OpenVZ Forum: Support » VPN Routing from CT

Home » General » Support » VPN Routing from CT

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

VPN Routing from CT [message #43213]

Tue, 09 August 2011 06:46

bigmyx
Messages: 2
Registered: May 2011

Junior Member

I am trying to make OpenVPN tunnel accessible for all OVZ CT's running on the host.
I have initialized the tunnel devise on the host server to remote VPN server.
Although I have PING response from the remote tunnel end-point on the host, I do not have it from inside the container.

Can anyone point me on the routing configuration that I need to perform in order to have the remote VPN server accessible from inside the OpenVPN containers ?

Here is my configuration:

iptables -t nat -L && iptables -t filter -L && iptables -t mangle -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

netstat -nr

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         172.16.172.1    255.255.255.255 UGH       0 0          0 tun0
95.211.87.106   0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.96.45    0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.96.46    0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.96.47    0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.87.104   0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.87.113   0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.96.48    0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.96.33    0.0.0.0         255.255.255.255 UH        0 0          0 veth104.0
95.211.96.34    0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.87.101   0.0.0.0         255.255.255.255 UH        0 0          0 venet0
95.211.87.64    0.0.0.0         255.255.255.192 U         0 0          0 eth0
172.16.172.0    0.0.0.0         255.255.255.0   U         0 0          0 tun0
10.11.0.0       172.16.172.1    255.255.0.0     UG        0 0          0 tun0
172.16.0.0      172.16.172.1    255.255.0.0     UG        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         95.211.87.126   0.0.0.0         UG        0 0          0 eth0

/etc/sysctl.conf

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.veth101.0.forwarding = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

172.16.0.0 is the target remote network that I want to get access to from CT's and its is currently unreachable.

Thanks !

[Updated on: Tue, 09 August 2011 06:53]

Report message to a moderator