[Swan] cannot get traffic to lan when using xauth and pool address is on lan segment

[Antonio Silva]

ok, so there is something i'm doing badly...

after ping the ip assign to the client i print the arp entires and for 
the ip address in question there is no arp entry, and it suppose to be 
with mac address of the server...

# ping 192.168.10.206
PING 192.168.10.206 (192.168.10.206) 56(84) bytes of data.
64 bytes from 192.168.10.206: icmp_seq=1 ttl=64 time=509 ms
64 bytes from 192.168.10.206: icmp_seq=2 ttl=64 time=72.0 ms


# arp | grep 192.168.10.206



Saludos / Regards / Cumprimentos,
António silva

On 04/17/2017 04:46 PM, Paul Wouters wrote:
> On Mon, 17 Apr 2017, Antonio Silva wrote:
>
>> Correcting if i'm wrong, but digging a litle more, there won't be any 
>> mac associated with the ip/vpn client, so there is no arp entry in 
>> the server, even with proxy-arp enabled  the lan devices will never 
>> be able to reach the vpn client.. because not arp will be found in 
>> the server. So i always have to set a different network, like in the 
>> 2) setup, no?
>
> proxy arp fixes that. The linux/libreswan serer will use its own MAC for
> all IP addresses it handed out to the clients.
>
> Paul