|
|
Re: OpenVPN inside VPS [message #965 is a reply to message #963] |
Mon, 23 January 2006 12:22 |
CaptainCrunch
Messages: 3 Registered: December 2005
|
Junior Member |
|
|
Wow, I wouldn't have thought that somebody would ever answer to that one. Thanks in advance!
First of all, I'd like to clarify what I'm trying to do:
There's one VPS dedicated purely for OpenVPN. OpenVPN then should be able to open a tap-device (as described within the docs) that's brigded to the VPS-internal venet-device for letting the VPN-clients directly use the "internal" network.
e.g.:
OpenVZ-Host: 192.168.1.4
OpenVPN-VPS: 192.168.1.8
OpenVPN opens up a TAP device within the VPS-host bridged to the venet-one.
VPN-Clients would get addresses from within 192.168.1.50-100, so no special routing etc. is needed for them.
I know this would be kinda easy with an own subnet for VPN-clients and correct routing, but I like to keep it simple, as I'm quite stupid.
Until now, I haven't thought about proxy-arp, but this sounds quite interesting. I'm pretty shure I'll bother you again regarding that one, but first of all, I'll give it a try. Thanks!
|
|
|
|
Re: OpenVPN inside VPS [message #991 is a reply to message #963] |
Tue, 24 January 2006 16:15 |
khorenko
Messages: 533 Registered: January 2006 Location: Moscow, Russia
|
Senior Member |
|
|
Christian, if i understood your last message correctly, the original gain is following:
You have a physical server with Virtuozzo installed on it.
You want VPSs running on that server be connected in a VPN, and have a possibility for remote node (possible from another physical subnet) to connect to the same VPN.
If my understaing of the problem is correct you can achive this without any bridging and using already released VZ kernel.
The idea is following:
1. To run OpenVPN as server in host system.
2. Make other VPSs to be able to access to tun/tap devices as Kirill described in previous post.
3. In each VPS run OpenVPN as client, connecting to the host system.
4. Run on the remote node (desired to be in the same VPN) OpenVPN as client, connecting to the host system.
And that's all!
Please, if i understood something wrong in the original gain - correct me!
And if you need any details, please, don't hesitate asking here!
|
|
|
Re: OpenVPN inside VPS [message #993 is a reply to message #991] |
Tue, 24 January 2006 18:51 |
CaptainCrunch
Messages: 3 Registered: December 2005
|
Junior Member |
|
|
First of all sorry that I'm answering your very helpful questions so late. I've been quite busy for the last few days...
Seemingly, there's one point that's unclear to you. I'll try to answer most of them:
Quote: | more questions Smile
1. vps-openvpn - is VPS where you want to run OpenVPN software.
|
Exactly
Quote: | 2. who are VPN clients? other VPSs? you want to assign 192.168.1.50-100 to them?
|
I'm thinking of a typical "roadwarrior"-setup here. Clients from all over the world coming from officially routed IP addresses get through to Port 1194 UDP on vps-openvpn. Their TAP-device sould get a "normal" IP from within the internal subnet (where also the host and VPSs are located (192.168.1.0/24)), so no routing etc. is required.
Quote: | I would note that by default we have CONFIG_BRIDGE=n in our kernel. So you probably would need to rebuilt the kernel if want to organize network bridge. I can build a test kernel for you if required.
|
That's an intersting point. As other "normal" distro kernels include bridgng-support nowadays, I have to admit I haven't checked that, so thanks for mentioning this. kernel (re) compiling is not a big problem, so when this is needed, I'll be a happy testperson for you.
Quote: | You have a physical server with Virtuozzo installed on it.
You want VPSs running on that server be connected in a VPN, and have a possibility for remote node (possible from another physical subnet) to connect to the same VPN.
|
I'm not trying to run VPSs on the host in a VPN, what I'm tring to do is to dedicate one VPS strictly as the OpenVPN server. Of course I simply could run OpenVPN within the host system, but as I'm trying to divide as many functions (nameserver, Fileserver, mailserver, ...) as possible into their own VPSs.
It's a pity that I couldn't describe the goals until now, but english is not my mother tongue so tomorrow I'll try to draw a picture to clarify things a little bit more. What would be the preferred format for something like that? Normally I'd use Dia.
By the way: thanks a lot for trying to help me regardung this topic.
[Updated on: Tue, 24 January 2006 19:02] Report message to a moderator
|
|
|
|
|