[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Forward: OpenVPN w/proxy ARP

  • Subject: [Openvpn-users] Forward: OpenVPN w/proxy ARP
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Wed, 17 Mar 2004 21:12:12 -0000

I received this message privately, it has some useful info on using Proxy ARP
on Windows.



While this may not be a full bridge in the traditional sense, it appears to
fit my need and maybe useful to others.

Noting the Ethernet bridging comment '... requires Windows XP or higher ...'
on the page:
yesterday I knocked up a utility to add/remove a proxy-arp address to/from a
network interface under Win2k/XP.  It uses the IPHelper functions:
CreateProxyArpEntry() & DeleteProxyArpEntry() documented here:
However, the WinCE version pages have better usage information here:

It would be good if you could add this functionality to the core OpenVPN
application, maybe using a config keyword such as 'proxy-arp' to activate
proxying of a remote-end virtual address on the local-end LAN.

This operation is useful where modification of the remote network's routing
setup is not possible coupled with the need for connectivity to other
remote-end routable subnets that are not directly routable locally.

The steps are as follows:
1) an openvpn is set up between two different physical LANs, using two
additional addresses from the remote LAN as the virtual vpn addresses;
2) the local-end virtual address is proxy-arp'ed on the remote-end physical
LAN interface;
3) routing is enabled on the remote machine by setting the following
registry value:
this requires a reboot to take effect and can be seen through

For reference, included below are the 'ovpn' files from both machines.

Any comments ?

BTW: I was looking for a Windows implementation of OpenVPN in Nov2002 but it
seemed not to exist at that point.  I didn't look again until last week and
realised that I must have been just a little too early.  Anyway, many thanks
to you and any others involved in pulling together such a cohesive Windows

Best regards - Martin

Local-End Machine (mine)
dev tun
tun-mtu 1500
ping 10
verb 4
mute 10

Remote-End Machine
dev tun
tun-mtu 1500
up "..\\bin\\proxyarp"
down "..\\bin\\proxyarp"
ping 10
verb 4
mute 10

Openvpn-users mailing list