On Wed, Aug 25, 2010 at 9:06 PM, Tim Nelson <[email protected]> wrote:
> ----- "Marc Aymerich" <[email protected]> wrote: > > > > > > > > On Wed, Aug 25, 2010 at 8:37 AM, Marc Olive <[email protected]>wrote: > > >> >> >> > Hello, >> > >> > I've setup an openvpn server inside an openvz container, it works fine, >> but I >> > had to make a veth interface instead a venet in order to reach hosts >> behind >> > the vpn server. >> > As this is not mentioned in the wiki[1] I had some troubles at first >> since I >> > realized it. It should be mentioned in the wiki. >> > >> > Regards, >> > >> > [1] http://wiki.openvz.org/VPN_via_the_TUN/TAP_device >> > >> > -- >> > > > > > > > > > Hi Marc, > I have too an openvn server running inside a container and I use venet > interface without any trouble. Why do you think that veth is necessary? > > --- > > > Yes, but are you routing traffic from the VPN connected clients through > your container to other hosts? Because of the way venet works, there are > some intermediary hops and internal routing that happens which makes this > setup somewhat difficult. I'm still trying to find the answer to this > myself. Switching to veth works fine, but unfortunately breaks another > component of the applications we use. It's complicated... long story. > > Hi Tim, I use OpenVPN in order to reach the datacenter(DC) private network from the office workstations. I have the OpenVPN server running inside a container in one of the DC servers. On the office side I have 2 vpn clients. The clients can reach any DC private ip destination. To avoid complicated routing tables on the VPN server I use NAT :). Maybe I don't have problems because I use NAT, but until this morning I solved any venet related problem using tcpdump and iproute sentences. I'm saying "until this morning" because just right now I have sent an email to the list asking for help for problems related to venet routing :) Is out there any 'low level' documentation to understand how venet internally works? I'd really appreciate to read something about that. -- Marc
_______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
