ARP and npppd

Sun, 17 Feb 2013 12:31:50 -0800 

Hi all,

I'm having a bit of trouble getting l2tp working from behind a firewall.

Here's the setup:

OpenBSD with isakmpd and npppd -- Home Router -- Internet -- Cell Network -- 
iPhone/Laptop

Basically, the idea is to make a VPN for use when I'm travelling.

I can connect just fine and put traffic on the network, but arp requests
from other hosts on the network don't get sent back through the l2tp
tunnel.  If I manually add the ethernet address of the 

If I manually update the arp cache of another host on the network with
the ethernet address of my npppd/isakmpd box and the IP assigned by
npppd, traffic flows with no problem.

Looking at the traffic of the nic on the npppd box, I see arp replies
coming in.  tcpdump on the pipex interface doesn't report the arp
requests.

Is there something special I need to do to send non-ip traffic through
the vpn?

Here are my config files:
ipsec.conf:
ike passive esp transport \
         proto udp from mydomain.com (0.0.0.0/0) to any port 1701 \
         main auth "hmac-sha" enc "aes" group modp1024 \
         quick auth "hmac-sha" enc "aes" \
         psk "xxxxxxx"

npppd.conf:
authentication LOCAL type local {
        users-file "/etc/npppd/npppd-users"
}
tunnel L2TP_ipv4 protocol l2tp {
        listen on 0.0.0.0
        l2tp-accept-dialin yes
}
ipcp IPCP {
        pool-address 192.168.11.150-192.168.11.159
        dns-servers 192.168.11.25
}
interface pppx0 address 192.168.11.160 ipcp IPCP
bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0

npppd-users:
stuart:\
        :password=foo:

ifconfig's output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33152
        priority: 0
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 76:7f:52:6e:91:0d
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::747f:52ff:fe6e:910d%re0 prefixlen 64 scopeid 0x1
        inet6 2601:xxx prefixlen 64 autoconf pltime 14391 vltime 86391
        inet6 2601:xxx prefixlen 64 autoconf autoconfprivacy pltime 6138 vltime 
78138
        inet 192.168.11.29 netmask 0xffffff00 broadcast 192.168.11.255
enc0: flags=0<>
        priority: 0
        groups: enc
        status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33152
        priority: 0
        groups: pflog
pppx0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1360
        description: stuart
        priority: 0
        groups: pppx
        inet 192.168.11.160 --> 192.168.11.157 netmask 0xffffffff

Thanks,

Stuart

Reply via email to