I am trying to make OpenVPN tunnel accessible for all OVZ CT's running on the host.
I have initialized the tunnel devise on the host server to remote VPN server.
Although I have PING response from the remote tunnel end-point on the host, I do not have it from inside the container.
Can anyone point me on the routing configuration that I need to perform in order to have the remote VPN server accessible from inside the OpenVPN containers ?
Here is my configuration:
iptables -t nat -L && iptables -t filter -L && iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.172.1 255.255.255.255 UGH 0 0 0 tun0
95.211.87.106 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.96.45 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.96.46 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.96.47 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.87.104 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.87.113 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.96.48 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.96.33 0.0.0.0 255.255.255.255 UH 0 0 0 veth104.0
95.211.96.34 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.87.101 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
95.211.87.64 0.0.0.0 255.255.255.192 U 0 0 0 eth0
172.16.172.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.11.0.0 172.16.172.1 255.255.0.0 UG 0 0 0 tun0
172.16.0.0 172.16.172.1 255.255.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 95.211.87.126 0.0.0.0 UG 0 0 0 eth0
/etc/sysctl.conf
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.veth101.0.forwarding = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
172.16.0.0 is the target remote network that I want to get access to from CT's and its is currently unreachable.
Thanks !
[Updated on: Tue, 09 August 2011 06:53]
Report message to a moderator