Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
VirtualBox OpenVPN ARP
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
lwisniewski
n00b
n00b


Joined: 06 Jul 2011
Posts: 8

PostPosted: Thu Jul 07, 2011 1:00 pm    Post subject: VirtualBox OpenVPN ARP Reply with quote

Can you help me with ARP?

My network is as follows:

Dctionary:
host1 - PC with openvpn client
host2 - PC in LAN
server - a server which is running several virtual machines virtualbox. It has two ethernet ports (eth0, eth1). Is installed Gentoo on it, of course.
vserver - virtual machine (virtualbox.) It has two inrefaces eth (eth0, eth1). Everyone is properly assigned (bridge) to the interfaces on server (<server - vserver>, eth0 - eth1, eth1 - eth0).

Eth0 port on the server is connected to the WAN.
Eth1 port on the server is connected to the LAN.

Openvpn Description:

OpenVPN is installed on the vserver.
Created tap0 OpenVPN port.
The bridge is made between tap0 and eth0.
Created a virtual bridge interface br0 which is address 100.1.1.4/16

LAN - 100.1.0.0/16
openvpn hosts - 100.1.1.10 - 100.1.1.19
host1 - 100.1.1.10/16
host2 - 100.1.1.1/16

Iptables and ebtables are everywhere excluded.

(host1: tap0[100.1.1.10])--VPN/WAN--->(server(vserver: br0<tap0, eth0>[100.1.1.4]) eth1[100.1.1.3])---LAN--->(host2: eth0[100.1.1.1])

Problem Description:

I send a ping from host1 to address 100.1.1.4, everything works fine.
I send a ping from vserver to address host1 or host2, everything works fine.
I send a ping from host1 to the host2 or some other host on the LAN:
On the server interface eth1 I see arp who-has and arp replay (Listing 1)
For interface eth0 vserver knowledge only arp who-has a arp replay is gone. (Listing 2)

Listing 3 - Setting up openvpn server
Listing 4 - Setting up openvpn client
Listing 5 - ARP table from server
Listing 6 - ARP table from vserver

If you need some more information, we are happy to share them.

Listing 1
Code:
oro all # tcpdump -nni eth1 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 68 bytes
13:46:02.660908 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:02.660912 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:02.662484 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80
13:46:03.660574 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:03.660579 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:03.662179 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80
13:46:04.660509 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:04.660513 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:04.662105 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80
13:46:06.662102 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:06.662106 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:06.663740 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80
13:46:07.661793 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:07.661797 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:07.663430 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80
13:46:08.661967 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:08.661971 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:08.663615 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80
13:46:10.662572 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:10.662576 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:10.664243 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80
13:46:11.662692 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:11.662696 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:11.664432 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80
13:46:12.662895 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:12.662899 arp who-has 100.1.1.1 tell 100.1.1.10
13:46:12.664617 arp reply 100.1.1.1 is-at 00:15:77:67:7e:80


Listing2
Code:
vpn ~ # tcpdump -nni eth0 arp
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:48:17.442106 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:18.442073 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:19.441734 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:21.442401 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:22.443111 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:23.442508 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:25.442112 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:26.442120 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:27.442151 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:29.443029 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:30.443014 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:31.443006 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:33.443309 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:34.442971 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:35.442716 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:37.443201 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:38.443210 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:39.443071 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:41.445156 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:42.443920 arp who-has 100.1.1.1 tell 100.1.1.10
13:48:43.443166 arp who-has 100.1.1.1 tell 100.1.1.10


Listing 3
Code:
port 11194
proto udp
dev tap0
ca cert/mng/ca.crt
cert cert/mng/mng_server.crt
key cert/mng/mng_server.key
dh cert/mng/dh1024.pem
tls-auth cert/mng/ta.key 0

server-bridge 100.1.1.4 255.255.0.0 100.1.1.10 100.1.1.19

max-clients 2

keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
verb 1


Listing4
Code:
client
dev tap
proto udp
remote 83.68.67.214 11194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
ns-cert-type server
ca biuro_mng/ca.crt
cert biuro_mng/mng_lukas.crt
key biuro_mng/mng_lukas.key
tls-auth biuro_mng/ta.key 1
verb 1


Listing 5
Code:
oro all # arp -en
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.1              ether   00:11:f5:28:77:7b   C                     eth0
100.1.1.3                ether   08:00:27:7d:0b:0a   C                     eth1


Listing 6
Code:
vpn ~ # arp -en
Address                  HWtype  HWaddress           Flags Mask            Iface
100.1.1.1                ether   00:15:77:67:7e:80   C                     br0
192.168.1.1              ether   00:11:f5:28:77:7b   C                     eth1
100.1.1.10               ether   1e:9a:92:76:18:a1   C                     br0
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum