can ping but not arping via OpenVPN
I'm working on a remote machine using OpenVPN at a customer's network. The IP addresses there change dynamically and (until they get hostnames to work properly which is not in my hands at this point) I'm looking for a way to find "my" machine quickly. Atm I'm trying it with MAC-addresses but won't succeed. I can detect machines using nmap, ping each one of them but arping fails.
Example: ping:
ping 10.8.0.34
PING 10.8.0.34 (10.8.0.34) 56(84) bytes of data.
64 bytes from 10.8.0.34: icmp_seq=1 ttl=64 time=42.6 ms
64 bytes from 10.8.0.34: icmp_seq=2 ttl=64 time=42.1 ms
64 bytes from 10.8.0.34: icmp_seq=3 ttl=64 time=44.6 ms
arping:
arping 10.8.0.34
arping: Suitable device could not be determined. Please, use option -I.
arping (2):
arping -I tun0 10.8.0.34
arping: Device tun0 not available.
arping (3):
arping -I wlo1 -c 10 10.8.0.34
ARPING 10.8.0.34 from 192.168.178.26 wlo1
Sent 10 probes (10 broadcast(s))
Received 0 response(s)
I've tried all devices although I think tun0 should be correct for the VPN. Is there a way to achieve this?
Solution 1:
OpenVPN tun point to point links do not have MAC addresses and thus you can't use arping
with them. Or anything else that uses ARP or requires MAC addresses.
Solution 2:
In general, OpenVPN can use two kind of virtual network intefaces:
-
tun
device, which is virtual L3 interface. It doesn't have any MAC addresses, which are L2 stuff, soarping
can't possibly work if OpenVPN is configured to use tun -
tap
device, which is virtual L2 interface. It does emulate Ethernet, has MAC addresses, can be bridged by software bridge, can be used with VLANs and so on.arping
could work on this kind of VPN, but it still depends on how exactly the server and client is configured.
Note, Windows machines only have a virtual tap
driver. AFAIK Windows network stack doesn't have required hooks to implement a true tun
device usable with OpenVPN. If you have a tun
-type network and use Windows, it still shows a tap
inteface, but then it works in so called net30
mode, in which tun
behaviour is emulated and arping
wouldn't work.
A device name isn't necessary says it has a certain type, but usually nobody fiddles with that stuff tun*
devices are tun
and tap*
devices are tap
. It seems you have a tun
mode, so all L2 stuff isn't available on it.