[pptp-server] IP/MAC Theft

Charlie Brady charlieb at e-smith.com
Wed Apr 18 13:56:25 CDT 2001


On Wed, 18 Apr 2001, Trevor Benson wrote:

>    Proxyarp is required for the pptp to work from what I understand.

No, it's not. It is required, however, to allow the remote machine to
contact any other machines on your LAN, and vice version.

> But why would this cause my internal interface to 'steal' IP address's
> from other systems on my network?

Because that is exactly what proxyarp is.

> If I turn this off then it would disable my
> routing to my internal machines.

Correct.

> Sounds like this is a quirk more then a intended result.

It is in fact the intended result.

ARP is Address Resolution Protocol. A machine on the LAN has a packet for,
say, 192.168.1.5. It uses ARP to find a MAC address corresponding to that
IP address, so that it can unicast the packet direct to that MAC address.
It does an ethernet broadcast of an ARP query - "hey, someone tell me the
ethernet address of 192.168.1.5". Now suppose that 192.168.1.5 is the IP
address of your PPTP connected remote host. That remote host is not
sitting on the ethernet, and can't respond with "Hey, I'm 192.168.1.5 and
this is my ethernet address". Instead, the PPTP server acts as a proxy
(proxyarp, see), and says "I'm 192.168.1.5". Hence your confusion about IP
addresses and the MAC address of your server.

To think of it another way, your server temporarily acquires more than one
IP address.

-- 

  Charlie Brady                         charlieb at e-smith.com
  http://www.e-smith.org (development)  http://www.e-smith.com (corporate)
  Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
  e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada





More information about the pptp-server mailing list