| Routing problem [message #39542] |
Fri, 07 May 2010 21:08  |
caluml
Messages: 5
Registered: November 2009
|
Junior Member |
|
|
Hello all,
I have two VMs (100, and 101) using venet networking.
They can ping each other fine. There are no iptables rules on the host, or in either VM.
forwarding is enabled on all 3 as well.
One of the VMs (101) is running openvpn linking to a remote host. I can ping the remote host from the VM running openvpn.
I need to be able to communicate from the other VM (100 - 10.0.0.1) through VM 101 ( 10.1.1.101) to the remote host ( 10.0.80.14) .
I just can't make it do it.
I've tried it just leaving the default routing on the VMs
vm100 # ip route
192.0.2.1 dev venet0 scope link
default via 192.0.2.1 dev venet0
(with of course a route for the remote host on VM 101)
vm101 # ip route
192.0.2.1 dev venet0 scope link
10.0.80.12/30 dev tapremote proto kernel scope link src 10.0.80.13
default via 192.0.2.1 dev venet0
vm101 # ping 10.0.80.14
PING 10.0.80.14 (10.0.80.14) 56(84) bytes of data.
64 bytes from 10.0.80.14: icmp_seq=1 ttl=64 time=212 ms
^C
--- 10.0.80.14 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 212.179/212.179/212.179/0.000 ms
Running tcpdump -npi venet0 icmp on the host shows two entries per ping
22:00:41.844641 IP 10.1.1.1 > 10.0.80.14: ICMP echo request, id 40463, seq 6, length 64
22:00:41.844664 IP 192.168.2.100 > 10.1.1.1: ICMP redirect 10.0.80.14 to host 10.0.80.14, length 92
22:00:41.844670 IP 10.1.1.1 > 10.0.80.14: ICMP echo request, id 40463, seq 6, length 64
I've tried various things on the host - routing 10/8 via venet0, adding the address of 101 to the interface, and adding a route via that IP too.
I'm guessing from the redirect from the host that there's some proc entry that I haven't checked, although I've gone over what I can find on openvz.org.
Any ideas? Is this possible? Anyone else done it?
|
|
|
|
|
|
| Re: Routing problem [message #39611 is a reply to message #39542] |
Mon, 17 May 2010 02:50  |
lars.bailey
Messages: 38
Registered: April 2010
|
Member |
|
|
Have you tried using non-bridged VETH interface for a VE?
This would give you a "gateway" for each VE and all VE's would be able to reach each other.(routing is per interface on Node)
I haven't done much with running VPN's in a container,as its just as easy to do it on the Node,and work from there.
Create a couple of non-bridged test VE's,and see how it goes.
I hope it gives you something to go on.
P.s. I think somewhere back a ways in the forum,there was a thread similar to what you want do,but for the life of me,I can't remember
as it was a side note to another inquiry.
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
