ARP problem: Server answers with 2 MACs

[light73]

Hey there,

I tried setting up an OpenVPN 2.1 server in my Fritz!Box with Freetz-1.2.
It seems I have configured the routes, bridge or whatever wrong, maybe I misunderstood something.
The point is:
The connection to the server is established successfully, but I can't get any network traffic through the tunnel.
All I want is to send all network traffic of the client through the VPN.
A Wireshark capture shows that the server is answering to a "Who has 192.168.200.1?" gateway-ARP request with the lan MAC address.
On the other hand the server sends the ARP Request for the client "Who has 192.168.200.100?" with the tap0's MAC address, but also with IP 192.168.200.1.
So the client gets all over confused reporting the duplicate use of IP 192.168.200.1 with the servers MACs of lan and tap0:

6f:70:a6 - client VPN
6f:49 - server lan/eth0
39:da:af - server tap0



Here is the arp cache of the server:

Code: Select all

root@fritz:/var/mod/root# arp
? (192.168.200.100) at <incomplete>  on tap0
? (192.168.200.100) at xx:xx:xx:6F:70:A6 [ether]  on lan

xx:xx:xx:6F:70:A6 is the MAC of the client's VPN adapter, but it is saved on the lan interface, instead of tap0?

The routing table of the server seems ok:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.180.1   *               255.255.255.255 UH    2      0        0 dsl
192.168.180.2   *               255.255.255.255 UH    2      0        0 dsl
192.168.178.0   *               255.255.255.0   U     0      0        0 lan
192.168.200.0   *               255.255.255.0   U     0      0        0 tap0
169.254.0.0     *               255.255.0.0     U     0      0        0 lan
default         *               0.0.0.0         U     2      0        0 dsl

brctl show:

Code: Select all

bridge name     bridge id               STP enabled     interfaces
lan             8000.001c4a136f49       no              eth0
                                                        tap0
                                                        tiwlan0
                                                        usbrndis
                                                        wdsdw0
                                                        wdsdw1
                                                        wdsdw2
                                                        wdsdw3
                                                        wdsup0

Here is the server config:

Code: Select all

#  OpenVPN 2.1 Config, Sun Jul 14 16:23:21 CEST 2013
proto udp
dev tap0
#Helperline for rc.openvpn to add tap0 to lan bridge
ca /tmp/flash/openvpn/ca.crt
cert /tmp/flash/openvpn/box.crt
key /tmp/flash/openvpn/box.key
dh /tmp/flash/openvpn/dh.pem
tls-server
tls-auth /tmp/flash/openvpn/static.key 0
port 1194
ifconfig 192.168.200.1 255.255.255.0
push "route-gateway 192.168.200.1"
max-clients 10
mode server
ifconfig-pool 192.168.200.100 192.168.200.110
push "route 192.168.200.1"
route 192.168.200.0 255.255.255.0
push "dhcp-option DNS 192.168.200.1"
tun-mtu 1500
mssfix
verb 3
daemon
cipher AES-256-CBC
keepalive 10 120
status /var/log/openvpn.log
chroot /tmp/openvpn
user openvpn
group openvpn
persist-tun
persist-key
push "redirect-gateway def1"

ifconfig of server:

Code: Select all

eth0      Link encap:Ethernet  HWaddr xx:xx:xx:13:6F:49
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:313802 errors:0 dropped:0 overruns:0 frame:0
          TX packets:84166 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:30146480 (28.7 MiB)  TX bytes:73211812 (69.8 MiB)

lan       Link encap:Ethernet  HWaddr xx:xx:xx:13:6F:49
          inet addr:192.168.178.1  Bcast:192.168.178.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:887574 errors:0 dropped:0 overruns:0 frame:0
          TX packets:380977 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:200991017 (191.6 MiB)  TX bytes:162238977 (154.7 MiB)

lan:0     Link encap:Ethernet  HWaddr xx:xx:xx:13:6F:49
          inet addr:169.254.1.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1


tap0      Link encap:Ethernet  HWaddr xx:xx:xx:39:da:af
          inet addr:192.168.200.1  Bcast:192.168.200.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:38745 (37.8 KiB)  TX bytes:10569 (10.3 KiB)

client config:

Code: Select all

client
dev tap0
remote openvpnserver.ip.com 1194
;remote 192.168.178.1 1194
proto udp

;auth-user-pass

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
tls-auth "C:\\Program Files\\OpenVPN\\config\\static.key" 1
cert "C:\\Program Files\\OpenVPN\\config\\client01.crt"
key "C:\\Program Files\\OpenVPN\\config\\client01.key"


cipher AES-256-CBC
verb 3
resolv-retry infinite
ns-cert-type server
nobind
tun-mtu 1500
persist-key
persist-tun

client arp-cache sometimes:

Code: Select all

Interface: 192.168.200.100 --- 0x1b
  Internet Address      Physical Address      Type
  192.168.200.1         xx-xx-xx-39-da-af     dynamic
  192.168.200.255       ff-ff-ff-ff-ff-ff     static
  ...

client arp-cache mostly:

Code: Select all

Interface: 192.168.200.100 --- 0x1b
  Internet Address      Physical Address      Type
  192.168.200.1         xx-xx-xx-13-6f-49     dynamic
  192.168.200.255       ff-ff-ff-ff-ff-ff     static
  ...

client ipconfig /all:

Code: Select all

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : xx-xx-xx-6F-70-A6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a01d:a24d:f322:d64b%27(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.200.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, July 14, 2013 16:55:25
   Lease Expires . . . . . . . . . . : Monday, July 14, 2014 16:55:25
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.200.0
   DHCPv6 IAID . . . . . . . . . . . : 469827351
   DHCPv6 Client DUID. . . . . . . . : xxxxxxxxxxxxxxxxxxxxxx

   DNS Servers . . . . . . . . . . . : 192.168.200.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

client routing table:

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       xx.xx.16.1      xx.xx.17.22     25
          0.0.0.0        128.0.0.0    192.168.200.1  192.168.200.100     30
       xx.xx.16.0    255.255.240.0         On-link       xx.xx.17.22    281
      xx.xx.17.22  255.255.255.255         On-link       xx.xx.17.22    281
     xx.xx.31.255  255.255.255.255         On-link       xx.xx.17.22    281
      xx.xx.193.8  255.255.255.255       xx.xx.16.1      xx.xx.17.22     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0    192.168.200.1  192.168.200.100     30
    192.168.200.0    255.255.255.0         On-link   192.168.200.100    286
    192.168.200.1  255.255.255.255    192.168.200.1  192.168.200.100     30
  192.168.200.100  255.255.255.255         On-link   192.168.200.100    286
  192.168.200.255  255.255.255.255         On-link   192.168.200.100    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       xx.xx.17.22    281
        224.0.0.0        240.0.0.0         On-link   192.168.200.100    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       xx.xx.17.22    281
  255.255.255.255  255.255.255.255         On-link   192.168.200.100    286

client log session:

Code: Select all

Sun Jul 14 16:54:44 2013 OpenVPN 2.3.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jan  8 2013
Sun Jul 14 16:54:44 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jul 14 16:54:44 2013 Need hold release from management interface, waiting...
Sun Jul 14 16:54:45 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jul 14 16:54:45 2013 MANAGEMENT: CMD 'state on'
Sun Jul 14 16:54:45 2013 MANAGEMENT: CMD 'log all on'
Sun Jul 14 16:54:45 2013 MANAGEMENT: CMD 'hold off'
Sun Jul 14 16:54:45 2013 MANAGEMENT: CMD 'hold release'
Sun Jul 14 16:54:45 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jul 14 16:54:45 2013 Control Channel Authentication: using 'C:\Program Files\OpenVPN\config\static.key' as a OpenVPN static key file
Sun Jul 14 16:54:45 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 14 16:54:45 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 14 16:54:45 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jul 14 16:54:45 2013 MANAGEMENT: >STATE:1373813685,RESOLVE,,,
Sun Jul 14 16:54:45 2013 UDPv4 link local: [undef]
Sun Jul 14 16:54:45 2013 UDPv4 link remote: [AF_INET]xxx.xxx.193.8:1194
Sun Jul 14 16:54:45 2013 MANAGEMENT: >STATE:1373813685,WAIT,,,
Sun Jul 14 16:54:45 2013 MANAGEMENT: >STATE:1373813685,AUTH,,,
Sun Jul 14 16:54:45 2013 TLS: Initial packet from [AF_INET]xxx.xxx.193.8:1194, sid=39a9e0b2 415c4a0a
Sun Jul 14 16:55:08 2013 VERIFY OK: depth=1, C=DE, ST=BY, L=xx, O=none, OU=changeme, CN=ca, name=ca, emailAddress=none
Sun Jul 14 16:55:08 2013 VERIFY OK: nsCertType=SERVER
Sun Jul 14 16:55:08 2013 VERIFY OK: depth=0, C=DE, ST=BY, L=xx, O=none, OU=changeme, CN=fritzbox, name=fritzbox, emailAddress=none
Sun Jul 14 16:55:23 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jul 14 16:55:23 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 14 16:55:23 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jul 14 16:55:23 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 14 16:55:23 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Sun Jul 14 16:55:23 2013 [fritzbox] Peer Connection Initiated with [AF_INET]xxx.xxx.193.8:1194
Sun Jul 14 16:55:24 2013 MANAGEMENT: >STATE:1373813724,GET_CONFIG,,,
Sun Jul 14 16:55:25 2013 SENT CONTROL [fritzbox]: 'PUSH_REQUEST' (status=1)
Sun Jul 14 16:55:25 2013 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.200.1,route 192.168.200.1,dhcp-option DNS 192.168.200.1,redirect-gateway def1,ping 10,ping-restart 120,ifconfig 192.168.200.100 255.255.255.0'
Sun Jul 14 16:55:25 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jul 14 16:55:25 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jul 14 16:55:25 2013 OPTIONS IMPORT: route options modified
Sun Jul 14 16:55:25 2013 OPTIONS IMPORT: route-related options modified
Sun Jul 14 16:55:25 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jul 14 16:55:25 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jul 14 16:55:25 2013 MANAGEMENT: >STATE:1373813725,ASSIGN_IP,,192.168.200.100,
Sun Jul 14 16:55:25 2013 open_tun, tt->ipv6=0
Sun Jul 14 16:55:25 2013 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{176F70A6-B9C7-4B4E-B283-45228EE20D6B}.tap
Sun Jul 14 16:55:25 2013 TAP-Windows Driver Version 9.9 
Sun Jul 14 16:55:25 2013 Notified TAP-Windows driver to s
Sun Jul 14 16:55:25 2013 Successful ARP Flush on interface [27] {176F70A6-B9C7-4B4E-B283-45228EE20D6B}
Sun Jul 14 16:55:30 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Jul 14 16:55:30 2013 C:\Windows\system32\route.exe ADD xxx.xxx.193.8 MASK 255.255.255.255 xxx.xxx.16.1
Sun Jul 14 16:55:30 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Sun Jul 14 16:55:30 2013 Route addition via IPAPI succeeded [adaptive]
Sun Jul 14 16:55:30 2013 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.200.1
Sun Jul 14 16:55:30 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Jul 14 16:55:30 2013 Route addition via IPAPI succeeded [adaptive]
Sun Jul 14 16:55:30 2013 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.200.1
Sun Jul 14 16:55:30 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Jul 14 16:55:30 2013 Route addition via IPAPI succeeded [adaptive]
Sun Jul 14 16:55:30 2013 MANAGEMENT: >STATE:1373813730,ADD_ROUTES,,,
Sun Jul 14 16:55:30 2013 C:\Windows\system32\route.exe ADD 192.168.200.1 MASK 255.255.255.255 192.et a DHCó@¾UÏÂ
Sun Jul 14 16:55:25 2013 Successful ARP Flush on interface [27] {176F70A6-B9C7-4B4E-B283-45228EE20D6B}
Sun Jul 14 16:55:30 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Jul 14 16:55:30 2013 Route addition via IPAPI succeeded [adaptive]
Sun Jul 14 16:55:30 2013 Initialization Sequence Completed
Sun Jul 14 16:55:30 2013 MANAGEMENT: >STATE:1373813730,CONNECTED,SUCCESS,192.168.200.100,xxx.xxx.193.8

I'm pretty desperate as I have been working on this for weeks, but still it doesn't want to work.
All help and suggestions are welcome

Greetings,
light73

[brendan]

i would say your routing table is not ok. if "lan" is the name of your bridge and tap0 is supposed to be bridged to it, then you have a problem. only the "lan" bridged interface should have an IP and show as having a route associated with it. it seems that you have IPs on both lan and tap0, which should not be the case.

take the below, running on fedora. i have my default via br0, a vpn tunnel(172.x.x.x) via br0 and my locally connected subnet (192.168.50.0) via br0. i happen to have bonded interfaces and VLANs trunked over the bond. i add the bond0.50 interface to the bridge, like you would do with your eth0.

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.50.254  0.0.0.0         UG        0 0          0 br0
172.16.151.0    0.0.0.0         255.255.255.0   U         0 0          0 br0
192.168.50.0    0.0.0.0         255.255.255.0   U         0 0          0 br0

ifconfig

Code: Select all

bond0     Link encap:Ethernet  HWaddr 00:1C:C4:48:11:FD  
          UP BROADCAST RUNNING PROMISC MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:4628928 errors:0 dropped:60343 overruns:0 frame:0
          TX packets:5683469 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1026722947 (979.1 MiB)  TX bytes:2986848976 (2.7 GiB)

bond0.50  Link encap:Ethernet  HWaddr 00:1C:C4:48:11:FD  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:3971169 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5095449 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:880912944 (840.1 MiB)  TX bytes:2899264840 (2.7 GiB)

br0       Link encap:Ethernet  HWaddr 00:1C:C4:48:11:FD  
          inet addr:192.168.50.1  Bcast:192.168.50.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3971169 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5095441 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:880912944 (840.1 MiB)  TX bytes:2899264192 (2.7 GiB)

em1       Link encap:Ethernet  HWaddr D8:D3:85:B2:DA:93  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:18 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1128551 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1128551 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:470253226 (448.4 MiB)  TX bytes:470253226 (448.4 MiB)

p1p1      Link encap:Ethernet  HWaddr 00:1C:C4:48:11:FD  
          UP BROADCAST RUNNING PROMISC SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:529515 errors:0 dropped:2 overruns:0 frame:0
          TX packets:1082776 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:40313376 (38.4 MiB)  TX bytes:156609490 (149.3 MiB)
          Interrupt:17 Memory:fdee0000-fdf00000 

p1p3      Link encap:Ethernet  HWaddr 00:1C:C4:48:11:FD  
          UP BROADCAST RUNNING PROMISC SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:4099421 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4600701 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:986410163 (940.7 MiB)  TX bytes:2830241022 (2.6 GiB)
          Interrupt:19 Memory:fdfe0000-fe000000 

tap0      Link encap:Ethernet  HWaddr 96:F0:86:37:84:13  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2371 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:810094 (791.1 KiB)

brctl show

Code: Select all

bridge name	bridge id		STP enabled	interfaces
br0		8000.001cc44811fd	no		bond0.50
							tap0

[light73]

Thanks for the quick reply Brendan!

So you mean my routing table should look like:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.180.1   *               255.255.255.255 UH    2      0        0 dsl
192.168.180.2   *               255.255.255.255 UH    2      0        0 dsl
192.168.178.0   *               255.255.255.0   U     0      0        0 lan
192.168.200.0   *               255.255.255.0   U     0      0        0 lan
169.254.0.0     *               255.255.0.0     U     0      0        0 lan
default         *               0.0.0.0         U     2      0        0 dsl

192.168.200.0 should be routed to the bridge "lan" instead of tap0 and the tap0 adapter shouldnt get an IP?
But I have eth0 and tap0 added to the bridge "lan". I don't know how it works that it chooses tap0 instead of "lan" as routing interface.
Should I try to configure the OpenVPN with "dev lan" instead of tap0?
**Edit: using "dev lan" gave a zeroshell error

I can't start the OpenVPN service without specifying "Local IP Address", it gives an "ifconfig" error.
It is the "ifconfig 192.168.200.1 255.255.255.0" line in the server config.
It doesnt work without it.

[brendan]

192.168.200.0 should be routed to the bridge "lan" instead of tap0 and the tap0 adapter shouldnt get an IP?

yes, when bridged, the eth0 and tap0 interfaces are member interfaces to the lan bridge. think ports on a switch.

[brendan]

you are trying to use an IP on the lan (bridged) interface and an IP on the tap0 interface. you have to give up one of them, and use the other. also, whats with the virtual IP stacked on lan (the lan:0 interface). if that is not needed get rid of it.

[light73]

I got it working finally! But I'm not sure if its still correctly configured

I deleted the "lan:0" interface.

I also changed the IP configuration. I read that for bridging, or at least my purposes I should configure my VPN in the same subnet as the local LAN connected to Fritzbox.
I read another HOWTO and there wasn't a "ifconfig" command for the VPN interface, right as you said.
But freetz is automatically putting this command in the server config when restarting the service. Deleting that line manually has no effect.
If no IP for the VPN interface is specified it just puts the line "ifconfig". Of course that gives an error when starting the service...
So I have to put an IP for that, otherwise it's not working at all
I used the same IP as for the "real" lan interface: 192.168.178.1

brctl show:

Code: Select all

bridge name     bridge id               STP enabled     interfaces
lan             8000.001c4a136f49       no              eth0
                                                        tap0
                                                        tiwlan0
                                                        usbrndis
                                                        wdsdw0
                                                        wdsdw1
                                                        wdsdw2
                                                        wdsdw3
                                                        wdsup0

route:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.180.1   *               255.255.255.255 UH    2      0        0 dsl
192.168.180.2   *               255.255.255.255 UH    2      0        0 dsl
192.168.178.0   *               255.255.255.0   U     0      0        0 lan
192.168.178.0   *               255.255.255.0   U     0      0        0 tap0
default         *               0.0.0.0         U     2      0        0 dsl

ifconfig:

Code: Select all

eth0      Link encap:Ethernet  HWaddr 00:1C:4A:13:6F:49
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:373602 errors:0 dropped:0 overruns:0 frame:0
          TX packets:110008 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:36780199 (35.0 MiB)  TX bytes:90192956 (86.0 MiB)

lan       Link encap:Ethernet  HWaddr 00:1C:4A:13:6F:49
          inet addr:192.168.178.1  Bcast:192.168.178.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1586714 errors:0 dropped:0 overruns:0 frame:0
          TX packets:807999 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:457398382 (436.2 MiB)  TX bytes:310472006 (296.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:25161 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25161 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5284637 (5.0 MiB)  TX bytes:5284637 (5.0 MiB)

tap0      Link encap:Ethernet  HWaddr 96:EB:84:66:89:D0
          inet addr:192.168.178.1  Bcast:192.168.178.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:2407 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1757 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:337676 (329.7 KiB)  TX bytes:860458 (840.2 KiB)

All traffic is going through the VPN tunnel now. DNS is working too.
That the route for 192.168.178.0 appears twice with lan and tap0 interface is due to the fact that both interfaces have the same IP?
Wireshark capture shows now that the server is responding to all traffic with the "lan"s MAC now. The tap0's MAC is not appearing in the packets anymore.
Would you say that this looks fine now? I mean if I got it working that tap0 is not being assigned an IP anymore it should be good.
I bet for the freetz-VPN-interface-IP-must-have I need to ask in the freetz forum.