On Sun, Feb 17, 2013 at 10:32:33AM -0500, Stuart McMurray wrote: > Hi all, > > I'm having a bit of trouble getting l2tp working from behind a firewall. > > Here's the setup: > > OpenBSD with isakmpd and npppd -- Home Router -- Internet -- Cell Network -- > iPhone/Laptop > > Basically, the idea is to make a VPN for use when I'm travelling. > > I can connect just fine and put traffic on the network, but arp requests > from other hosts on the network don't get sent back through the l2tp > tunnel. If I manually add the ethernet address of the > > If I manually update the arp cache of another host on the network with > the ethernet address of my npppd/isakmpd box and the IP assigned by > npppd, traffic flows with no problem. > > Looking at the traffic of the nic on the npppd box, I see arp replies > coming in. tcpdump on the pipex interface doesn't report the arp > requests. > > Is there something special I need to do to send non-ip traffic through > the vpn?
npppd and L2TP VPN are not built to do L2 VPNs. To build something like that you would need to do proxy-arp on the npppd box and even then not everything will work since it is still a ppp connection running in the end. It may be better to use gif(4) over ipsec for this since that will allow you to do etherip and native L2 VPNs. On the client bridge the gif with vether(4) and on the server bridge it with your real ethernet device. npppd works great for L3 VPNs though... -- :wq Claudio
