Hello,
I am facing a problem with ppp and multicast. My Fedora box is my internet gateway connected to my cable ISP running IP Forwarding and IPTables for nat/firewall. I have also setup a roadwarrior IPSec/L2TP VPN using Strongswan/xl2tpd/ppp. The issue is with the VPN and resulting PPP connection and trying to access a multicast media streaming server located in the local LAN.
The important thing to note is that the VPN clients and the LAN clients share the same network subnet, with the VPN clients assigned IP addresses from a dedicated pool within that subnet which is not assignable to the LAN clients via DHCP (ie. there is no overlap of IP space within the subnet).
Below is the network topology:
...VPN Clients<-------IPSec/L2TP----->gateway<-----p2p1----->LAN Clients
172.16.0.150-155/27-------------172.16.0.129/27----------172.16.0.135-149/27
With ppp option 'proxyarp' enabled, I am able to connect to clients behind p2p1 from the VPN when using unicast addresses, but when I send any multicast traffic (specifically 239.255.255.250:1900 UDP) the traffic does not propogate over the p2p1 interface. I can see it on the pppx interface however.
I checked IPTables and there are no rules related to multicast, but I have a LOG target before the DROP in the forward chain and there are no hits, so I dont believe the firewall is dropping the multicast packets. It just seems like ppp or kernel doesnt know how to send the multicast packets over the p2p1 interface, i.e. it does not consider them part of the same network segment.
I'm running Fedora 17 on kernel 3.8.3-103.fc17.i686.PAE with pppd 2.4.5. Any help or insight would be much appreciated.
Thanks
I am facing a problem with ppp and multicast. My Fedora box is my internet gateway connected to my cable ISP running IP Forwarding and IPTables for nat/firewall. I have also setup a roadwarrior IPSec/L2TP VPN using Strongswan/xl2tpd/ppp. The issue is with the VPN and resulting PPP connection and trying to access a multicast media streaming server located in the local LAN.
The important thing to note is that the VPN clients and the LAN clients share the same network subnet, with the VPN clients assigned IP addresses from a dedicated pool within that subnet which is not assignable to the LAN clients via DHCP (ie. there is no overlap of IP space within the subnet).
Below is the network topology:
...VPN Clients<-------IPSec/L2TP----->gateway<-----p2p1----->LAN Clients
172.16.0.150-155/27-------------172.16.0.129/27----------172.16.0.135-149/27
With ppp option 'proxyarp' enabled, I am able to connect to clients behind p2p1 from the VPN when using unicast addresses, but when I send any multicast traffic (specifically 239.255.255.250:1900 UDP) the traffic does not propogate over the p2p1 interface. I can see it on the pppx interface however.
I checked IPTables and there are no rules related to multicast, but I have a LOG target before the DROP in the forward chain and there are no hits, so I dont believe the firewall is dropping the multicast packets. It just seems like ppp or kernel doesnt know how to send the multicast packets over the p2p1 interface, i.e. it does not consider them part of the same network segment.
I'm running Fedora 17 on kernel 3.8.3-103.fc17.i686.PAE with pppd 2.4.5. Any help or insight would be much appreciated.
Thanks