Hello guys, I need some advice with a cloudpipe setup. I have a basic Folsom installation (single server), using VlanManager. I am setting up a vpn for the subnet 10.0.4.0 (please see diagram below).
instance1 nova-controller cloudpipe openvpn host1 10.100.200.120<--->10.0.4.2<===> 10.0.4.254 <--->10.100.100.143 (piblic ip) || 10.100.100.142 || || || || instance2 10.0.4.3 Short story: from host1, can not ping instance2 (or cloudpipe). From clopudpie (or instance2) cannot ping host1. Desired behaviour: From instance2, want to ping host1. From host1, want to ping instance2. Long story: The vpn link is working just fine from point to point. However, packets are not being fully routed from one network to the other. To troubleshoot this, I am using tcpdump, so: On cloudpipe instance, I run: tcpdump -i any icmp Then, on host1 a ping'ed cloudpipe: ping 10.0.4.2 The tcpdump on cloudpipe is like this: ---- 21:27:56.958108 In 62:59:fd:d3:0d:f3 (oui Unknown) ethertype IPv4 (0x0800), length 100: 10.100.100.143 > efe762bef1364f8bab0d5c71434388e2-vpn.novalocal: ICMP echo request, id 28421, seq 10, length 64 21:27:56.969406 In 00:00:00:00:00:00 (oui Ethernet) ethertype IPv4 (0x0800), length 128: efe762bef1364f8bab0d5c71434388e2-vpn.novalocal > efe762bef1364f8bab0d5c71434388e2-vpn.novalocal: ICMP host 10.100.100.143 unreachable, length 92 --- Looks like each point in the vpn does not know the arp address for hosts in the other network. PS: I created routes between host1 and network 10.0.4.0: $ ip route list 10.0.4.0/24 via 10.100.100.142 dev eth0 10.0.0.0/24 via 10.100.100.142 dev eth0 10.100.100.0/24 dev eth0 proto kernel scope link src 10.100.100.143 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.100.100.1 dev eth0 OpenVPN client: $ ip route list 10.0.4.0/24 dev tap0 proto kernel scope link src 10.0.4.254 10.0.0.0/24 via 10.0.4.1 dev tap0 10.100.100.0/24 dev eth0 proto kernel scope link src 10.100.100.142 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.100.100.1 dev eth0 Cloudpipe instance: $ ip route list default via 10.0.4.1 dev br0 metric 100 10.0.4.0/24 dev br0 proto kernel scope link src 10.0.4.2 10.0.4.254 via 10.0.4.2 dev br0 10.100.100.0/24 via 10.0.4.2 dev br0 ?? The openvpn (cloudpipe) is setup for bridge. Should not the arp transit to the other side of the tunnel? ?? Any tips to get this working? I appreciate any help, thanks. Roni. -- http://cloud0.dyndns-web.com/blog/ _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp