OpenVZ Forum: Support » vpnc in a VE locks out local traffic ?

Home » General » Support » vpnc in a VE locks out local traffic ?

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: vpnc in a VE locks out local traffic ? [message #30372 is a reply to message #30096]

Thu, 22 May 2008 10:07

daryn
Messages: 2
Registered: May 2008

Junior Member

Hi, thanks for your answer.

Indeed that was the problem and adding a static route to the local network (192.168.2.0/24) prior to starting vpnc solves it :

[root@ovhost ~]# vzctl exec 101 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 venet0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0
[root@ovhost ~]# vzctl exec 101 route add -net 192.168.2.0 netmask 255.255.255.0 dev venet0
.0 dev venet0
[root@ovhost ~]# vzctl exec 101 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 venet0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 venet0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0
[root@ovhost ~]# vzctl exec 101 /usr/local/sbin/vpnc
VPNC started in background (pid: 32582)...
[root@ovhost ~]# vzctl exec 101 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
CCC.CCC.CCC.CCC 0.0.0.0         255.255.255.255 UH    0      0        0 venet0
DDD.DDD.DDD.DDD 0.0.0.0         255.255.255.255 UH    0      0        0 tun0
EEE.EEE.EEE.EEE 0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 venet0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 venet0
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 tun0
172.16.0.0      0.0.0.0         255.240.0.0     U     0      0        0 tun0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0
[root@ovhost ~]# ping -c 3 192.168.2.101
PING 192.168.2.101 (192.168.2.101) 56(84) bytes of data.
64 bytes from 192.168.2.101: icmp_seq=0 ttl=64 time=0.443 ms
64 bytes from 192.168.2.101: icmp_seq=1 ttl=64 time=0.282 ms
64 bytes from 192.168.2.101: icmp_seq=2 ttl=64 time=0.196 ms

--- 192.168.2.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.196/0.307/0.443/0.102 ms, pipe 2
[root@ovhost ~]# vzctl exec 101 ping -c 3 192.168.2.20
PING 192.168.2.20 (192.168.2.20) 56(84) bytes of data.
64 bytes from 192.168.2.20: icmp_seq=0 ttl=64 time=0.682 ms
64 bytes from 192.168.2.20: icmp_seq=1 ttl=64 time=0.695 ms
64 bytes from 192.168.2.20: icmp_seq=2 ttl=64 time=0.656 ms

--- 192.168.2.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.656/0.677/0.695/0.034 ms, pipe 2
[root@ovhost ~]# vzctl exec 101 ping -c 3 target.host.on.the.vpn
PING target.host.on.the.vpn (XXX.XXX.XXX.XXX) 56(84) bytes of data.
64 bytes from target.host.on.the.vpn (XXX.XXX.XXX.XXX): icmp_seq=0 ttl=62 time=23.5 ms
64 bytes from target.host.on.the.vpn (XXX.XXX.XXX.XXX): icmp_seq=1 ttl=62 time=31.4 ms
64 bytes from target.host.on.the.vpn (XXX.XXX.XXX.XXX): icmp_seq=2 ttl=62 time=32.0 ms

--- target.host.on.the.vpn ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 23.591/29.031/32.099/3.859 ms, pipe 2
[root@ovhost ~]# vzctl exec 101 /usr/local/sbin/vpnc-disconnect
Terminating vpnc daemon (pid: 32582)
[root@ovhost ~]# vzctl exec 101 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 venet0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 venet0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0
[root@ovhost ~]#

I am not sure it is the best solution but it does work. I made the route persistent across VE restarts as follows:

[root@ovhost ~]# vzctl enter 101
[root@ov101 /]# cat /etc/sysconfig/network-scripts/route-venet0
192.0.2.0/24 dev venet0 scope host
default via 192.0.2.1
[root@ov101 /]# echo 192.168.2.0/24 dev venet0 >> /etc/sysconfig/network-scripts/route-venet0
/route-venet0
[root@ov101 /]# cat /etc/sysconfig/network-scripts/route-venet0
192.0.2.0/24 dev venet0 scope host
default via 192.0.2.1
192.168.2.0/24 dev venet0
[root@ov101 /]# logout
exited from VE 101
[root@ovhost ~]# vzctl restart 101
Restarting VE
Stopping VE ...
VE was stopped
VE is unmounted
Starting VE ...
VE is mounted
Adding IP address(es): 192.168.2.101
Setting CPU units: 1000
Setting devices
Configure meminfo: 65536
Set hostname: ov101
File resolv.conf was modified
VE start in progress...
[root@ovhost ~]# vzctl exec 101 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 venet0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 venet0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0
[root@ovhost ~]#

Thank you!

Report message to a moderator

[Message index]

		vpnc in a VE locks out local traffic ? By: daryn on Fri, 09 May 2008 17:14
		Re: vpnc in a VE locks out local traffic ? By: maratrus on Fri, 16 May 2008 16:01
		Re: vpnc in a VE locks out local traffic ? By: daryn on Thu, 22 May 2008 10:07

Previous Topic:	/* solved */ kernel panic with megaraid_sas-v00.00.03.16-1 patch
Next Topic:	Mysql service do not start/stop/restart

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon Sep 16 14:02:47 GMT 2024

Total time taken to generate the page: 0.04622 seconds