Hi, On Sat, Nov 16, 2013 at 11:45:37PM -0500, Ryan Whelan wrote: > With 2 clients connected with the addresses fdda:ba64:dcdc:1::1002 and > fdda:ba64:dcdc:1::1001, when trying to ping from one to the other, I can > see the NDP traffic on the server's tap interface- > > 03:55:01.978033 IP6 fdda:ba64:dcdc:1::1002 > ff02::1:ff00:1001: ICMP6, > neighbor solicitation, who has fdda:ba64:dcdc:1::1001, length 32
That is actually a fairly interesting problem. The Linux side will not send out the multicast *back* onto the TAP interface where it came from, because that is a good way to cause packet loops, so you just don't do that. OpenVPN won't forward the multicasts to the other client as well, because you told it not to do so (it will, if client-to-client is used). It could be hacked into OpenVPN ("permit neighbour discovery IPv6 mcast, even if client-to-client is off"), but that's not exactly trivial. You could use *tun* instead of tap, which does not have ND, so doesn't suffer from multicast forwarding issues. This is what I would do. Or you could add static nd entries ("ip neigh add" on Linux) on the clients... this might need some more trickery in the --up script to ensure a constant MAC address on the tap interface, otherwise static ND on the other clients will not work right. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpQIkxSHJeLE.pgp
Description: PGP signature
------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users