Project

General

Profile

farp Plugin » History » Version 2

Tobias Brunner, 28.07.2020 16:02
Section about platform limitations

1 2 Tobias Brunner
h1. farp Plugin
2 1 Tobias Brunner
3 2 Tobias Brunner
The _farp_ plugin fakes ARP responses for requests to e.g. a [[VirtualIP|virtual IP address]] assigned to a peer.
4 1 Tobias Brunner
5 1 Tobias Brunner
To enable the plugin, add
6 1 Tobias Brunner
<pre>--enable-farp</pre> to the [[InstallationDocumentation|./configure options]].
7 1 Tobias Brunner
8 2 Tobias Brunner
It is available since version:4.4.0.
9 1 Tobias Brunner
10 1 Tobias Brunner
h2. Behavior
11 1 Tobias Brunner
12 2 Tobias Brunner
With the plugin enabled the IKEv2 daemon responds to ARP requests for IP addresses in the remote traffic selectors (e.g. virtual IP addresses that were handed out to clients, but could be complete subnets) with its own MAC address.
13 1 Tobias Brunner
14 1 Tobias Brunner
In combination with the [[DHCPPlugin|dhcp plugin]] this plugin lets a road-warrior act as a client on the local LAN of the responder.
15 2 Tobias Brunner
16 2 Tobias Brunner
h2. Limitations
17 2 Tobias Brunner
18 2 Tobias Brunner
The plugin currently only works on Linux (due to its use of @AF/PF_PACKET@ sockets, see #3498). On other platforms (e.g. FreeBSD or macOS), ARP proxying for virtual IP addresses an be achieved via "@arp(8)@":https://www.freebsd.org/cgi/man.cgi?query=arp&sektion=8 utility and a [[vici]] or [[updown]] script.
19 2 Tobias Brunner
20 2 Tobias Brunner
{{collapse(Example updown script)
21 2 Tobias Brunner
<pre>
22 2 Tobias Brunner
case $PLUTO_VERB in
23 2 Tobias Brunner
        up-client)
24 2 Tobias Brunner
        arp -s ${PLUTO_PEER_SOURCEIP4_1} auto pub
25 2 Tobias Brunner
        ;;
26 2 Tobias Brunner
        down-client)
27 2 Tobias Brunner
        arp -d ${PLUTO_PEER_SOURCEIP4_1} pub
28 2 Tobias Brunner
        ;;
29 2 Tobias Brunner
esac
30 2 Tobias Brunner
</pre>
31 2 Tobias Brunner
}}