| 
		
			| Using OpenVPN to access containers in OpenVZ host [message #52141] | Sat, 15 August 2015 11:33 |  
			| 
				
				
					|  marl_scot Messages: 1
 Registered: August 2015
 Location: Scotland
 | Junior Member |  |  |  
	| Hi, I have the following setup :
 Home PC (IP 192.168.8.200)
 Local LAN (192.168.8.0/24)
 OpenVPN TUN adapter(10.9.0.1) (openVPN server)
 
 OpenVZ Host (public IP x.x.x.x)
 OpenVPN TUN adapter (10.9.0.14) (openVPN guest)
 Eth0 - Public IP (x.x.x.x) - Single IP
 Eth0:1 - Private IP (192.168.12.1/24)
 
 OpenVZ Guests
 Venet0:0 - Private IP (192.168.12.0/24)
 
 I also have another range used by guests 10.91.0.0/24, this is from a set of imported OpenVZ guests.
 
 IPTables on OpenVZ host :
 =========================
 iptables -F
 iptables -F -t nat
 
 iptables -t nat -A POSTROUTING -s 10.91.0.0/24 -o eth0 -j SNAT --to x.x.x.x
 iptables -t nat -A POSTROUTING -s 192.168.12.0/24 -o eth0 -j SNAT --to x.x.x.x
 iptables -A FORWARD -s 10.91.0.0/24 -j ACCEPT
 iptables -A FORWARD -s 192.168.12.0/24 -j ACCEPT
 # allow connections from openvpn
 iptables -A INPUT -s 10.9.0.0/24 -d 0/0 -j ACCEPT
 # allow ssh from home public ip (if vpn is down)
 iptables -A INPUT -s z.z.z.z -d 0/0 -p tcp --dport 22 -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -j DROP
 =========================
 
 Guest to internet works fine, access to host from outside works fine.
 
 What I am trying to do is make all request from my home PC to network 192.168.12.0/24 go to my guests over the VPN
 But I have not been able to work out a working set of iptables entries to make this work
  
 If anyone can help would be great, I know this is  more to do with OpenVPN, but i think I am getting lost with how OpenVZ integrates with the host networking
  
 If anyone knows a way to do this on a guest by guest basis using the standard 'vzfirewall' script, that would be even better
  
 Unfortunately I do not have access to more than 2 public IP addresses, 1 for the host, and one for a single guest that is publicly available.
 All my other guests are used for development and testing of packages etc.
 
 
 Any help would be great.
 
 thanks
 |  
	|  |  |