On 12/3/10 2:00 PM, EVGENY YURCHENKO wrote:
[snip]
Thanks Evgeny;
When I run tcpdump on the host I'm trying to connect to I
see unanswered arp requests for the IP I'm trying to connect
from.
Is there a proxy arp setting I need to turn on? I
just tried allowing icmp in addition to tcp/udp from the
pptp interface to the internal network, but get the same arp
requests on the target box.
Any hints for using a separate network for my vpn client?
Thanks,
--- David
I am a bit confused... Can you post your dump here? Plus ifconfig when a PPTP
client is connected.
An ifconfig from the firewall:
# ifconfig
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
ether 00:e0:81:02:5d:d6
inet 24.39.39.202 netmask 0xfffffff8 broadcast 24.39.39.207
inet6 fe80::2e0:81ff:fe02:5dd6%fxp0 prefixlen 64 scopeid 0x1
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (100baseTX)
status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
ether 00:e0:81:02:5d:d7
inet 172.30.0.1 netmask 0xffffff00 broadcast 172.30.0.255
inet6 fe80::2e0:81ff:fe02:5dd7%fxp1 prefixlen 64 scopeid 0x2
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
[snip]
vip1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 24.39.39.203 netmask 0xfffffff8
carp: MASTER vhid 1 advbase 1 advskew 0
pptpd0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST>
metric 0 mtu 1456
inet6 fe80::2e0:81ff:fe02:5dd6%pptpd0 prefixlen 64 scopeid 0xc
inet 24.39.39.202 --> 172.30.0.65 netmask 0xffffffff
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
pptpd1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
tcpdump run from the target host (172.30.0.203)
newrogue:~# tcpdump host 172.30.0.65
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:24:44.980948 IP 172.30.0.65 > 172.30.0.203: ICMP echo request, id
24908, seq 9, length 64
13:24:44.985196 arp who-has 172.30.0.65 tell 172.30.0.203
13:24:45.983096 IP 172.30.0.65 > 172.30.0.203: ICMP echo request, id
24908, seq 10, length 64
13:24:45.986742 arp who-has 172.30.0.65 tell 172.30.0.203
13:24:46.990958 IP 172.30.0.65 > 172.30.0.203: ICMP echo request, id
24908, seq 11, length 64
13:24:46.994740 arp who-has 172.30.0.65 tell 172.30.0.203
and an ifconfig on the mac:
MacBook-Pro-2:~ root# ifconfig ppp0
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444
inet 172.30.0.65 --> 24.39.39.202 netmask 0xffff0000
MacBook-Pro-2:~ root#
I can ping the internal address of the firewall (172.30.0.1) over the
VPN, but other targets on that network can't arp the remote box to reply.
Thanks!
--- David
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org