[strongSwan] @ MAC in ARP cache ?
Arnaud Gavara
arnaud.gavara at umontpellier.fr
Wed Mar 16 10:52:51 CET 2016
Hello,
We are using Strongswan (5.3.5) in a site to site configuration (ikev2).
The topology is:
0.0.0.0/0 <RouterA: 172.30.140.1> <-> VPN A === VPN B <-> <RouterB: 192.168.32.1> 192.168.52.0/24,192.168.58.0/24...
Everything seems to work fine, but we do not understand something.
Indeed, the ARP table of VPN B (and not VPN A) fills IPs client machines with the router's MAC address.
Example:
192.168.58.10 ether 00:24:c3:6d:08:42 C eth1
192.168.52.1 ether 00:24:c3:6d:08:42 C eth1
192.168.52.58 ether 00:24:c3:6d:08:42 C eth1
192.168.52.50 ether 00:24:c3:6d:08:42 C eth1
192.168.52.54 ether 00:24:c3:6d:08:42 C eth1
192.168.52.46 ether 00:24:c3:6d:08:42 C eth1
"00:24:c3:6d:08:42" is the MAC address of the RouterB (192.168.32.1).
We don't use farp plugin and I don't understand why the ARP table contain this entries ?
Is it normal ?
See below for configuration.
Best regards,
Arnaud Gavara.
VPN A:
eth0: 10.10.0.5/24
eth1: 172.30.140.5/24
default GW: 172.30.140.1
VPN B:
eth0: 10.10.10.5/24
eth1: 192.168.32.5/24
default GW: 10.10.10.1
ipsec configuration on VPN A for this connection:
conn A-B
left=10.10.0.5
leftid=@vpnA
leftsubnet=0.0.0.0/0
right=10.10.10.5
rightid=@vpnB
rightsubnet=192.168.32.0/24,192.168.52.0/24,192.168.58.0/24
auto=start
ipsec configuration on VPN B for this connection:
conn local-net
leftsubnet=192.168.32.0/24
rightsubnet=192.168.32.0/24,192.168.52.0/24,192.168.58.0/24
authby=never
type=pass
auto=route
conn A-B
left=10.10.10.5
leftid=@vpnB
leftsubnet=192.168.32.0/24,192.168.52.0/24,192.168.58.0/24
right=10.10.0.5
rightid=@vpnA
rightsubnet=0.0.0.0/0
auto=start
More information about the Users
mailing list