|
||||||||
Hello list, "sub-subnet extraction" is one name for a hack where a remote LAN uses a subrange of the subnet of the local LAN, as shown in this figure: 10.0.0.0/24 "local" subnet | LAN: 10.0.0.29, ARP proxy for 10.0.0.128/30 m0n0local WAN: 192.168.9.2 | X crossover Ethernet cable, IPSec VPN | WAN: 192.168.9.3 m0n0remote LAN: 10.0.0.129 | 10.0.0.128/30 "remote" extracted sub-subnet (/30) | with 2 usable IP addresses 10.0.0.130 (some host) This is attractive as in the local subnet no additional routes nor any default gateways need to be configured for IP traffic flowing towards the remote sub-subnet via the IPSec tunnel (comes in handy if you don't have admin access to the network devices in the LAN). I have this hack working with Astaro v5 boxes, and now try to replace them by m0n0walls v1.2b2. However, I observe that the ARP proxy which I activated on the m0n0local box apparently does not respond to ARP requests for 10.0.0.129 nor 10.0.0.130 on the the 10.0.0.0/24 subnet. Re-reading the description for the ARP proxy option in m0n0 leaves me with the understanding that the ARP proxy might only listen on the WAN interface, and not on the LAN interface. Can anyone please confirm that ARP proxy is indeed listening only on WAN, or is it supposed to work on LAN as well? Thanks. Regards from Zurich/Switzerland, Rolf |