My problem is this (and it's driving me nuts as I can't see the
solution). I have two freebsd boxes acting as routers, the layout is like

Clients ( <----->(eth0) ROUTER A (eth1)<=======> (eth1) ROUTER
B (eth0) <----> ( Upstream ISP & Internet

Router A Configuration:

eth0: Subnet
eth1: Subnet

Router B Configuration:

eth0: Subnet
eth1: Subnet

The private IP's denote an IPSEC VPN connection (Wireless) between ROUTER A
& B, all the client PC's are on public IP's. Now, the VPN works perfectly,
encrypting the packets over the wireless link, however ROUTER A's eth0
interface does not appear in the arp -a lookup:

? ( at 00:05:5d:a6:15:78 on eth1 permanent [ethernet]
? ( at 00:c0:dd:ea:ac:5c on eth1 [ethernet]
? ( at ff:ff:ff:ff:ff:ff on eth0 permanent [ethernet]
? ( at 00:0c:cd:53:d9:f3 on eth0 [ethernet]
? ( at 00:9a:17:90:d3:b4 on eth0 [ethernet]
? ( at 00:2b:18:2e:22:21 on eth0 [ethernet]
? ( at ff:ff:ff:ff:ff:ff on eth0 permanent [ethernet]

If I try and force the entry, I receive the following error:

routera# arp -s 00:0c:5d:e6:16:75
set: can only proxy for

The big problem this is causing is that clients cannot ping the gateway, and
it responds to no requests (i.e I can't ssh into it), but it still forwards
packets perfectly. Basically it's like was invisible. The other
strange thing is, that if I ssh into ROUTER B and ping I receive

routerb# ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=3.577 ms
64 bytes from icmp_seq=1 ttl=64 time=3.724 ms
64 bytes from icmp_seq=2 ttl=64 time=3.817 ms
--- ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.577/3.706/3.817/0.099 ms

The output of ROUTER B's arp table is displayed below:

? ( at 00:05:5d:a6:15:78 on eth1 [ethernet]
? ( at 00:c0:dd:ea:ac:5c on eth1 permanent [ethernet]
? ( at 00:d0:03:ba:bb:fc on eth0 [ethernet]

I am completely at a loss as to how to get around this problem. Any help or
advice would be really great as I've spend the past 3 days, and the floor is
littered with tufts of hair ;) Just incase this is any help, this is the
output from setkey -DP (For encrypting the packets across the 10.0.0.x link)
on each router:

ROUTER A:[any][any] any
        in ipsec
        spid=2 seq=1 pid=778
        refcnt=1[any][any] any
        out ipsec
        spid=1 seq=0 pid=778

ROUTER B:[any][any] any
        in ipsec
        spid=8 seq=1 pid=24377
        refcnt=1[any][any] any
        out ipsec
        spid=7 seq=0 pid=24377

Please help!!! :))

Many Thanks

Colin Watson
(Nearly bald guy)

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to