From owner-freebsd-net@freebsd.org Tue Nov 8 01:18:34 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CAA8C34D23 for ; Tue, 8 Nov 2016 01:18:34 +0000 (UTC) (envelope-from cmusser@sonic.net) Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1D042A0D for ; Tue, 8 Nov 2016 01:18:33 +0000 (UTC) (envelope-from cmusser@sonic.net) Received: from webmail.sonic.net (webmail.b.apps.sonic.net [64.142.122.9]) (authenticated bits=0) by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPA id uA8174AM001043 for ; Mon, 7 Nov 2016 17:07:04 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 07 Nov 2016 17:07:04 -0800 From: Chuck Musser To: freebsd-net@freebsd.org Subject: ARP: can't create published proxy entry for remote tun(4) address Message-ID: <411b35b5ec73bcd39816153f9859b426@sonic.net> User-Agent: Roundcube Webmail/1.2.1 X-Sonic-Auth: uyHmYeczEYMw9X2G5KkfpUqSPYf9nbY3HL8dg6UL8FU7Q8sxATxhtLywbQAAF6spZ1BA2AVNwd47mzsuU1DHRR5GkbUcUvlh8v3BN5GZ3kQ= X-Sonic-CAuth: UmFuZG9tSVaK87CZxFMhB3TnttLzHDKCFjHoRoYWeDV3JCGkdeTN7KGJi/ujKFE+SeS8DddvYBj+X449aV24h9ImEaTkL09Ayxf9fk/aVjQ= X-Sonic-ID: C;1PFJqU+l5hGn6bmFuxn0og== M;IltMqU+l5hGn6bmFuxn0og== X-Spam-Flag: No X-Sonic-Spam-Details: 0.0/5.0 by cerberusd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Nov 2016 01:18:34 -0000 Hi, I'm having trouble creating an "published" ARP cache entry for an address that's on the remote end of a tun(4) interface. The intent is serving as a proxy for a VPN client that's at the other end of the tunnel. The command: arp -s 192.168.1.67 auto pub returns: cannot intuit interface index and type for 192.168.1.67 I looked at the arp(8) source code and it looks like the set operation retrieves a routing table entry that doesn't pass some tests. What it wants is an entry that is of type AF_LINK, isn't a gateway and is in a list of valid interface types. I printed out the routing messages sent and received by the set() function and found some puzzling things (the debug output here is from my debug printfs): --- SEND Destination: 192.168.1.67:0 Flags : ANNOUNCE (PROTO2) --- RECV Destination: 0.0.0.0:0 Gateway : 184.23.210.1:0 Flags : UP,GATEWAY,DONE,STATIC sdl_family: 2: fail flags: 2115: fail type: 184: fail cannot intuit interface index and type for 192.168.1.67 The request, I think I understand, but the response, where the destination is 0.0.0.0, the gateway is the default gateway for the system I don't get. Anyone know what's going on here, or how to create these published proxy entries? Chuck