--- On Fri, 12/3/10, David Miller <[email protected]> wrote:
> From: David Miller <[email protected]> > Subject: Re: [pfSense Support] PPTP question > To: [email protected] > Date: Friday, December 3, 2010, 2:35 PM > On 12/3/10 2:00 PM, EVGENY YURCHENKO > wrote: > > > [snip] > > >> Thanks Evgeny; > >> > >> When I run tcpdump on the host I'm trying to > connect to I > >> see unanswered arp requests for the IP I'm trying > to connect > >> from. > >> > >> Is there a proxy arp setting I need to turn > on? I > >> just tried allowing icmp in addition to tcp/udp > from the > >> pptp interface to the internal network, but get > the same arp > >> requests on the target box. > >> > >> Any hints for using a separate network for my vpn > client? > >> > >> Thanks, > >> > >> --- David > > I am a bit confused... Can you post your dump here? > Plus ifconfig when a PPTP client is connected. > > An ifconfig from the firewall: > > # ifconfig > fxp0: > flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> > metric 0 mtu 1500 > > options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC> > ether 00:e0:81:02:5d:d6 > inet 24.39.39.202 netmask 0xfffffff8 > broadcast 24.39.39.207 > inet6 fe80::2e0:81ff:fe02:5dd6%fxp0 prefixlen > 64 scopeid 0x1 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (100baseTX) > status: active > fxp1: > flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> > metric 0 mtu 1500 > > options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC> > ether 00:e0:81:02:5d:d7 > inet 172.30.0.1 netmask 0xffffff00 broadcast > 172.30.0.255 > inet6 fe80::2e0:81ff:fe02:5dd7%fxp1 prefixlen > 64 scopeid 0x2 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (100baseTX > <full-duplex>) > status: active > [snip] > vip1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu > 1500 > inet 24.39.39.203 netmask 0xfffffff8 > carp: MASTER vhid 1 advbase 1 advskew 0 > pptpd0: > flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> > metric 0 mtu 1456 > inet6 fe80::2e0:81ff:fe02:5dd6%pptpd0 > prefixlen 64 scopeid 0xc > inet 24.39.39.202 --> 172.30.0.65 netmask > 0xffffffff > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > pptpd1: > flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric > 0 mtu 1500 > > tcpdump run from the target host (172.30.0.203) > > newrogue:~# tcpdump host 172.30.0.65 > tcpdump: verbose output suppressed, use -v or -vv for full > protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture > size 96 bytes > 13:24:44.980948 IP 172.30.0.65 > 172.30.0.203: ICMP echo > request, id 24908, seq 9, length 64 > 13:24:44.985196 arp who-has 172.30.0.65 tell 172.30.0.203 > 13:24:45.983096 IP 172.30.0.65 > 172.30.0.203: ICMP echo > request, id 24908, seq 10, length 64 > 13:24:45.986742 arp who-has 172.30.0.65 tell 172.30.0.203 > 13:24:46.990958 IP 172.30.0.65 > 172.30.0.203: ICMP echo > request, id 24908, seq 11, length 64 > 13:24:46.994740 arp who-has 172.30.0.65 tell 172.30.0.203 > > > and an ifconfig on the mac: > > MacBook-Pro-2:~ root# ifconfig ppp0 > ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> > mtu 1444 > inet 172.30.0.65 --> 24.39.39.202 netmask > 0xffff0000 > MacBook-Pro-2:~ root# > > I can ping the internal address of the firewall > (172.30.0.1) over the VPN, but other targets on that network > can't arp the remote box to reply. > > Thanks! > > --- David Interesting and weird. I recall this way worked on 1.2.3. Then I think you must try 'subnet different from LAN' option. Evgeny. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
