OpenVZ Forum: Support » OpenVPN inside VE using TUN

Home » General » Support » OpenVPN inside VE using TUN - Can't see server's network

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: OpenVPN inside VE using TUN - Can't see server's network [message #30187 is a reply to message #30079]

Thu, 15 May 2008 01:27

bwoo
Messages: 11
Registered: June 2007

Junior Member

Here are the relevant details you're looking for. I couldn't get a meaningful tcpdump. But hopefully this helps.

Essentially, my VPN clients can ping 10.8.0.1, and 192.168.0.103 (which is the ip of the VPN server), but can't ping any other 192.168.0.x addresses. When I installed OpenVPN on the HN, everything works!

VE's ip route list table all
[root@vpn /]# ip route list table all
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
10.8.0.0/24 via 10.8.0.2 dev tun0
192.0.2.0/24 dev venet0 scope host
169.254.0.0/16 dev venet0 scope link
default via 192.0.2.1 dev venet0
broadcast 127.255.255.255 dev lo table 255 proto kernel scope link src 127.0.0.1
local 10.8.0.1 dev tun0 table 255 proto kernel scope host src 10.8.0.1
local 192.168.0.103 dev venet0 table 255 proto kernel scope host src 192.168.0.103
broadcast 192.168.0.103 dev venet0 table 255 proto kernel scope link src 192.168.0.103
broadcast 127.0.0.0 dev lo table 255 proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo table 255 proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev venet0 table 255 proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table 255 proto kernel scope host src 127.0.0.1
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255

HN's ip route list table all
[root@max ~]# ip route list table all
192.168.0.103 dev venet0 scope link
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.101
169.254.0.0/16 dev eth0 scope link
default via 192.168.0.1 dev eth0
broadcast 192.168.0.255 dev eth0 table 255 proto kernel scope link src 192.168.0.101
broadcast 127.255.255.255 dev lo table 255 proto kernel scope link src 127.0.0.1
broadcast 192.168.0.0 dev eth0 table 255 proto kernel scope link src 192.168.0.101
broadcast 127.0.0.0 dev lo table 255 proto kernel scope link src 127.0.0.1
local 192.168.0.101 dev eth0 table 255 proto kernel scope host src 192.168.0.101
local 127.0.0.1 dev lo table 255 proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table 255 proto kernel scope host src 127.0.0.1
unreachable ::/96 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 expires 20463544sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 20463539sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::207:e9ff:fe24:9808 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
ff00::/8 dev eth0 table 255 metric 256 expires 20463539sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255

VE's netfilter config
[root@vpn /]# iptables -t nat -L && iptables -t filter -L && iptables -t mangle -L
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

HN's netfilter config
[root@max ~]# iptables -t nat -L && iptables -t filter -L && iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Report message to a moderator

[Message index]

		OpenVPN inside VE using TUN - Can't see server's network By: bwoo on Wed, 07 May 2008 04:31
		Re: OpenVPN inside VE using TUN - Can't see server's network By: vaverin on Thu, 08 May 2008 16:12
		Re: OpenVPN inside VE using TUN - Can't see server's network By: bwoo on Thu, 15 May 2008 01:27
		Re: OpenVPN inside VE using TUN - Can't see server's network By: maratrus on Fri, 16 May 2008 11:55

Previous Topic:	Unable to stop/enter vps
Next Topic:	howto route from HN to VE subnetwork

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Jul 31 20:11:53 GMT 2025

Total time taken to generate the page: 0.48612 seconds