Xen and OpenVPN

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Xen and OpenVPN

Kai Wembacher
Hi,

I have some problems with my OpenVPN server in a Xen DomU. OpenVPN  
works fantastic but theres a problem connecting other DomUs on this  
server.

I have the following iptable rule to forward the requests to the  
internet.

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE

This works fine. I can connect to other DomUs on the same server but  
they can't answer the request.

On the other DomUs I've deleted the route to the subnet all DomUs are  
in. So all traffic goes trough the internet gateway in the datacenter  
and then back to my server with Xen.

So I have the following two routing ways:
OpenVPN Client ---> tap0 OpenVPN Server (DomU 1) ---> xenbr0 (i  
think) ---> DomU 2
This doesn't work ... I can connect to DomU 2 but it seems that DomU  
2 can't answer this request. (I tried to connect to the SMTP-Server  
using telnet. The connection is logged but I don't get any answer  
from the SMTP-Server.)

OpenVPN Client ---> tap0 OpenVPN Server (DomU 1) ---> xenbr0 (i  
think) ---> DomU 2
DomU2 ---> xenbr0 ---> peth0 ---> Internet Gateway (Datacenter) --->  
peth0 ---> xenbr0 ---> DomU 1 ---> tap0 ---> OpenVPN Client
This works fine but it is not the best solution.

I hope you can help me.

Best regards,
Kai Wembacher

_______________________________________________
Xen-users mailing list
[hidden email]
http://lists.xensource.com/xen-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Xen and OpenVPN

Nicholas Lee
This is really something for the openvpn mailing list as Xen doesn't really affect it.

Personally I use the push "route 10.1.0.0 255.255.255.0" command, the make sure the other domUs have the appropriate routing:

        up route add -net 192.168.1.0/24 gw  10.1.0.1
        down route del -net 192.168.1.0/24 gw  10.1.0.1

in /etc/network/interfaces, were 10.1.0.1 is the openvpn server host.

NAT is not really needed in a private network situation.



Nicholas

_______________________________________________
Xen-users mailing list
[hidden email]
http://lists.xensource.com/xen-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Xen and OpenVPN

Kai Wembacher
> This is really something for the openvpn mailing list as Xen  
> doesn't really affect it.
I think it is not. It's a problem of Xen because masquerading doesn't  
work on the same Xen host.
>
> Personally I use the push "route 10.1.0.0 255.255.255.0" command,  
> the make sure the other domUs have the appropriate routing:
>
>         up route add -net 192.168.1.0/24 gw  10.1.0.1
>         down route del -net 192.168.1.0/24 gw  10.1.0.1
>
> in /etc/network/interfaces, were 10.1.0.1 is the openvpn server host.
My route is set by OpenVPN and everything works fine on the clients.  
If I try to connect an other DomU on this server the route goes  
trough the openvpn server.
> NAT is not really needed in a private network situation.
I only use NAT to provide internet access to the OpenVPN Clients. So  
the connection to other Xen DomUs use NAT too, because all the  
traffic which is not in 10.8.0.0/24 subnet (my OpenVPN Subnet) uses  
NAT. This is the easiest way for me but it doesn't work with Xen.

I'm going to test this configuration with routing instead of briding  
on Xen dom0.

Best regards,
Kai Wembacher

_______________________________________________
Xen-users mailing list
[hidden email]
http://lists.xensource.com/xen-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Xen and OpenVPN

Spiteri_20
In reply to this post by Kai Wembacher
This is very useful information on this hotshield vpn. Got to know about best vpn 2017 through internet and registered with expressvpn. Really glad to get such good services and recommended this to my friends as well.
Loading...