[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] ARP Problem??


  • Subject: RE: [Openvpn-users] ARP Problem??
  • From: Andreas Iwanowski <namezero@xxxxxxxxx>
  • Date: Mon, 6 Dec 2004 22:20:57 -0500

Oh I'm sorry, there must be a misunderstanding.
By clients, I refer to the computers in a subnet behind the server.
The two servers link two subnets over TUN devices.

The original post from two weeks ago was:
------------------
Hello,
I know I know this probably does not belong here but it kinda does....
So here we go...

I have a VPN set up on a server lets say 192.168.150.6 and a router for internet 192.168.150.254
How can I tell the clients over DHCP to route 192.168.0.0/16 over 192.168.150.6 andf the rest over the normal router?

Sometimes, the gateway 192.168.150.6 is skipped and the client sends all the packet (also 192.168.0.0/16) directly over 192.168.150.254 !!!
Even then, when you look into the routing table of the client, it says default gateway 192.168.150.6 .
Restarting the server helps...
I'm really puzzled as to why this happens...

------------------

It happens only when the VPN is reconnecting due to an IP address change.
So if I restart the server machine, it works again, but not when I just restart OpenVPN or Routing and Remote Access.
It's not really an OpenVPN problem, because even in case the clients loose connectivity, the server doesn't; I just don't know where to post. I think when the link goes down the server might think the static route is invalid and changes the ARP routing table.

Any help is appreciated!
thank you...
... andy

-----Original Message-----
From: James Yonan [mailto:jim@xxxxxxxxx]
Sent: Monday, December 06, 2004 9:49 PM
To: Andreas Iwanowski
Cc: Openvpn Users (E-mail)
Subject: Re: [Openvpn-users] ARP Problem??


> I have a question. I have a tunnel between two VPN servers, and when one
> of them restarts the link (because of --ping-restart) the clients behind
> the server can no longer use the VPN until the server is restarted.
> Could it be because of the TAP adapters not having a fixed MAC
> address,so when the adapter is reinitialized, the MAC adress
> changes/messes up the ARP routing table??

The client would need to restart as well if the server is restarting.  
ping/ping-restart/keepalive can help the client to restart in this case.  
When the Windows client restarts, it should do an ARP flush on the TAP 
adapter, to clear out any stale entries.

James