On Sun, Aug 25, 2013 at 9:06 PM, Joel Wirāmu Pauling <joel@xxxxxxxxxxxx> wrote: > What are your MTU settings? i've using 1488 (default of L2TPv3) in all interfaces. > All interfaces inside a bridge must have the the MTU of the smallest ; in > some versions of bridge-utils you can add mismatched interface mtu's and > everything breaks. i didn't find any option like that in brctl root@bahia:~# brctl Usage: brctl [commands] commands: addbr <bridge> add bridge delbr <bridge> delete bridge addif <bridge> <device> add interface to bridge delif <bridge> <device> delete interface from bridge hairpin <bridge> <port> {on|off} turn hairpin on/off setageing <bridge> <time> set ageing time setbridgeprio <bridge> <prio> set bridge priority setfd <bridge> <time> set bridge forward delay sethello <bridge> <time> set hello time setmaxage <bridge> <time> set max message age setpathcost <bridge> <port> <cost> set path cost setportprio <bridge> <port> <prio> set port priority show [ <bridge> ] show a list of bridges showmacs <bridge> show a list of mac addrs showstp <bridge> show bridge stp info stp <bridge> {on|off} turn stp on/off root@bahia:~# > Also are all your tap devices over proper ethernet segments? As soon as you > have a Wireless segment then it will break (due to the WLAN layer2 frames > overwriting mac's / remembering only the point to point mac's). everything is ethernet, this first phase using only ethernet->wan (l2tpv3) -> wan -> ethernet.... the problem is that my "Server A" does not forward arp/request to "Server B"... > > On 26 August 2013 11:54, Jorge Pereira <jpereiran@xxxxxxxxx> wrote: >> >> Hi Joel, >> >> thanks for your answer!! but i CAN'T understand why my bridge (SERVER >> A) don't forward the arp-request >> from LAN to my other side of L2TPv3 (SERVER B).... so, all i need it's >> that my 'bridge' forward (broadcast, anycast, unicast, arp, ...) >> everything to other side of L2TPv3 bridge... let me try to explain >> below... >> >> e.g: >> >> +------------------------------------------------+ >> | Bahia: lan network 10.251.0.0/16 | >> +------------------------------------------------+ >> | >> | +-----------------------------+ >> +--> | Bridge A | >> | LAN: bridge/promisc| >> | WAN: 200.199.10.1 | >> +---- +-----------------------------+ >> | >> | >> \ +--------------------------------------------------------+ >> +---| L2TPv3 / promisc / l2tpeth0 over WAN | >> / +--------------------------------------------------------+ >> | >> | +-----------------------------+ >> +--> | Bridge B | >> | LAN: bridge/promisc| >> | WAN: 200.199.10.2 | >> +-----+-----------------------------+ >> | >> +-------------------------------------------------+ >> | Recife: lan network 10.251.0.0/16 | >> +-------------------------------------------------+ >> >> e.g - 1: from side 'B', i can send icmp request to anyone in >> 10.251.0.0/16. but can't receive response because >> my bridge A ignore/discard all packets arp/unicast/... and does not >> forward to Bridge B. only broadcast! >> >> e.g - 2: (sysct/proxy_arp) don't solves my problem... if somebody have >> any suggestion, please! tell me! :) >> >> >> On Fri, Aug 23, 2013 at 2:22 AM, Joel Wirāmu Pauling <joel@xxxxxxxxxxxx> >> wrote: >> > You can't bridge 802.11 segments with normal ethernet segments. Wifi >> > AP's >> > that do this use magic; or hidden pesudo bridges to do the same. >> > >> > You will need to use something like relayd to form a psuedo bridge >> > between >> > your wired and wireless segments or use routing. >> > >> > >> > -Joel >> > >> > >> > On 23 August 2013 14:21, Jorge Pereira <jpereiran@xxxxxxxxx> wrote: >> >> >> >> hi everyone, >> >> >> >> so,first it seemed a trivial question to me, but since I could not >> >> find anybody being neither able to answer >> >> this question nor giving a short config example. after a few sleepless >> >> nights and exhausting all the reading >> >> and research. here I am sharing my problem with all of you, in the hope >> >> of >> >> some possible solution/sugestion. >> >> or is it that this is impossible?? >> >> >> >> below my scheme/layout. >> >> >> >> +---------------------------------------------------------+ >> >> | MAIN SERVER - 10.60.61.1 (DHCP SERVER) | >> >> +---------------------------------------------------------+ >> >> | >> >> +---------------------------+ >> >> | NETWORK vlan601 | >> >> | net 10.251.0.0/16 | >> >> | gw:10.251.0.1 | >> >> +---------------------------+ >> >> | >> >> +------------------------------------------------------------------+ >> >> | SERVER B (BRIDGE / unmanaged L2TPv3) - BAHIA | >> >> +------------------------------------------------------------------+ >> >> >> >> root@bahia:~# ip -d addr show eth0 # WAN >> >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> >> state >> >> UP qlen 1000 >> >> link/ether 00:50:56:a7:13:49 brd ff:ff:ff:ff:ff:ff >> >> inet 200.243.1.5/24 brd 200.243.1.255 scope global eth0 >> >> inet6 fe80::250:56ff:fea7:1349/64 scope link >> >> valid_lft forever preferred_lft forever >> >> root@bahia:~# ip -d addr show eth1 # LAN (VLAN/TRUNK) >> >> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> >> state >> >> UP qlen 1000 >> >> link/ether 00:50:56:a7:13:4a brd ff:ff:ff:ff:ff:ff >> >> inet6 fe80::250:56ff:fea7:134a/64 scope link >> >> valid_lft forever preferred_lft forever >> >> root@bahia:~# ip link add link eth1 name eth1.601 mtu 1500 type vlan >> >> id >> >> 601 >> >> root@bahia:~# ip link set dev eth1.601 up promisc on >> >> root@bahia:~# ip -d addr show eth1.601 >> >> 9: eth1.601@eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 >> >> qdisc >> >> noqueue state UP >> >> link/ether 00:50:56:a7:13:4a brd ff:ff:ff:ff:ff:ff >> >> inet6 fe80::250:56ff:fea7:134a/64 scope link >> >> valid_lft forever preferred_lft forever >> >> root@bahia:~# ip route show >> >> default via 200.243.1.254 dev eth0 >> >> 200.243.1.0/24 dev eth0 proto kernel scope link src 200.243.1.5 >> >> root@bahia:~# >> >> >> >> and.... we've the interface l2tpeth0 (L2TPv3) established with other >> >> node >> >> into the internet by eth0 (WAN), plugged >> >> with vlan601 (eth1.601) by bridge called "br-red" >> >> >> >> root@bahia:~# brctl show >> >> bridge name bridge id STP enabled interfaces >> >> root@bahia:~# brctl addbr br-red >> >> root@bahia:~# brctl addif br-red eth1.601 >> >> root@bahia:~# ip l2tp add tunnel tunnel_id 45 peer_tunnel_id 42 >> >> udp_sport >> >> 5001 udp_dport 5000 encap udp local 200.243.1.5 remote 200.199.10.12 >> >> root@bahia:~# ip l2tp add session tunnel_id 45 session_id 5196755 >> >> peer_session_id 128 >> >> root@bahia:~# ip link set l2tpeth0 up promisc on master br-red >> >> root@bahia:~# ip link set br-red up >> >> root@bahia:~# brctl show br-red >> >> bridge name bridge id STP enabled interfaces >> >> br-red 8000.005056a7134a no eth1.601 >> >> l2tpeth0 >> >> root@bahia:~# brctl showstp br-red >> >> br-red >> >> bridge id 8000.005056a7134a >> >> designated root 8000.005056a7134a >> >> root port 0 path cost 0 >> >> max age 20.00 bridge max age 20.00 >> >> hello time 2.00 bridge hello