OpenVZ Forum: Support » Using OpenVPN to access containers in OpenVZ host

Home » General » Support » Using OpenVPN to access containers in OpenVZ host

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Using OpenVPN to access containers in OpenVZ host [message #52141]

Sat, 15 August 2015 11:33

marl_scot
Messages: 1
Registered: August 2015
Location: Scotland

Junior Member

Hi,
I have the following setup :
Home PC (IP 192.168.8.200)
Local LAN (192.168.8.0/24)
OpenVPN TUN adapter(10.9.0.1) (openVPN server)

OpenVZ Host (public IP x.x.x.x)
OpenVPN TUN adapter (10.9.0.14) (openVPN guest)
Eth0 - Public IP (x.x.x.x) - Single IP
Eth0:1 - Private IP (192.168.12.1/24)

OpenVZ Guests
Venet0:0 - Private IP (192.168.12.0/24)

I also have another range used by guests 10.91.0.0/24, this is from a set of imported OpenVZ guests.

IPTables on OpenVZ host :
=========================
iptables -F
iptables -F -t nat

iptables -t nat -A POSTROUTING -s 10.91.0.0/24 -o eth0 -j SNAT --to x.x.x.x
iptables -t nat -A POSTROUTING -s 192.168.12.0/24 -o eth0 -j SNAT --to x.x.x.x
iptables -A FORWARD -s 10.91.0.0/24 -j ACCEPT
iptables -A FORWARD -s 192.168.12.0/24 -j ACCEPT
# allow connections from openvpn
iptables -A INPUT -s 10.9.0.0/24 -d 0/0 -j ACCEPT
# allow ssh from home public ip (if vpn is down)
iptables -A INPUT -s z.z.z.z -d 0/0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP
=========================

Guest to internet works fine, access to host from outside works fine.

What I am trying to do is make all request from my home PC to network 192.168.12.0/24 go to my guests over the VPN
But I have not been able to work out a working set of iptables entries to make this work Sad

If anyone can help would be great, I know this is more to do with OpenVPN, but i think I am getting lost with how OpenVZ integrates with the host networking Sad

If anyone knows a way to do this on a guest by guest basis using the standard 'vzfirewall' script, that would be even better Smile

Unfortunately I do not have access to more than 2 public IP addresses, 1 for the host, and one for a single guest that is publicly available.
All my other guests are used for development and testing of packages etc.

Any help would be great.

thanks

Report message to a moderator

Previous Topic:	No Network Connection using Precreated Templates: centos-7-x86_64-minimal, fedora-22-x86_64
Next Topic:	HELP: cannot boot newer CentOS 6/OpenVZ kernels than 2.6.32-042stab094.7

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri May 24 17:10:05 GMT 2024

Total time taken to generate the page: 0.00425 seconds