Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: vpnc: devel

vpnc inside an OpenVZ Virtual ENvironment locks out local traffic to/from the VE

  

 
vpnc devel RSS feed   Index | Next | Previous | View Threaded


chris161 at club-internet

May 11, 2008, 10:49 AM

Post #1 of 1 (99 views)
Permalink
vpnc inside an OpenVZ Virtual ENvironment locks out local traffic to/from the VE
Hi all,

has anybody tried to use vpnc inside an OpenVZ virtual environment (VE)
? It seems to work as far as the VPN is concerned but I lose all local
traffic to the VE. I can't even ping the VE from the host. Running vpnc
on the host itself is perfectly OK. What am I missing ?.

below is a sample session on the host. No problem.

*[root[at]ovhost ~]# uname -a*
Linux ovhost 2.6.18-53.1.13.el5.028stab053.10 #1 SMP Tue Apr 1 14:58:47
MSD 2008 i686 i686 i386 GNU/Linux
*[root[at]ovhost ~]# route -n*
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.101 0.0.0.0 255.255.255.255 UH 0 0 0
venet0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
AAA.AAA.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
*[root[at]ovhost ~]# ping -c 2 192.168.2.101*
PING 192.168.2.101 (192.168.2.101) 56(84) bytes of data.
64 bytes from 192.168.2.101: icmp_seq=0 ttl=64 time=0.888 ms
64 bytes from 192.168.2.101: icmp_seq=1 ttl=64 time=0.814 ms

--- 192.168.2.101 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.814/0.851/0.888/0.037 ms, pipe 2
*[root[at]ovhost ~]# vpnc*
VPNC started in background (pid: 12427)...
*[root[at]ovhost ~]# route -n *
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
BBB.BBB.BBB.BBB 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
CCC.CCC.CCC.CCC 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
DDD.DDD.DDD.DDD 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.2.101 0.0.0.0 255.255.255.255 UH 0 0 0
venet0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
AAA.AAA.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0
172.16.0.0 0.0.0.0 255.240.0.0 U 0 0 0 tun0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
*[root[at]ovhost ~]# ping -c 3 target.host.on.the.vpn*
PING target.host.on.the.vpn (EEE.EEE.EEE.EEE) 56(84) bytes of data.
64 bytes from target.host.on.the.vpn (EEE.EEE.EEE.EEE): icmp_seq=0
ttl=59 time=37.6 ms
64 bytes from target.host.on.the.vpn (EEE.EEE.EEE.EEE): icmp_seq=1
ttl=59 time=55.8 ms
64 bytes from target.host.on.the.vpn (EEE.EEE.EEE.EEE): icmp_seq=2
ttl=59 time=37.4 ms

--- target.host.on.the.vpn ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 37.498/43.655/55.860/8.631 ms, pipe 2
*[root[at]ovhost ~]# vpnc-disconnect*
Terminating vpnc daemon (pid: 12427)
*[root[at]ovhost ~]# *

Now, let us run vpnc in the VE (192.168.2.101). Here I am sending
commands to the VE from the host through vzctl because an ssh session
would die once the VPN is up.

*[root[at]vgranit ~]# vzctl exec 101 uname -a*
Linux ov101 2.6.18-53.1.13.el5.028stab053.10 #1 SMP Tue Apr 1 14:58:47
MSD 2008 i686 i686 i386 GNU/Linux
*[root[at]ovhost ~]# vzctl exec 101 route -n*
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0
venet0
AAA.AAA.0.0 0.0.0.0 255.255.0.0 U 0 0 0
venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0
venet0
*[root[at]ovhost ~]# vzctl exec 101 /usr/local/sbin/vpnc*
VPNC started in background (pid: 13633)...
*[root[at]ovhost ~]# vzctl exec 101 route -n*
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
BBB.BBB.BBB.BBB 0.0.0.0 255.255.255.255 UH 0 0 0
venet0
CCC.CCC.CCC.CCC 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
DDD.DDD.DDD.DDD 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0
venet0
AAA.AAA.0.0 0.0.0.0 255.255.0.0 U 0 0 0
venet0
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0
172.16.0.0 0.0.0.0 255.240.0.0 U 0 0 0 tun0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
*[root[at]ovhost ~]# vzctl exec 101 ping -c 3 target.host.on.the.vpn*
PING target.host.on.the.vpn (EEE.EEE.EEE.EEE) 56(84) bytes of data.
64 bytes from target.host.on.the.vpn (EEE.EEE.EEE.EEE): icmp_seq=0
ttl=59 time=37.1 ms
64 bytes from target.host.on.the.vpn (EEE.EEE.EEE.EEE): icmp_seq=1
ttl=59 time=52.9 ms
64 bytes from target.host.on.the.vpn (EEE.EEE.EEE.EEE): icmp_seq=2
ttl=59 time=37.4 ms

--- target.host.on.the.vpn ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 37.119/42.518/52.945/7.377 ms, pipe 2
*[root[at]ovhost ~]# ping -c 3 192.168.2.101*
PING 192.168.2.101 (192.168.2.101) 56(84) bytes of data.

--- 192.168.2.101 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2003ms

*[root[at]ovhost ~]# vzctl exec 101 /usr/local/sbin/vpnc-disconnect*
Terminating vpnc daemon (pid: 13633)
*[root[at]ovhost ~]# *

note the failure of pinging the VE from the host.

I guess vpnc-script needs some magic to deal with this kind of virtual
environment but I cannot figure which one ...

The above setup is a clean default install of OpenVZ using a CENTOS
base. Only added the dev ttols and libs necessary to compile and run vpnc.

Thanks for your attention, and any help you might provide.

vpnc devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.