Date: Wed, 29 Apr 2009 11:57:17 +0200 From: Julien Cigar <jcigar@ulb.ac.be> To: Sebastiaan van Erk <sebster@sebster.com> Cc: freebsd-questions@freebsd.org Subject: Re: CARP & bridge Message-ID: <1240999037.2645.3.camel@frodon.be-bif.ulb.ac.be> In-Reply-To: <49F81FF2.3040302@sebster.com> References: <49F81FF2.3040302@sebster.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2009-04-29 at 11:37 +0200, Sebastiaan van Erk wrote: > Hi, > > I have a bridged OpenVPN setup where the OpenVPN tap0 driver is bridged > (via bridge0) to the physical em1 interface, which has a VIP via a carp1 > interface: > > em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 > mtu 1500 > options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> > ether 00:0c:29:61:2a:55 > inet 10.0.80.77 netmask 0xffffff00 broadcast 10.0.80.255 > media: Ethernet autoselect (1000baseTX <full-duplex>) > status: active > bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu > 1500 > ether 9a:6a:9f:b2:65:da > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 11 priority 128 path cost 2000000 > member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 2 priority 128 path cost 20000 > tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric > 0 mtu 1500 > ether 00:bd:48:03:00:00 > Opened by PID 24616 > carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 10.0.80.74 netmask 0xffffff00 > carp: MASTER vhid 2 advbase 1 advskew 0 > > > The problem I have is that when I ping the VIP from a VPN client (on > tap0), the server receives arp requests for the VIP on tap0, but it does > not respond to them: > > # tcpdump -i tap0 -ln > 11:29:13.637048 arp who-has 10.0.80.74 tell 10.0.80.6 > > Is there any way to get the server to respond to arp requests on tap0 > for the VIP? > Maybe you've to do ARP Proxy on one side ? Try to add an ARP entry in the ARP table with arp (arp -s 1.2.3.4 MAC foo) .. > This is all on FreeBSD 7.1 with OpenVPN 2.0.6 (both client and server). > > Regards, > Sebastiaan > -- Julien Cigar Belgian Biodiversity Platform http://www.biodiversity.be Université Libre de Bruxelles (ULB) Campus de la Plaine CP 257 Bâtiment NO, Bureau 4 N4 115C (Niveau 4) Boulevard du Triomphe, entrée ULB 2 B-1050 Bruxelles Mail: jcigar@ulb.ac.be @biobel: http://biobel.biodiversity.be/person/show/471 Tel : 02 650 57 52
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1240999037.2645.3.camel>