Hello. I am trying to set up bridging over neorouter vpn. Client: NeoRouter Free [Version 1.7.0.3300],
ACL is not disabling after adding "NetworkBridge=1" to /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini .
As a result no L3 traffic can pass through VPN except traffic sourced from addresses leased by neorouter server.
Examples. In all cases i use following config: DHCP Subnet: 10.99.0.0 DHCP Netmask: 255.255.0.0
router 1: leased address 10.99.0.3/16 router 2: leased address 10.99.0.4/16
in bridging cases bridge look like: bridge br0 interface eth0 promisc interface nrtap promisc
Case 1: changing address on nrtap to another address from same subnet
root@router2:~# ip addr show nrtap | grep "inet " inet 10.99.0.4/16 brd 10.99.255.255 scope global nrtap
PING 10.99.0.3 (10.99.0.3) 56(84) bytes of data. 64 bytes from 10.99.0.3: icmp_req=1 ttl=64 time=2.27 ms
--- 10.99.0.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.274/2.274/2.274/0.000 ms
Changing...
root@router2:~# ip addr del 10.99.0.4/16 dev nrtap root@router2:~# ip addr add 10.99.0.254/16 dev nrtap root@router2:~# ping 10.99.0.3 PING 10.99.0.3 (10.99.0.3) 56(84) bytes of data. ^C --- 10.99.0.3 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1006ms
no l3 traffic can pass.
but L2 can
root@router2:~# arping -I nrtap 10.99.0.3 ARPING 10.99.0.3 from 10.99.0.254 nrtap Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 3.329ms Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 2.613ms Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 2.779ms
Case 2: doing same thing on desktops, connected to bridged ethernet interfaces. if i deattach leased addresses from nrtap and attach em to separate machines - all's fine if addresses are changed to other ones, that are not leased by dhcp L3 fail, L2 - OK.
Case 3: forwarding traffic from separate subnet over bridge. Same result.
|