[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Forward: OpenVPN w/proxy ARP


  • Subject: [Openvpn-users] Forward: OpenVPN w/proxy ARP
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Wed, 17 Mar 2004 21:12:12 -0000

I received this message privately, it has some useful info on using Proxy ARP
on Windows.

James

***************

While this may not be a full bridge in the traditional sense, it appears to
fit my need and maybe useful to others.

Noting the Ethernet bridging comment '... requires Windows XP or higher ...'
on the page:
	http://openvpn.sourceforge.net/INSTALL-win32.html,
yesterday I knocked up a utility to add/remove a proxy-arp address to/from a
network interface under Win2k/XP.  It uses the IPHelper functions:
CreateProxyArpEntry() & DeleteProxyArpEntry() documented here:
	
http://msdn.microsoft.com/library/en-us/iphlp/iphlp/ip_helper_functions.asp
However, the WinCE version pages have better usage information here:
	
http://msdn.microsoft.com/library/en-us/wcetcpip/html/ceconIPHelperFunctions
asp

It would be good if you could add this functionality to the core OpenVPN
application, maybe using a config keyword such as 'proxy-arp' to activate
proxying of a remote-end virtual address on the local-end LAN.

This operation is useful where modification of the remote network's routing
setup is not possible coupled with the need for connectivity to other
remote-end routable subnets that are not directly routable locally.

The steps are as follows:
1) an openvpn is set up between two different physical LANs, using two
additional addresses from the remote LAN as the virtual vpn addresses;
2) the local-end virtual address is proxy-arp'ed on the remote-end physical
LAN interface;
3) routing is enabled on the remote machine by setting the following
registry value:
	
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnab
leRouter(REG_DWORD)=1
this requires a reboot to take effect and can be seen through
'ipconfig/all'.

For reference, included below are the 'ovpn' files from both machines.

Any comments ?

BTW: I was looking for a Windows implementation of OpenVPN in Nov2002 but it
seemed not to exist at that point.  I didn't look again until last week and
realised that I must have been just a little too early.  Anyway, many thanks
to you and any others involved in pulling together such a cohesive Windows
implementation.

Best regards - Martin



Local-End Machine (mine)
------------------------
remote 172.27.1.249
dev tun
tun-mtu 1500
ifconfig 172.27.1.238 172.27.1.237
ping 10
comp-lzo
verb 4
mute 10

Remote-End Machine
------------------
remote 172.27.10.1
dev tun
tun-mtu 1500
ifconfig 172.27.1.237 172.27.1.238
up "..\\bin\\proxyarp 172.27.1.238 255.255.255.128"
down "..\\bin\\proxyarp 172.27.1.238"
ping 10
comp-lzo
verb 4
mute 10




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users