Date: 21 apr 2004

When configuring a VPN (PPTP based, poptop) on NetBSD 162 I discovered a
problem related to PPP (MPPE anabled) and proxyarp option.

Here is the description: I'm trying to setup the following scenario:
(the 10.1.1.0/24 are the fictitious external address)


     LAN                    VPN server             remote client
                           (dual-homed)
192.168.0.0/24  <->  192.168.0.80  10.1.1.1  <->   10.1.1.10

The PPTP server set the VPN client an address from 192.168.0.81-99.
Using the pppd option "proxyarp", when the VPN client connection is
established the pppd insert a published arp entry in arp cache (in this
example: server 192.168.0.81 <- ppp -> 192.168.0.82 client):

? (192.168.0.82) at 00:40:63:c9:cb:ec on vr0 permanent published (proxy only)

But the client cannot reach the LAN end vice-versa (ping timeout).
Without the proxyarp option the VPN work (ping is successfull, at least to
the VPN server).

According to me there is a problem into the routing table (related to the
proxyarp option):
# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Refs     Use    Mtu 
Interface
(....)
192.168.0.82       link#1             UHRLc       1       45      -  vr0
192.168.0.82       00:40:63:c9:cb:ec  UHLS2       0        0      -  vr0

according to me the last 2 entry do not permit the return IP packet to go
to the PPTP tunnel, don't they?

Any ideas? or I'm wrong ?

Roberto Trovo'