yeah well, the problem is really with one of the windows servers in a NLB multicast cluster. Two identically configured (to my knowledge) VPN servers have two different IP address pools for incoming connections and the problem is that one server once the connection is established responds to ARP requests for the client IP with correct true interface MAC and the other server responds with virtual cluster MAC. ARP proxy seems to be a working remedy for this issue but in reality it's not a solution. If I could find out why BSD overwrites static arp entries I can let this issue with VPN cook a little longer.
regards, S. ----- Original Message ---- From: Bryan Irvine <[EMAIL PROTECTED]> To: Stanislav Ovcharenko <[EMAIL PROTECTED]> Cc: misc@openbsd.org Sent: Thursday, September 6, 2007 1:09:16 AM Subject: Re: apr proxy problem On 9/5/07, Stanislav Ovcharenko <[EMAIL PROTECTED]> wrote: > I need to have ARP proxy running on my router/firewall loaded with OpenBSD > 4.0. > I'm seeing some behavior that is contradictory to what arp man page > says. > > arp -an | grep em1 says > (111.111.111.111) at 00:cc:00:cc:00:cc > on em1 > permanent static published > > and than ... > > cat > /var/log/messages | grep em1 > tells me that > Sep 5 14:11:11 XXXYYY /bsd: arp > info overwritten for > 111.111.111.111 by 00:aa:00:aa:00:aa on em1 > > which is > contrary to what arp > man page says about permanent attribute and what one would > expect. > > any info > why this is happening would be greatly appreciated, > thanks for looking. I had nothing but problems when trying to use arp proxy. I'd ditch it and try something else (if possible). What's the eventual goal? --Bryan _____________________________________________________________________________ _______ Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/
