Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to install FARP plugin for Strongswan?

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      senseipf
      last edited by

      Hello,

      Scenario: Mobile VPN IKEv2 - EAP-MSCHAPv2
      Endpoints: Pfsense, Windows 8 Agile VPN client
      Description: When the VPN pool is a different subnet than the local network to be reached, a route needs to be added at VPN client OS for reaching the local network behind pfsense
      Workaround: A VPN pool that is in the same subnet with the local network can be used. However ARP traffic is cripled.

      • If proxy arp is enabled for the inside interface, ARP will function correctly only if local network initiates the connection. After that, MACs are learned and IPSEC traffic works bidirectionally

      • But if VPN client initiates the connection first (when proxy arp is enabled), ARP is still not being responded

      /usr/local/lib/ipsec/plugins does not include farp plugin.

      So how can I install FARP plugin?
      https://wiki.strongswan.org/projects/strongswan/wiki/Farpplugin

      Thanks

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        You don't. It doesn't exist for FreeBSD.

        https://lists.strongswan.org/pipermail/dev/2015-February/001237.html

        1 Reply Last reply Reply Quote 0
        • S
          senseipf
          last edited by

          thanks for the rapid response!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.