I have a few servers with static IP on my network that I manually added to ARP list, and I use reply-only for ARP on my bridge interface.
There is also a DHCP server that adds ARP entries for DHCP clients.
The point of this is to disable people from using their own static ip addresses and force them to use DHCP.
My problem is that I also need VPN access to this network (I use L2TP), but VPN clients cant access the local servers once they connect.
When I set proxy-arp on the bridge interface they can connect as expected. But with proxy-arp mode people on LAN can again use static IP addresses.
How can I make my servers visible to VPN clients, while keeping the reply-only ARP mode on my bridge?