[Swan] cannot get traffic to lan when using xauth and pool address is on lan segment

Antonio Silva asilva at wirelessmundi.com
Wed Apr 19 20:50:40 UTC 2017


is not set, i check by doing:

# sysctl -a | grep proxy_arp
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.br0.proxy_arp = 0
net.ipv4.conf.br0.proxy_arp_pvlan = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
net.ipv4.conf.eth1.proxy_arp = 0
net.ipv4.conf.eth1.proxy_arp_pvlan = 0
net.ipv4.conf.eth2.proxy_arp = 0
net.ipv4.conf.eth2.proxy_arp_pvlan = 0
net.ipv4.conf.eth2/24.proxy_arp = 0
net.ipv4.conf.eth2/24.proxy_arp_pvlan = 0
net.ipv4.conf.imq0.proxy_arp = 0
net.ipv4.conf.imq0.proxy_arp_pvlan = 0
net.ipv4.conf.imq1.proxy_arp = 0
net.ipv4.conf.imq1.proxy_arp_pvlan = 0
net.ipv4.conf.ip_vti0.proxy_arp = 0
net.ipv4.conf.ip_vti0.proxy_arp_pvlan = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0


My lan ip is set on br0 and the br0 only have eth0.


On 04/19/2017 10:15 PM, Tuomo Soini wrote:
> On Wed, 19 Apr 2017 21:18:06 +0200
> Antonio Silva <asilva at wirelessmundi.com> wrote:
>
>> it's working for me with leftsourceip=192.168.10.1 (server
>> lan/gateway ip) and pool 192.168.10.206-210.
>>
>> The proxy_arp is set to 0 on all interfaces.
> I suggest you check setting when you have tunnel up.
>
>> When set the tunnel without leftsourceip is when i don't have traffic
>> to lan.
>>
>> Now i do see the arp replies:
>>
>> 21:16:05.120182 ARP, Request who-has 192.168.10.207 tell
>> 192.168.10.25, length 46
>> 21:16:05.904139 ARP, Reply 192.168.10.207 is-at f8:b1:56:b7:7f:d8,
>> length 28
>>
>>
>> The mac is from the lan device.
> We have some automation in _updown to enable proxy arp when it's
> needed.
>



More information about the Swan mailing list