0

I'm experiencing trouble connecting infrastructure using VPN. i don't have lots of rights with the VM i'm using so it's hard to give you précision, so this topic should be theoretical.

There is 3 interface :

  • br-xxxxxxxxxxxx : used by Docker as a NAT network beetween all container. This network should be exposed outside through a VPN
  • docker0 : not seem to be used
  • eth0 : the physical interface

Here is the ifconfig configuration :

br-dd5a54c6d409: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::42:2fff:fec9:ba04  prefixlen 64  scopeid 0x20<link>
        ether 02:42:2f:c9:ba:04  txqueuelen 0  (Ethernet)
        RX packets 5019  bytes 549801 (536.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5791  bytes 676602 (660.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
        ether 02:42:b4:34:2c:04  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.160.10  netmask 255.255.254.0  broadcast 192.168.161.255
        inet6 fe80::215:5dff:fe38:10b  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:38:01:0b  txqueuelen 1000  (Ethernet)
        RX packets 7819  bytes 1062488 (1.0 MiB)
        RX errors 0  dropped 4345  overruns 0  frame 0
        TX packets 770  bytes 48554 (47.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The problem is when i connect a device in the switch where eth0 is connected, and i'm giving an address in 192.168.0.0/24 (like 192.16.0.1), the device send an ARP request to prevent duplicate IP (normal behavior), but there is an ARP reply from the VM which tell me that the IP is currently used (check from the highlighted packet).

Wireshark capture

By the way, it's true because one of the containers use this IP address, but as my device is not paired with the VPN, the VM should not answer to ARP request, right ? Only device which are connected through VPN should receive ARP packet ?

I though that proxy arp had been enabled, so the behavior would have been normal, but it seems not

[support@TPE-HOST ~]$ cat /proc/sys/net/ipv4/conf/br-dd5a54c6d409/proxy_arp
0
[support@TPE-HOST ~]$ cat /proc/sys/net/ipv4/conf/eth0/proxy_arp
0

To prevent this, i suggested to add VLAN in the network, that would completely dissociate interface, but the client don't want this solution in his network.

So now i'm completely lost, did a mechanism exist that could cause this problem to occurs ?

Nicolas Frbezar
  • 141
  • 6
  • `br-xxxxxxxxxxxx` indicates that this is a bridged interface, which then logically be a switch. Add the output of `brctl show` to your question. Also, where does a VPN come into play? – Thomas Aug 19 '19 at 16:45
  • brctl command not found, and i'm unable to install packages. The solution is a LoRa network system, so the VPN is used to tunnel packet from gateway to container in the VM. It's a process of cerrtification between gateway and the Lora Network server – Nicolas Frbezar Aug 21 '19 at 07:28

0 Answers0