[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proxy arp and ipsec

I have an OpenBSD VPN set up between two 192.168.x.y networks (sweet!)
with a /16 netmask and I need the gateways to proxy arp for the remote
subnets.  Before you tell me this is all screwed up, some of the
machines in question run proprietary (not mine) networking code that
requires them to be on a local net with each other (they won't route). 
The other machines run fine with appropriate routes and a /24 netmask. 
I can hand tool the arp entries on the clients and everything works -
but there are a lot of changing clients and I would rather update a
couple of servers than a bunch of clients.  When I "arp -s 192.168.x.y
xx:xx:xx:xx:xx:xx pub" on the servers, I get a "cannot intuit interface"
error out of arp. netstat shows the encapsulated routes, and other types
of machines can communicate between the subnets. Any ideas? Has anyone
used choparp on OpenBSD? Can I fake this with a bridge over the vpn? If
so how? Can this be done in ipf?