From owner-freebsd-questions@FreeBSD.ORG Wed Apr 29 10:23:50 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AAD9D106566B for ; Wed, 29 Apr 2009 10:23:50 +0000 (UTC) (envelope-from jcigar@ulb.ac.be) Received: from mxin.vub.ac.be (mxin.vub.ac.be [134.184.129.112]) by mx1.freebsd.org (Postfix) with ESMTP id 4D5B38FC1A for ; Wed, 29 Apr 2009 10:23:50 +0000 (UTC) (envelope-from jcigar@ulb.ac.be) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnMCAGq890mkD30E/2dsb2JhbAAIzzSDdAU Received: from bebif01.ulb.ac.be (HELO [10.0.0.194]) ([164.15.125.4]) by smtp.vub.ac.be with ESMTP; 29 Apr 2009 11:55:02 +0200 From: Julien Cigar To: Sebastiaan van Erk In-Reply-To: <49F81FF2.3040302@sebster.com> References: <49F81FF2.3040302@sebster.com> Content-Type: text/plain; charset=utf-8 Date: Wed, 29 Apr 2009 11:57:17 +0200 Message-Id: <1240999037.2645.3.camel@frodon.be-bif.ulb.ac.be> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re: CARP & bridge X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Apr 2009 10:23:50 -0000 On Wed, 2009-04-29 at 11:37 +0200, Sebastiaan van Erk wrote: > Hi, > > I have a bridged OpenVPN setup where the OpenVPN tap0 driver is bridged > (via bridge0) to the physical em1 interface, which has a VIP via a carp1 > interface: > > em1: flags=8943 metric 0 > mtu 1500 > options=98 > ether 00:0c:29:61:2a:55 > inet 10.0.80.77 netmask 0xffffff00 broadcast 10.0.80.255 > media: Ethernet autoselect (1000baseTX ) > status: active > bridge0: flags=8843 metric 0 mtu > 1500 > ether 9a:6a:9f:b2:65:da > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: tap0 flags=143 > ifmaxaddr 0 port 11 priority 128 path cost 2000000 > member: em1 flags=143 > ifmaxaddr 0 port 2 priority 128 path cost 20000 > tap0: flags=8943 metric > 0 mtu 1500 > ether 00:bd:48:03:00:00 > Opened by PID 24616 > carp1: flags=49 metric 0 mtu 1500 > inet 10.0.80.74 netmask 0xffffff00 > carp: MASTER vhid 2 advbase 1 advskew 0 > > > The problem I have is that when I ping the VIP from a VPN client (on > tap0), the server receives arp requests for the VIP on tap0, but it does > not respond to them: > > # tcpdump -i tap0 -ln > 11:29:13.637048 arp who-has 10.0.80.74 tell 10.0.80.6 > > Is there any way to get the server to respond to arp requests on tap0 > for the VIP? > Maybe you've to do ARP Proxy on one side ? Try to add an ARP entry in the ARP table with arp (arp -s 1.2.3.4 MAC foo) .. > This is all on FreeBSD 7.1 with OpenVPN 2.0.6 (both client and server). > > Regards, > Sebastiaan > -- Julien Cigar Belgian Biodiversity Platform http://www.biodiversity.be Université Libre de Bruxelles (ULB) Campus de la Plaine CP 257 Bâtiment NO, Bureau 4 N4 115C (Niveau 4) Boulevard du Triomphe, entrée ULB 2 B-1050 Bruxelles Mail: jcigar@ulb.ac.be @biobel: http://biobel.biodiversity.be/person/show/471 Tel : 02 650 57 52