can ping but not arping via OpenVPN

ip-address linux-networking mac-address arp nmap

I'm working on a remote machine using OpenVPN at a customer's network. The IP addresses there change dynamically and (until they get hostnames to work properly which is not in my hands at this point) I'm looking for a way to find "my" machine quickly. Atm I'm trying it with MAC-addresses but won't succeed. I can detect machines using nmap, ping each one of them but arping fails.

Example: ping:

ping 10.8.0.34
PING 10.8.0.34 (10.8.0.34) 56(84) bytes of data.
64 bytes from 10.8.0.34: icmp_seq=1 ttl=64 time=42.6 ms
64 bytes from 10.8.0.34: icmp_seq=2 ttl=64 time=42.1 ms
64 bytes from 10.8.0.34: icmp_seq=3 ttl=64 time=44.6 ms

arping:

arping 10.8.0.34
arping: Suitable device could not be determined. Please, use option -I.

arping (2):

arping -I tun0 10.8.0.34
arping: Device tun0 not available.

arping (3):

arping -I wlo1 -c 10 10.8.0.34
ARPING 10.8.0.34 from 192.168.178.26 wlo1
Sent 10 probes (10 broadcast(s))
Received 0 response(s)

I've tried all devices although I think tun0 should be correct for the VPN. Is there a way to achieve this?


Solution 1:

OpenVPN tun point to point links do not have MAC addresses and thus you can't use arping with them. Or anything else that uses ARP or requires MAC addresses.

Solution 2:

In general, OpenVPN can use two kind of virtual network intefaces:

  • tun device, which is virtual L3 interface. It doesn't have any MAC addresses, which are L2 stuff, so arping can't possibly work if OpenVPN is configured to use tun
  • tap device, which is virtual L2 interface. It does emulate Ethernet, has MAC addresses, can be bridged by software bridge, can be used with VLANs and so on. arping could work on this kind of VPN, but it still depends on how exactly the server and client is configured.

Note, Windows machines only have a virtual tap driver. AFAIK Windows network stack doesn't have required hooks to implement a true tun device usable with OpenVPN. If you have a tun-type network and use Windows, it still shows a tap inteface, but then it works in so called net30 mode, in which tun behaviour is emulated and arping wouldn't work.

A device name isn't necessary says it has a certain type, but usually nobody fiddles with that stuff tun* devices are tun and tap* devices are tap. It seems you have a tun mode, so all L2 stuff isn't available on it.

Related

Need advice for running React app on linux server
How can I use iptables to drop packages for an invalid ether-type?
Accessing different host's docker containers via portainer
Call function based on argparse
How to get latest values for each group with an Elasticsearch query?
Why there are two ways of declaring variables in Go, what's the difference and which to use?
Importing csv file into R - numeric values read as characters
Include jekyll / liquid template data in a YAML variable?
Can I set an environment variable for an application using a shortcut in Windows?
Preventing automatic sign-in when using Google+ Sign-In
commitAllowingStateLoss() in fragment activities
Rails: access controller instance variable in CoffeeScript or JavaScript asset file