On Tue, 2015-04-28 at 09:32 +0200, Horv?th Szabolcs wrote: > , > > I have an issue connecting to one of our partner with openconnect. > Symptoms are the following: > - we can build a VPN with Openconnect on Linux to our partner and it > is working fine (traffic is passing through as expected) > - we can build a VPN with Cisco Anyconnect on Windows to our partner > - we CANNOT build a VPN with Openconnect on Windows to our partner > (technically, VPN is built but traffic is not passing through, > details > below) > - we CAN build VPN with OpenConnect on Windows to other partners > > From all of these, I would say there is nothing wrong with the > partner > VPN (because connecting to it from windows/anyconnect and > linux/openconnect combination are working fine). > > After days of investigation I found out that there are no ARP replies > on the tun interface when connecting from openconnect/windows. I can't look hard at this for another few hours at least, and I have a 2-year-old trying to "help" me type this.... first thought is to look at the netmasks. The whole ARP thing is a fiction because Windows doesn't do tunnel devices properly; it makes us pretend to be Ethernet. So we have to *fake* ARP in the driver for Legacy IP (and ND for IPv6). We tell the driver the IP address of the faked "router" on the subnet, and it fakes ARP replies from that IP address. This falls over when the netmask is 255.255.255.255 though, or something like that... -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150428/ec7bb871/attachment.bin>