"kernel: arpresolve: can't allocate llinfo for <ip>" and no routing to opt1 if</ip>

atlasis

Hi,
I just made a fresh install of pfsense 2.01 and I tried to configure it following a well-known and well-tested for me configuration (working properly from the pfsense 1.2 era, or perhaps even earlier:

One WAN interface bridged with my DSL appliance
One LAN interface (ip: 10.45.170.1, gw: none,  subnet 10.45.170.0/25)
One OPT interface, point-to-point using a wireless link with the router of a friend of mine (my ip 10.45.170.129, other side's ip: 10.45.170.130, subnet 10.45.170.128/30, gw 10.45.170.1)

There is no problem between LAN and WAN
when I ping the other router (10.45.170.130) from my LAN (e.g. 10.45.170.5), I get an echo reply back.
when I ping the other's side subnet (!10.45.170.0/24), then:
  a. I do not get an echo reply back
  b. I get the following system errors: "kernel: arpresolve: can't allocate llinfo for 10.45.170.1"

To clarify a few more things:
a. the routing tables to the other net have been configured properly (I tried both with static routes and using OpenBGPD, a configuration that was working for me perfectly with pfsense 1.2.3 until I upgraded).
b. the other router does not use pfsense, but it is certainly configured properly (he hasn't changed anything the last couple of days when we were communicating perfectly until I installed the latest version).
c. the hosts that I ping to the other side, it does allow icmp messages
d. OpenBGPD seems to work perfectly (I get back advertised routes from the other router) - nevertheless, I also tried it with static routes.

I have read similar issues with the same message, but I haven't seen a solution (unless I have missed it).

Any ideas?

Thanks in advance.

Antonios

atlasis

To clarify it further, I re-installed pf 1.2.3 and it works like a charm!

Any possible causes for pf 2.0.1? I suppose this is a bug, isn't it?

heper

my ip 10.45.170.129, other side's ip: 10.45.170.130, subnet 10.45.170.128/30, [color][b]gw 10.45.170.1[/b][/color]

^assigning a gateway outside of the interfaces subnet might cause problems …

imho this is not a bug in 2.0.1 ...

take a look at the docs to see how pf 2.x works and either correctly route a subnet over the wireless link or try to bridge

kind regards and good luck

atlasis

thanks for your reply heper,

the gateway is outside of the subnet of the OPT interfaces, but this IP (10.45.170.1) is the router's primary (LAN) IP. Anyway, I had already tried this approach (I forgot to mention it), and I was also loosing the other-sides wireless interfaces (e.g. 10.45.170.130). Hence, it rather made the situation worse. By the way, why I do not have the same issue with the WAN interface (whose ip is also out of the scope of the LAN subnet)?

Bridging, imho, is not an acceptable working solution. I need a proper router, not several interfaces bridged together.

In the meantime, I am still working with 1.2.3.

Anyway, thanks again.

Antonios

heper

hi,

afaik you can't assign a gateway to any interface when the adress is not in the same subnet. that is what this error is about.

if you have need for a gateway on the 'other side' you should set it to be 10.45.170.129 .

then you could/should allow traffic from and to you lan subnet.

atlasis

So, to clarify / sum up your suggestion:

WAN IF remains bridged to the DSL appliance.
LAN IF IP: 10.45.170.1/25, GW: 10.45.170.129  (this is what you are suggesting? )
OPT1: IP:10.45.170.129/30, GW:?  (10,45,170,129 is my IF, 10.45.170.130 is the other's side IF - this leads to a 10.0.0.0/8 metropolitan net)

I want to route traffic to: a) WAN IF for normal Internet traffic:
                                  b) OPT1 IF for traffic directed to 10.0.0.0/8

I am afraid that with the above configuration will miss the Internet (default) routing.

By the way, please allow me to remind that the following configuration works perfectly with pfsense 1.2.3 and earlier (these were the buggy versions?):
WAN IF  bridged to the DSL appliance.
LAN IF IP: 10.45.170.1/25, GW: none
OPT1: IP:10.45.170.129/30, GW:10.45.170.1

And anyway, we use a router to route traffic between different subnets. These subnets do not overlap (otherwise, there is no need of a router). It is the router's responsibility to route traffic from the one IF to the others, as required. Am I missing something?

Thanks for your interest and your replies.

heper

no, what i'd suggest is the following:

WAN IF remains bridged to the DSL appliance.
LAN IF IP: 10.45.170.1/25, GW: none 
OPT1: IP:10.45.170.129/30, GW: none

On your pfsense you might want to add a static route if you wish to access the 10.0.0.0/8 subnet:
destination: 10.0.0.0/8
gateway: 10.45.170.130

on the other side you might want a route to your lan subnet like this:
destination: 10.45.170.1/25
gateway: 10.45.170.129

then you might have to allow traffic from and to using the firewall tabs (allow traffic from lan –> 10.0.0.0/8) and such

atlasis

OK, I got it. However, since I do not control the other side (and I do not want to involve with it, since it is working fine), the changes that you are suggesting, are:
A) remove the gateway from OPT1 IF
B) add the corresponding static route.

I'll give it a try and I'll let you know.

Thanks!