"sub-subnet extraction" is one name for a hack where a remote LAN uses a
subrange of the subnet of the local LAN, as shown in this figure:
10.0.0.0/24 "local" subnet
LAN: 10.0.0.29, ARP proxy for 10.0.0.128/30
X crossover Ethernet cable, IPSec VPN
10.0.0.128/30 "remote" extracted sub-subnet (/30)
| with 2 usable IP addresses
10.0.0.130 (some host)
This is attractive as in the local subnet no additional routes nor any
default gateways need to be configured for IP traffic flowing towards
the remote sub-subnet via the IPSec tunnel (comes in handy if you don't
have admin access to the network devices in the LAN).
I have this hack working with Astaro v5 boxes, and now try to replace
them by m0n0walls v1.2b2. However, I observe that the ARP proxy which I
activated on the m0n0local box apparently does not respond to ARP
requests for 10.0.0.129 nor 10.0.0.130 on the the 10.0.0.0/24 subnet.
Re-reading the description for the ARP proxy option in m0n0 leaves me
with the understanding that the ARP proxy might only listen on the WAN
interface, and not on the LAN interface.
Can anyone please confirm that ARP proxy is indeed listening only on
WAN, or is it supposed to work on LAN as well? Thanks.
Regards from Zurich/Switzerland,