CARP, openvpn in bridged mode, and ping

Sebastiaan van Erk sebster at sebster.com
Wed Apr 8 03:29:45 PDT 2009 

Hi,

I have the following setup: two servers with a virtual LAN IP address 
shared with CARP (the hosts are 10.0.80.77 and 10.0.80.76 and the 
virtual IP address is 10.0.80.1).

When I ping the VIP from any host on the LAN, it works fine.

Next I have some openvpn clients (both 10.0.80.77 and 10.0.80.76 have 
openvpn servers on their external IPs). The client IPs are on the LAN 
using a bridge and are 10.0.80.150 (linux client) and 10.0.80.6 (freebsd 
client).

 From linux I can ping the VIP (10.0.80.1) just fine, but when I do 
arping I see (with tcpdump) that the the ARP requests are received by 
the carp master on the tap0 device, but that it does not reply.

 From a FreeBSD VPN client I cannot ping the VIP (10.0.80.1), because it 
does the ARP requests indefinitely and gets no answer.

Both machines ping to the other hosts on the LAN just fine (e.g., all of 
them can ping 10.0.80.77 just fine).

Is there any way to get ARP to work (and thereby, ping to work) in this 
configuration?

Regards,
Sebastiaan

PS: the relevant ifconfig info is:

10.0.80.77 (carp master and vpn server):
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
mtu 1500
	options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:0c:29:61:2a:55
	inet 10.0.80.77 netmask 0xffffff00 broadcast 10.0.80.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
1500
	ether 12:d8:09:8d:1b:88
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 9 priority 128 path cost 2000000
	member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 2 priority 128 path cost 20000
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
	inet 10.0.80.1 netmask 0xffffff00
	carp: MASTER vhid 174 advbase 1 advskew 0
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
0 mtu 1500
	ether 00:bd:c0:02:00:00
	Opened by PID 1199

10.0.80.150 (the linux openvpn client):
tap0      Link encap:Ethernet  HWaddr 46:c2:27:c9:36:e3
           inet addr:10.0.80.150  Bcast:10.0.80.255  Mask:255.255.255.0
           inet6 addr: fe80::44c2:27ff:fec9:36e3/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:34336 errors:0 dropped:0 overruns:0 frame:0
           TX packets:12951 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:11939564 (11.9 MB)  TX bytes:1191746 (1.1 MB)

10.0.80.6 (the freebsd openvpn client):
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 00:bd:bf:f6:08:00
	inet 10.0.80.6 netmask 0xffffff00 broadcast 10.0.80.255
	Opened by PID 71953


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3328 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-cluster/attachments/20090408/03aca42c/smime.bin

More information about the freebsd-cluster mailing list