time 2.00 >> >> forward delay 15.00 bridge forward delay 15.00 >> >> ageing time 300.01 >> >> hello timer 1.06 tcn timer 0.00 >> >> topology change timer 0.00 gc timer 5.08 >> >> flags >> >> >> >> eth1.601 (1) >> >> port id 8001 state forwarding >> >> designated root 8000.005056a7134a path cost 4 >> >> designated bridge 8000.005056a7134a message age timer 0.00 >> >> designated port 8001 forward delay timer 0.00 >> >> designated cost 0 hold timer 0.06 >> >> flags >> >> >> >> l2tpeth0 (2) >> >> port id 8002 state forwarding >> >> designated root 8000.005056a7134a path cost 100 >> >> designated bridge 8000.005056a7134a message age timer 0.00 >> >> designated port 8002 forward delay timer 0.00 >> >> designated cost 0 hold timer 0.05 >> >> flags >> >> >> >> root@bahia:~# >> >> >> >> it's ok, my bridge "by-red" listen all traffic over my LAN (vlan 601) >> >> and >> >> my L2TPv3 over internet. (wan) >> >> >> >> root@bahia:~# tcpdump -nve -i br-red "host 10.251.0.1" >> >> tcpdump: WARNING: br-red: no IPv4 address assigned >> >> tcpdump: listening on br-red, link-type EN10MB (Ethernet), capture size >> >> 65535 bytes >> >> 20:58:17.860060 d4:ae:52:84:37:ae > ff:ff:ff:ff:ff:ff, ethertype ARP >> >> (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has >> >> 10.251.90.157 tell 10.251.0.1, length 46 >> >> 20:58:17.980065 d4:ae:52:84:37:ae > ff:ff:ff:ff:ff:ff, ethertype ARP >> >> (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has >> >> 10.251.153.31 tell 10.251.0.1, length 46 >> >> ^C >> >> 7 packets captured >> >> 7 packets received by filter >> >> 0 packets dropped by kernel >> >> root@bahia:~# >> >> >> >> >> >> >> >> +-----------------------------------------------------------------------------------------+ >> >> | SERVER B (BRIDGE/L2TPv3 + WIRELESS ACCESS POINT) - RECIFE | >> >> >> >> >> >> +-----------------------------------------------------------------------------------------+ >> >> >> >> root@recife:~# ip addr show eth1 # (WAN) >> >> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel >> >> state >> >> UP qlen 1000 >> >> link/ether a0:f3:c1:a3:c4:11 brd ff:ff:ff:ff:ff:ff >> >> inet 200.199.10.12/21 brd 200.199.10.255 scope global eth1 >> >> valid_lft forever preferred_lft forever >> >> inet6 fe80::a2f3:c1ff:fea3:c411/64 scope link >> >> valid_lft forever preferred_lft forever >> >> root@recife:~# ip route show >> >> default via 200.199.10.254 dev eth1 proto static >> >> 200.199.10.0/21 dev eth1 proto kernel scope link src 200.199.10.12 >> >> 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 >> >> root@recife:~# ip l2tp add tunnel tunnel_id 42 peer_tunnel_id 45 >> >> udp_sport >> >> 5000 udp_dport 5001 encap udp local 200.199.10.12 remote 200.243.1.5 >> >> root@recife:~# ip l2tp add session tunnel_id 42 session_id 128 >> >> peer_session_id 5196755 >> >> root@recife:~# ip link set dev l2tpeth0 up promisc on master br-red >> >> root@recife:~# brctl show >> >> bridge name bridge id STP enabled interfaces >> >> br-lan 7fff.a0f3c1a3c40f no eth0 >> >> root@recife:~# brctl addbr br-red >> >> root@recife:~# brctl addif br-red l2tpeth0 >> >> root@recife:~# brctl addif br-red wlan0 >> >> root@recife:~# ifconfig br-red up >> >> root@recife:~# ip link set br-red up >> >> root@recife:~# brctl show >> >> bridge name bridge id STP enabled >> >> interfaces >> >> br-lan 7fff.a0f3c1a3c40f no >> >> eth0 >> >> br-red 8000.1ae0f4a30221 no >> >> l2tpeth0 >> >> >> >> wlan0 >> >> root@recife:~# >> >> >> >> ....::: RESUME :::... >> >> >> >> 1) sorry for the long email.... >> >> 