OpenVZ Forum: Support » routing issue with openvpn in containter

Home » General » Support » routing issue with openvpn in containter

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

routing issue with openvpn in containter [message #33143]

Wed, 24 September 2008 17:25

james
Messages: 2
Registered: September 2008
Location: Elliott, SC

Junior Member

Hi,

I have a strange routing issue with openvpn inside a container. I am a fairly new user of openvz. I have openvpn installed in a container. (I had to use a veth device to get routing to work at all.. venet didn't seem to work).

The HN has 2 interface eth0 (10.255.255.1/24 facing DMZ) and eth1 (10.38.0.1/26, internal lan). This box is also the default gw for my network. (10.38.0.0/26). The vpn network is 10.10.0.0/24. I am running openvpn in server mode here its ip is 10.10.0.1. I have 3 clients connecting with vpn ips of 10.10.0.9 and 10.10.0.13. Each client connects properly and can ping each other and other nodes on my lan (10.38.0.50, 10.38.0.3X) and other containers (10.38.0.2 and 10.38.0.3). The other containers utilized the venet device.

The HN can ping the vpn serve 10.10.0.1 but none of the other nodes (10.10.0.9 and 10.10.0.13). Other nodes on my lan can ping the HN and the vpn nodes. My quest is why can the HN not access VPN clients?

I do not have a bridge for veth103.0 and eth1 setup as I don't want one.

HN:
sysctl -p

net.ipv4.conf.default.forwarding = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.proxy_arp = 1
net.ipv4.conf.eth1.proxy_arp = 1
net.ipv4.conf.all.arp_filter = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

root@foghorn:~# ip ru
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
root@foghorn:~# ip r s t all
10.38.0.3 dev venet0 scope link
10.38.0.2 dev venet0 scope link
10.38.0.4 dev veth103.0 scope link
10.255.255.0/29 dev eth0 proto kernel scope link src 10.255.255.2
10.38.0.0/26 dev eth1 proto kernel scope link src 10.38.0.1
192.168.1.0/24 via 10.38.0.4 dev veth103.0
10.10.0.0/24 via 10.38.0.4 dev veth103.0
default via 10.255.255.1 dev eth0
local 10.255.255.2 dev eth0 table 255 proto kernel scope host src 10.255.255.2
broadcast 127.255.255.255 dev lo table 255 proto kernel scope link src 127.0.0.1
broadcast 10.255.255.0 dev eth0 table 255 proto kernel scope link src 10.255.255.2
broadcast 10.38.0.63 dev eth1 table 255 proto kernel scope link src 10.38.0.1
broadcast 10.255.255.7 dev eth0 table 255 proto kernel scope link src 10.255.255.2
local 10.38.0.1 dev eth1 table 255 proto kernel scope host src 10.38.0.1
broadcast 10.38.0.0 dev eth1 table 255 proto kernel scope link src 10.38.0.1
broadcast 127.0.0.0 dev lo table 255 proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo table 255 proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table 255 proto kernel scope host src 127.0.0.1
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev veth103.0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::213:d3ff:fe0e:7d8b via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::218:4dff:fef0:9a8f via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::218:51ff:fe74:1c30 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
ff00::/8 dev eth0 table 255 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth1 table 255 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev veth103.0 table 255 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
root@foghorn:~#

Report message to a moderator

[Message index]

		routing issue with openvpn in containter By: james on Wed, 24 September 2008 17:25
		Re: routing issue with openvpn in containter By: maratrus on Thu, 25 September 2008 06:55
		Re: routing issue with openvpn in containter By: james on Fri, 26 September 2008 14:17
		Re: routing issue with openvpn in containter By: maratrus on Fri, 26 September 2008 15:13

Previous Topic:	Fail to ping hostname
Next Topic:	OpenVZ, Bind and stalling TCP connections.

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Feb 14 15:23:30 GMT 2026

Total time taken to generate the page: 0.55478 seconds