Bridge problems, possibly due to proxy arp on Parallels Desktop

David Evans dave.evans55 at
Wed Oct 27 00:04:38 UTC 2010


To make a ping from a OpenVPN client using TAP work, I have to set the
bridge interface manually using "ifconfig bridge0 static tap0 <Ethernet_addr>"
on the server.

My setup

Host 3dosexp
IP on tap0
FreeBSD 8.1, OpenVPN client using tap0 interface
This is a Virtual Machine on Parallels Desktop 6.0 for Mac OS X
It has one virtual NIC which is on Desktop host-only network which
is used for the the encrypted channel for OpenVPN

Host Eight
IP on bridge0.
FreeBSD 8.1, OpenVPN server using bridged networking.
This is another VM on Desktop.
It has one virtual NIC on host-only networking which is used for
the other end of the OpenVPN link.
It has another NIC on Desktop bridged networking (not the same as OpenVPN)
with IP on interface em0

Host Two
IP on en1
Mac OS X 10.6
This is a real machine. Interface en1 is bridged by Desktop

en1 is a wifi interface. It connects to:-

Router One
Netgear DG834G wireless and 4-port router.

Host 3dos
IP on vr0
PC running FreeBSD 8.1 i386
Connected via cable to the router.
It is destined to become a VPN server in a small office when the
networking starts working.

Problem One
Pinging from Host 3dosexp to Host Two does not work.

Running "ifconfig bridge0 addr" on host Eight to see what interfaces
are used for which ethernet address shows that all interfaces are set
to em0.  Setting a static interface to tap0 for the ethernet address
assigned to tap0 on host 3dosexp makes the ping work.
( using "ifconfig bridge0 static tap0 <3dosexp-ethernet-address>" )

Running "ifconfig bridge0 flushall" on host Eight stops the ping working.
"ifconfig bridge0 addr" shows the ethernet address for host 3dosexp is
now set back to interface em0.

Problem two

Run the command for setting the static interface as described in problem
one. Trying a ping from host 3dosexp (VPN client) to host 3dos ( attached
to the router) does not work. Ping responds with "ping: sendto: Host is down"

On host Eight (the VPN server) running tcpdump on interface em0 shows that
there are arp requests "Who has tell"
and arp replies from host The destination of the arp
replies is the ethernet address of interface em0.  The replies never get
through the bridge and out onto interface tap0.

That's almost true, but
sometimes something seems to flip and ping starts sending ICMP echo
requests. Again, looking at the interfaces with tcpdump shows
ICMP requests and replies on interface em0. The replies have an ethernet
destination of the ethernet address of em0. Surely they should be destined
for host 3dosexp (the client).  The replies do not make it through the
bridge.  I suspect at the moment that this is something to do with
Desktop bridged networking using Proxy ARP between the virtual and real

ifconfig for host Eight (the VPN server)

    ether 00:1c:42:01:3f:6c
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 00:1c:42:f2:f0:b0
    inet netmask 0xffffff00 broadcast
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
    inet6 ::1 prefixlen 128
    inet netmask 0xff000000
    nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 00:bd:75:26:00:00
    Opened by PID 1391
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 6e:67:0a:b1:17:91
    inet netmask 0xffffff00 broadcast
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 4 priority 128 path cost 2000000
            ifmaxaddr 0 port 1 priority 128 path cost 20000

bridge startup script (immediately after reboot has finished)

ifconfig tap0 down
ifconfig bridge0 down
ifconfig bridge0 destroy
ifconfig tap0 destroy
ifconfig tap0 create
ifconfig tap0 up
ifconfig  em0 up
ifconfig bridge0 create
ifconfig bridge0 addm em0 addm tap0 up
ifconfig bridge0 inet  netmask

routing tables

Destination        Gateway            Flags    Refs      Use  Netif Expire     link#2             U           1      165    em1        link#2             UHS         0        0    lo0          link#3             UH          0        0    lo0     link#5             U           0       49 bridge        link#5             UHS         0        0    lo0

More information about the freebsd-net mailing list