OpenVZ Forum: Support » Routing problems with OpenVPN

Home » General » Support » Routing problems with OpenVPN

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Routing problems with OpenVPN [message #36567]

Wed, 01 July 2009 08:06

tale
Messages: 2
Registered: July 2009

Junior Member

LAN setup
Hello! I have a small home network (10.10.10.0/24) which looks like this:
10.10.10.1 - Router
10.10.10.3 - Server running OpenVZ
10.10.10.4 - VE (running inside 10.10.10.3) running OpenVPN

OpenVPN tunnel configuration
Client: 10.11.11.2 (Note: The client has a route to 10.10.10.0/24 via the openvpn tunnel)
Server (10.10.10.4): 10.11.11.1

Now, from the client I can SSH to 10.11.11.1 ofcourse. I can also ssh to 10.10.10.4 (since I have a route in the client telling it to send packets for 10.10.10.0/24 via the openvpn tunnel).

The Problem
The problem I face is that I can't SSH (from the client) directly to 10.10.10.3 (or any other computer on the 10.10.10.0/24 network for that matter). I thought that this must be becouse 10.10.10.3 doesn't know where to route packets destined for 10.11.11.2. So I added a route in 10.10.10.3 that routes all packets destined for 10.11.11.0/24 to 10.10.10.4. I have also enabled ip_forwarding both on 10.10.10.4 and 10.10.10.3. This however does not work and I can't for the life of me figure out why. Since I can ssh to 10.10.10.4 the route on the client is correct and since 10.10.10.4 has a default gw to 192.0.1.2 (which is if I understand correctly just a "alias" for 10.10.10.3) 10.10.10.4 should send all packets to the default gw (10.10.10.3). Now, 10.10.10.3 has a route (as I said above) that will route everything destined for 10.11.11.0/24 to 10.10.10.4. So, I'm at a loss. Is there anything I'm missing?
All iptables (both 10.10.10.4 and 10.10.10.3) are blank with default ACCEPT policy.

[Updated on: Wed, 01 July 2009 08:12]

Report message to a moderator

Re: Routing problems with OpenVPN [message #36597 is a reply to message #36567]

Fri, 03 July 2009 12:42

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Hi,

as far as I understand this situation you'd better use veth inside VE because venet driver drops all network packets that don't contain VEs ip address as a source or destination address i.e. suppose a network packets is coming to VE from the HN through venet0 interface then its destination address must be equal to the ip address that is on venet0 interface inside VE and if a network packet is coming from inside the VE its source address must be equal to that is on venet0 interface inside VE. This was done deliberately so please have a try a veth interface.

Report message to a moderator

Re: Routing problems with OpenVPN [message #36646 is a reply to message #36567]

Tue, 07 July 2009 20:10

tale
Messages: 2
Registered: July 2009

Junior Member

I wonder if and when Open Virtuozzo will be available for Windows platforms.

Report message to a moderator

Re: Routing problems with OpenVPN [message #36647 is a reply to message #36567]

Tue, 07 July 2009 22:01

tomp
Messages: 64
Registered: August 2007

Member

The project would then greatly widespread in research and commercials environments.

Thank youHi,

Are the OS Templates compatible with commercial VZ, or just OpenVZ?Will be fine if you make debian port.

Report message to a moderator

Previous Topic:	Add iptable module for a container/VPS
Next Topic:	[solved] Insufficient space

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Jul 20 21:24:27 GMT 2024

Total time taken to generate the page: 0.02332 seconds