| Re: OpenVZ + OpenVPN + iptables [message #7281 is a reply to message #7231] |
Tue, 10 October 2006 07:25  |
dev
Messages: 1693
Registered: September 2005
Location: Moscow
|
Senior Member |
|
|
1. why have you installed vzctl inside VE?
this makes apg-get install to fail 
2. I installed strace inside the VE.
3. I straced openvpn process 13724. You can find output in out and
out.2 files.
out.2 file demonstrates that this process reads ping ICMP packets from /dev/net/tun:
read(6, "E\0\0T\0\0@\0@\1\233U\300\250\17\1\300\250\17\2\10\0Se"..., 1500) = 84
/dev/net/tun has fd=6:
debian-tun-1:~# ls /proc/13724/fd -la
lrwx------ 1 root root 64 Oct 10 07:12 6 -> /dev/net/tun
i.e. tun/tap works fine.
4. however this process doesn't send the packet anywhere...
it looks like it tries to negotiate with the other end:
send(4, "<29>Oct 10 07:15:46 ovpn-server["..., 70, MSG_NOSIGNAL) = 70
send(4, "<29>Oct 10 07:15:46 ovpn-server["..., 79, MSG_NOSIGNAL) = 79
send(4, "<29>Oct 10 07:15:46 ovpn-server["..., 74, MSG_NOSIGNAL) = 74
send(4, "<29>Oct 10 07:15:46 ovpn-server["..., 81, MSG_NOSIGNAL) = 81
send(4, "<29>Oct 10 07:15:46 ovpn-server["..., 81, MSG_NOSIGNAL) = 81
send(4, "<29>Oct 10 07:15:46 ovpn-server["..., 67, MSG_NOSIGNAL) = 67
but gets no reply :/
fd 4:
lrwx------ 1 root root 64 Oct 10 07:12 4 -> socket:[745036]
debian-tun-1:~# netstat -nap
unix 2 [ ] DGRAM 745036 13724/openvpn
5. So I guess your configuration of openvpn is wrong
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
