CARP, openvpn in bridged mode, and ping
Sebastiaan van Erk
sebster at sebster.com
Wed Apr 8 03:29:45 PDT 2009
Hi,
I have the following setup: two servers with a virtual LAN IP address
shared with CARP (the hosts are 10.0.80.77 and 10.0.80.76 and the
virtual IP address is 10.0.80.1).
When I ping the VIP from any host on the LAN, it works fine.
Next I have some openvpn clients (both 10.0.80.77 and 10.0.80.76 have
openvpn servers on their external IPs). The client IPs are on the LAN
using a bridge and are 10.0.80.150 (linux client) and 10.0.80.6 (freebsd
client).
From linux I can ping the VIP (10.0.80.1) just fine, but when I do
arping I see (with tcpdump) that the the ARP requests are received by
the carp master on the tap0 device, but that it does not reply.
From a FreeBSD VPN client I cannot ping the VIP (10.0.80.1), because it
does the ARP requests indefinitely and gets no answer.
Both machines ping to the other hosts on the LAN just fine (e.g., all of
them can ping 10.0.80.77 just fine).
Is there any way to get ARP to work (and thereby, ping to work) in this
configuration?
Regards,
Sebastiaan
PS: the relevant ifconfig info is:
10.0.80.77 (carp master and vpn server):
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:0c:29:61:2a:55
inet 10.0.80.77 netmask 0xffffff00 broadcast 10.0.80.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
ether 12:d8:09:8d:1b:88
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 2000000
member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 20000
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 10.0.80.1 netmask 0xffffff00
carp: MASTER vhid 174 advbase 1 advskew 0
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
ether 00:bd:c0:02:00:00
Opened by PID 1199
10.0.80.150 (the linux openvpn client):
tap0 Link encap:Ethernet HWaddr 46:c2:27:c9:36:e3
inet addr:10.0.80.150 Bcast:10.0.80.255 Mask:255.255.255.0
inet6 addr: fe80::44c2:27ff:fec9:36e3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34336 errors:0 dropped:0 overruns:0 frame:0
TX packets:12951 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:11939564 (11.9 MB) TX bytes:1191746 (1.1 MB)
10.0.80.6 (the freebsd openvpn client):
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:bd:bf:f6:08:00
inet 10.0.80.6 netmask 0xffffff00 broadcast 10.0.80.255
Opened by PID 71953
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3328 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-cluster/attachments/20090408/03aca42c/smime.bin
More information about the freebsd-cluster
mailing list