Project

General

Profile

farp Plugin

The farp plugin fakes ARP responses for requests to e.g. a virtual IP address assigned to a peer.

To enable the plugin, add

--enable-farp
to the ./configure options.

It is available since 4.4.0.

Behavior

With the plugin enabled the IKEv2 daemon responds to ARP requests for IP addresses in the remote traffic selectors (e.g. virtual IP addresses that were handed out to clients, but could be complete subnets) with its own MAC address.

In combination with the dhcp plugin this plugin lets a road-warrior act as a client on the local LAN of the responder.

Limitations

The plugin currently only works on Linux (due to its use of AF/PF_PACKET sockets, see #3498). On other platforms (e.g. FreeBSD or macOS), ARP proxying for virtual IP addresses an be achieved via arp(8) utility and a vici or updown script.