Re: [Openvpn-users] topology subnet and arp

[Richard Quintin <rjqjunk@xxxxxx>]

This did the trick a bit more efficiently:
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

Richard Quintin wrote:
> I think I have the answer to my own question.... :)
> 
> ARP Proxy seems to do the trick.  If anyone has a better idea please 
> send it along.
> 
> On the vpn server:
> arp -i eth1 -Ds 10.8.0.2 eth1 pub
> 
> I can put something like this in a learn-address script.  Sure will be 
> a lot simpler than the learn-address I had going for bridging. :)
> 
> Richard Quintin wrote:
>> Hi all,
>>
>> I'm working on moving from a sort of working bridged vpn to a topology 
>> subnet.  My hope is that it will simplify my life considerably.
>>
>> # openvpn --version
>> OpenVPN 2.1_beta14 i686-pc-linux [SSL] [LZO2] [EPOLL] built on Aug  2 2006
>> Developed by James Yonan
>> Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@xxxxxxxxxxx>
>>
>> How do I setup the route/firewall to allow traffic between a vpn client 
>> and host sitting behind the vpn server.
>>
>> vpn client (10.8.0.2) <---vpn--->(tun0 - 10.8.0.1) vpn server (eth1 - 
>> 10.82.162.250) <------>(10.82.162.116) host
>>
>> Client is able to connect fine.  Pings to 10.8.0.1 are fine.
>> I push all 10.0.0.0/8 through tun0.
>> 10.0.0.0        *               255.0.0.0       U     0      0        0 tun0
>>
>> So now when I ping 10.82.162.116, the host (10.82.162.116) sees the 
>> ping, but is unable to respond because no one responds to an arp who-has 
>> 10.8.0.2.
>>
>> Should the vpn client be responding or should the vpn server be 
>> responding on behalf of the client?  In either case can someone suggest 
>> the proper ip/eb/arptables rules to make it so?
>>
>> Thanks!
> 

-- 
Richard Quintin,
DBA Information Systems & Computing,
DBMS Virginia Tech

~ Minds are like parachutes - they function only when open.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users