Community


All times are UTC - 5 hours




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Bridging issue (ACL, client 1.7.0)
PostPosted: Sat Oct 26, 2013 3:57 pm 
Offline

Joined: Sat Oct 26, 2013 3:54 pm
Posts: 1
Hello.
I am trying to set up bridging over neorouter vpn.
Client: NeoRouter Free [Version 1.7.0.3300],


ACL is not disabling after adding "NetworkBridge=1" to /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini .

As a result no L3 traffic can pass through VPN except traffic sourced from addresses leased by neorouter server.

Examples.
In all cases i use following config:
DHCP Subnet: 10.99.0.0
DHCP Netmask: 255.255.0.0

router 1: leased address 10.99.0.3/16
router 2: leased address 10.99.0.4/16

in bridging cases bridge look like:
bridge br0
interface eth0 promisc
interface nrtap promisc

Case 1: changing address on nrtap to another address from same subnet

root@router2:~# ip addr show nrtap | grep "inet "
inet 10.99.0.4/16 brd 10.99.255.255 scope global nrtap

PING 10.99.0.3 (10.99.0.3) 56(84) bytes of data.
64 bytes from 10.99.0.3: icmp_req=1 ttl=64 time=2.27 ms

--- 10.99.0.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.274/2.274/2.274/0.000 ms

Changing...

root@router2:~# ip addr del 10.99.0.4/16 dev nrtap
root@router2:~# ip addr add 10.99.0.254/16 dev nrtap
root@router2:~# ping 10.99.0.3
PING 10.99.0.3 (10.99.0.3) 56(84) bytes of data.
^C
--- 10.99.0.3 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms

no l3 traffic can pass.

but L2 can


root@router2:~# arping -I nrtap 10.99.0.3
ARPING 10.99.0.3 from 10.99.0.254 nrtap
Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 3.329ms
Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 2.613ms
Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 2.779ms


Case 2: doing same thing on desktops, connected to bridged ethernet interfaces.
if i deattach leased addresses from nrtap and attach em to separate machines - all's fine
if addresses are changed to other ones, that are not leased by dhcp L3 fail, L2 - OK.


Case 3: forwarding traffic from separate subnet over bridge.
Same result.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron