So i have these three network interfaces setup on a linux box:
eth0 is facing the external network (192.168.1.0/24)
tun0 is the vpn interface (10.8.8.0/24)
eth1 is
the local network interface (192.168.0.0/24)
The goal is to create a VPN Router, which routes only the packets from eth1 interface.
In order to do that I have a script that is run after the VPN connection has been established:
Allow rest of system to use default network connection
/sbin/ip route delete 0.0.0.0/1 via 10.8.8.1 dev tun0
/sbin/ip route delete
128.0.0.0/1 via 10.8.8.1 dev tun0Route all traffic from 192.168.0.0/24 through VPN
/sbin/ip route add default via 10.8.8.1 dev tun0 table 200
/sbin/ip rule add from
192.168.0.0/24 table 200VPN Forwarding (NAT)
/sbin/iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
/sbin/iptables -A FORWARD -i tun0 -o eth1 -m state
–state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o tun0 -j ACCEPT
The problem is that, when the VPN tunnel is established, the linux box does not reply to ARP requests on eth1 interface.
If i configure the ARP cache manually on a client PC, then the setup works fine.
Any ideas?
EDIT : ARP works only when router makes a request to client PC but not the other way around (in that case router receives ARP but does not reply)
EDIT 2 : Both eth0 and eth1 share the same MAC-Address
Best Answer
The solution was to replace
/sbin/ip rule add from 192.168.0.0/24 table 200with
ip rule add iif eth1 table 200We dont want only packets from 192.168.0.0/24 to use routing table 200 but every packet from interface eth1.