On Sun, Feb 17, 2013 at 06:25:24PM -0500, Stuart McMurray wrote: > On Sun, Feb 17, 2013 at 5:13 PM, Claudio Jeker > <[email protected]>wrote: > > > On Sun, Feb 17, 2013 at 10:32:33AM -0500, Stuart McMurray wrote: > > > Hi all, > > > > > > I'm having a bit of trouble getting l2tp working from behind a firewall. > > > > > > Here's the setup: > > > > > > OpenBSD with isakmpd and npppd -- Home Router -- Internet -- Cell > > Network -- iPhone/Laptop > > > > > > Basically, the idea is to make a VPN for use when I'm travelling. > > > > > > I can connect just fine and put traffic on the network, but arp requests > > > from other hosts on the network don't get sent back through the l2tp > > > tunnel. If I manually add the ethernet address of the > > > > > > If I manually update the arp cache of another host on the network with > > > the ethernet address of my npppd/isakmpd box and the IP assigned by > > > npppd, traffic flows with no problem. > > > > > > Looking at the traffic of the nic on the npppd box, I see arp replies > > > coming in. tcpdump on the pipex interface doesn't report the arp > > > requests. > > > > > > Is there something special I need to do to send non-ip traffic through > > > the vpn? > > > > npppd and L2TP VPN are not built to do L2 VPNs. To build something like > > that you would need to do proxy-arp on the npppd box and even then not > > everything will work since it is still a ppp connection running in the end. > > It may be better to use gif(4) over ipsec for this since that will allow > > you to do etherip and native L2 VPNs. On the client bridge the gif with > > vether(4) and on the server bridge it with your real ethernet device. > > > > npppd works great for L3 VPNs though... > > -- > > :wq Claudio > > > > > If npppd's L2TP VPN isn't built for an L2 VPN (?), what's the appropriate > daemon to set up an L2TP VPN in OpenBSD? Since the clients are going to be > iOS (Apple, non Cisco) devices, bridging interfaces manually isn't a > possibility. >
Even though L2TP has L2 in its name it is not built to create ethernet layer 2 tunnels. It is just tunneling PPP packets inside of UDP. So the only thing you can do is proxyarp (which npppd does not support natively) or route the traffic. Especially for all the iOS devices there is no need to make this a L2 network (unless you want to do airplay over VPN). -- :wq Claudio
