Date: Wed, 27 Oct 2010 00:36:26 +0100 From: David Evans <dave.evans55@googlemail.com> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: Bridge problems, possibly due to proxy arp on Parallels Desktop Message-ID: <4CC765FA.20202@googlemail.com>
next in thread | raw e-mail | index | archive | help
Summary
To make a ping from a OpenVPN client using TAP work, I have to set the
bridge interface manually using "ifconfig bridge0 static tap0 <Ethernet_addr>"
on the server.
My setup
Host 3dosexp
IP 192.168.0.220 on tap0
FreeBSD 8.1, OpenVPN client using tap0 interface
This is a Virtual Machine on Parallels Desktop 6.0 for Mac OS X
It has one virtual NIC which is on Desktop host-only network which
is used for the the encrypted channel for OpenVPN
Host Eight
IP 192.168.0.8 on bridge0.
FreeBSD 8.1, OpenVPN server using bridged networking.
This is another VM on Desktop.
It has one virtual NIC on host-only networking which is used for
the other end of the OpenVPN link.
It has another NIC on Desktop bridged networking (not the same as OpenVPN)
with IP 192.168.0.8 on interface em0
Host Two
IP 192.168.0.2 on en1
Mac OS X 10.6
This is a real machine. Interface en1 is bridged by Desktop
en1 is a wifi interface. It connects to:-
Router One
IP 192.168.0.1
Netgear DG834G wireless and 4-port router.
Host 3dos
IP 192.168.0.250 on vr0
PC running FreeBSD 8.1 i386
Connected via cable to the router.
It is destined to become a VPN server in a small office when the
networking starts working.
----------
Problem One
Pinging from Host 3dosexp to Host Two does not work.
Running "ifconfig bridge0 addr" on host Eight to see what interfaces
are used for which ethernet address shows that all interfaces are set
to em0. Setting a static interface to tap0 for the ethernet address
assigned to tap0 on host 3dosexp makes the ping work.
( using "ifconfig bridge0 static tap0 <3dosexp-ethernet-address>" )
Running "ifconfig bridge0 flushall" on host Eight stops the ping working.
"ifconfig bridge0 addr" shows the ethernet address for host 3dosexp is
now set back to interface em0.
----------
Problem two
Run the command for setting the static interface as described in problem
one. Trying a ping from host 3dosexp (VPN client) to host 3dos ( attached
to the router) does not work. Ping responds with "ping: sendto: Host is down"
On host Eight (the VPN server) running tcpdump on interface em0 shows that
there are arp requests "Who has 192.168.0.250 tell 192.168.0.220"
and arp replies from host 192.168.0.250. The destination of the arp
replies is the ethernet address of interface em0. The replies never get
through the bridge and out onto interface tap0.
That's almost true, but
sometimes something seems to flip and ping starts sending ICMP echo
requests. Again, looking at the interfaces with tcpdump shows
ICMP requests and replies on interface em0. The replies have an ethernet
destination of the ethernet address of em0. Surely they should be destined
for host 3dosexp (the client). The replies do not make it through the
bridge. I suspect at the moment that this is something to do with
Desktop bridged networking using Proxy ARP between the virtual and real
networks.
------------
ifconfig for host Eight (the VPN server)
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:1c:42:01:3f:6c
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:1c:42:f2:f0:b0
inet 10.37.129.3 netmask 0xffffff00 broadcast 10.37.129.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 00:bd:75:26:00:00
Opened by PID 1391
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 6e:67:0a:b1:17:91
inet 192.168.0.8 netmask 0xffffff00 broadcast 192.168.0.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 4 priority 128 path cost 2000000
member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 20000
---------
bridge startup script (immediately after reboot has finished)
#!/bin/sh
ifconfig tap0 down
ifconfig bridge0 down
ifconfig bridge0 destroy
ifconfig tap0 destroy
ifconfig tap0 create
ifconfig tap0 up
ifconfig em0 up
ifconfig bridge0 create
ifconfig bridge0 addm em0 addm tap0 up
ifconfig bridge0 inet 192.168.0.8 netmask 255.255.255.0
---------
routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
10.37.129.0/24 link#2 U 1 165 em1
10.37.129.3 link#2 UHS 0 0 lo0
127.0.0.1 link#3 UH 0 0 lo0
192.168.0.0/24 link#5 U 0 49 bridge
192.168.0.8 link#5 UHS 0 0 lo0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CC765FA.20202>