t=1325856682; i=frank@harz2012.behrens.de=20; bh=I9kfXpHjl5p1iqdnq5tgbyJXjr7GxWtXfwDl2O94NhU=; b=vgo5pF6dAIpg504fkNWjqIKhIcj0qCfO0nqZrQOxXF+xwFeB8nxoZuRXhqAuuuD7RFj1MhsLj3gQxole38Cf1A== Received: from sun.behrens ([IPv6:2a01:170:1023:0:95ef:c874:f2cf:9bb0]) by post.behrens.de (8.14.4/8.14.4) with ESMTP(MSA) id q06DVKS8041662 for ; Fri, 6 Jan 2012 14:31:20 +0100 (CET) (envelope-from frank@harz2012.behrens.de) Message-Id: <201201061331.q06DVKS8041662@post.behrens.de> From: "Frank Behrens" To: freebsd-net@freebsd.org Date: Fri, 06 Jan 2012 14:31:20 +0100 MIME-Version: 1.0 Priority: normal X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:23:120106:freebsd-net@freebsd.org::Mvx6hg8flYLIU07C:0000000000NI1J Subject: Proxy ARP for address behind tun link does not work in 8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jan 2012 13:31:25 -0000 I have a small vpn (OpenVPN) setup. To make the configuration easy the remote client gets an address from "main" network and the remote client is announced via proxy arp. This worked well and reliably for FreeBSD until (and including) version 7.x. My new server uses FreeBSD 8.2-STABLE-r223473 and this setup does not longer work: The ethernet interface for the internal network has an usual private address range: net0: ether 90:e6:ba:73:ca:f2 inet 192.168.50.10 netmask 0xffffff00 broadcast 192.168.50.255 A subnet is routed via the tun interface: tun3: inet 192.168.50.161 netmask 0xffffffe0 broadcast 192.168.50.191 This routing works well between the remote client, the vpn server and hosts in other networks. But to reach the remote client from hosts in my local network I need a proxy arp entry. When I try to insert a proxy arp entry I get an error: # arp -s 192.168.50.166 90:e6:ba:73:ca:f2 pub only cannot intuit interface index and type for 192.168.50.166 The error message is generated in arp.c, because the address 192.168.50.166 has type IFT_PPP and not IFT_ETHER (or other). I thought this was an oversight and added the type IFT_PPP to arp.c's valid_type() routine. But I had no luck, now I get "arp: writing to routing socket: Invalid argument" and the kernel writes in the log "lla_rt_output: RTM_ADD publish (proxy only) is invalid" So my questions come: Is this a configuration error or a regression in proxy arp processing? Why is there a check for the IP address type? Should we allow to use any address? Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.