[Swan] cannot get traffic to lan when using xauth and pool address is on lan segment
Antonio Silva
asilva at wirelessmundi.com
Mon Apr 17 17:04:54 UTC 2017
ok, so there is something i'm doing badly...
after ping the ip assign to the client i print the arp entires and for
the ip address in question there is no arp entry, and it suppose to be
with mac address of the server...
# ping 192.168.10.206
PING 192.168.10.206 (192.168.10.206) 56(84) bytes of data.
64 bytes from 192.168.10.206: icmp_seq=1 ttl=64 time=509 ms
64 bytes from 192.168.10.206: icmp_seq=2 ttl=64 time=72.0 ms
# arp | grep 192.168.10.206
Saludos / Regards / Cumprimentos,
António silva
On 04/17/2017 04:46 PM, Paul Wouters wrote:
> On Mon, 17 Apr 2017, Antonio Silva wrote:
>
>> Correcting if i'm wrong, but digging a litle more, there won't be any
>> mac associated with the ip/vpn client, so there is no arp entry in
>> the server, even with proxy-arp enabled the lan devices will never
>> be able to reach the vpn client.. because not arp will be found in
>> the server. So i always have to set a different network, like in the
>> 2) setup, no?
>
> proxy arp fixes that. The linux/libreswan serer will use its own MAC for
> all IP addresses it handed out to the clients.
>
> Paul
More information about the Swan
mailing list