Am 04.03.14 11:37, schrieb Vladimir V. Kamarzin: > From: "Vladimir V. Kamarzin" <v...@vvk.pp.ru> > > When working in TAP mode, openvpn at server side maintains mapping table > "MAC" -> "client". It needs to know what MAC belongs to what client to > be able to forward traffic. > > Before this change extraction of MAC addresses was performed only from > ethernet headers of packets, coming from the client. This patch > introduces extraction from ARP packets. > > Why extraction only from ethernet header may be not enought? Obviously > in such cases, when MAC in ethernet header differs from ARP message > "Sender Hardware Address" field. For example, one device (A) performs > handling of ARP traffic for other device (B) on the client side (C) > connected to server (S) via TAP (server bridge mode). Unless (B) send > some traffic to server-side network, it will be inaccessible because ARP > handling performed by (A) and not (B) itself. > > OpenVPN basically just emulates a learning switch. Learning switches also don't need these special logic. If your setup does not work with OpenVPN then either
a) it won't work with a learning switch either or b) OpenVPN learning switch implementation has a bug I would like to have either a) confirmed or b) fixed than to included a band aid. Arne
signature.asc
Description: OpenPGP digital signature