2) when i'm "recife hostspot"... I can join in wireless "Recife >> >> Wireless" >> >> from my device, but i can't receive ip from dhcp (10.60.61.1). >> >> 3) from "server A[bahia] (bridge with vlan601 network) and "server B >> >> [recife]", i can "see/listen" the broadcast request from my >> >> device mac "5c:95:ae:22:d6:6e" like below. >> >> >> >> root@bahia:~# tcpdump -nve -i br-red "ether host ether >> >> 5c:95:ae:22:d6:6e" >> >> 00:08:52.653667 5c:95:ae:22:d6:6e > ff:ff:ff:ff:ff:ff, ethertype IPv4 >> >> (0x0800), length 342: (tos 0x0, ttl 255, id 37839, offset 0, flags >> >> [none], >> >> proto UDP (17), length 328) >> >> 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from >> >> 5c:95:ae:22:d6:6e, length 300, xid 0xe6f1d0a5, Flags [none] >> >> Client-Ethernet-Address 5c:95:ae:22:d6:6e >> >> Vendor-rfc1048 Extensions >> >> Magic Cookie 0x63825363 >> >> DHCP-Message Option 53, length 1: Discover >> >> Parameter-Request Option 55, length 6: >> >> Subnet-Mask, Default-Gateway, Domain-Name-Server, >> >> Domain-Name >> >> Option 119, Option 252 >> >> MSZ Option 57, length 2: 1500 >> >> Client-ID Option 61, length 7: ether 5c:95:ae:22:d6:6e >> >> Lease-Time Option 51, length 4: 7776000 >> >> Hostname Option 12, length 14: "Straces-iPhone" >> >> ^C >> >> 1 packets captured >> >> 1 packets received by filter >> >> root@bahia:~# >> >> >> >> same thing result at "bridge a" (root@recife:~#) side... >> >> >> >> 4) the strangest thing of all and that, from bridge-b (recife). i can >> >> get >> >> ip from dhcp/broadcast request over L2TPv3... >> >> but without option "broadcast" i can't receive ip from dhcp >> >> (10.61.60.1) >> >> >> >> root@recife:~# udhcpc -B -i br-red >> >> udhcpc (v1.19.4) started >> >> Sending discover... >> >> Sending select for 10.251.157.22... >> >> Lease of 10.251.157.22 obtained, lease time 300 >> >> udhcpc: ifconfig br-red 10.251.157.22 netmask 255.255.0.0 broadcast + >> >> udhcpc: setting default routers: 10.251.0.1 >> >> root@recife:~# ip route add 200.243.1.5 via 200.199.10.254 dev eth1 >> >> root@recife:~# ip route show >> >> default via 10.251.0.1 dev br-red >> >> 10.251.0.0/16 dev br-red proto kernel scope link src 10.251.157.22 >> >> 200.199.10.0/21 dev eth1 proto kernel scope link src 200.199.10.12 >> >> 200.243.1.5 via 200.199.10.254 dev eth1 >> >> 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 >> >> root@recife:~# ping -c2 10.251.0.1 >> >> PING 10.251.0.1 (10.251.0.1): 56 data bytes >> >> >> >> --- 10.251.0.1 ping statistics --- >> >> 2 packets transmitted, 0 packets received, 100% packet loss >> >> root@recife:~# >> >> >> >> 5) output of tcpdump listen the bridge "br-red" request from >> >> bridge-a-natal http://pastebin.com/t8wn3zRK >> >> 6) output of tcpdump listen the bridge "br-red" request from >> >> bridge-b-recife http://pastebin.com/njTQfd5k >> >> 7) after several researches i found the kernel options to set like >> >> "arp_filter", "bridge-nf-*",... but i don't have >> >> idea which option should enable / disable. tried some combinations but >> >> without success.... >> >> 8) the DHCP-OFFER doesn't forward by "bridge-a"... problems with >> >> unicast? >> >> multicast? arp_proxy? .... >> >> 9) we need join in the network by wireless and access the server >> >> 10.251.0.1 over bridge/l2tpv3 (unmanaged) >> >> 10) in our case, can use only L2TPv3. (may not be OpenVPN, ...) >> >> 11) all is Linux, without any iptables rules. >> >> 12) who will win a beer?! =] >> >> >> >> Best regards, >> >> Jorge Pereira >> > >> > > >