Date: Fri, 06 Jan 2012 14:31:20 +0100 From: "Frank Behrens" <frank@harz2012.behrens.de> To: freebsd-net@freebsd.org Subject: Proxy ARP for address behind tun link does not work in 8 Message-ID: <201201061331.q06DVKS8041662@post.behrens.de>
next in thread | raw e-mail | index | archive | help
I have a small vpn (OpenVPN) setup. To make the configuration easy the remote client gets an address from "main" network and the remote client is announced via proxy arp. This worked well and reliably for FreeBSD until (and including) version 7.x. My new server uses FreeBSD 8.2-STABLE-r223473 and this setup does not longer work: The ethernet interface for the internal network has an usual private address range: net0: ether 90:e6:ba:73:ca:f2 inet 192.168.50.10 netmask 0xffffff00 broadcast 192.168.50.255 A subnet is routed via the tun interface: tun3: inet 192.168.50.161 netmask 0xffffffe0 broadcast 192.168.50.191 This routing works well between the remote client, the vpn server and hosts in other networks. But to reach the remote client from hosts in my local network I need a proxy arp entry. When I try to insert a proxy arp entry I get an error: # arp -s 192.168.50.166 90:e6:ba:73:ca:f2 pub only cannot intuit interface index and type for 192.168.50.166 The error message is generated in arp.c, because the address 192.168.50.166 has type IFT_PPP and not IFT_ETHER (or other). I thought this was an oversight and added the type IFT_PPP to arp.c's valid_type() routine. But I had no luck, now I get "arp: writing to routing socket: Invalid argument" and the kernel writes in the log "lla_rt_output: RTM_ADD publish (proxy only) is invalid" So my questions come: Is this a configuration error or a regression in proxy arp processing? Why is there a check for the IP address type? Should we allow to use any address? Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201061331.q06DVKS8041662>