[Users] Give kernel modules access to VE
Alfred Sawaya
wildhuji.lists at gmail.com
Thu Jul 1 05:11:13 EDT 2010
Le 30/06/2010 16:35, Galia Lisovskaya a écrit :
> 2010/6/30 Alfred Sawaya<wildhuji.lists at gmail.com>:
>
>> Le 25/06/2010 20:29, Galia Lisovskaya a écrit :
>>
>>> To some devices(in devfs) you may take access, see examples:
>>>
>>> http://wiki.openvz.org/USB_Printing_in_VE
>>> http://wiki.openvz.org/Installing_Trixbox_2.0_in_CentOS_VE
>>> http://wiki.openvz.org/VPN_via_the_TUN/TAP_device
>>>
>>>
>>>
>> Well, I see on Wikipedia that OpenVZ doesn't support IPSec and L2TP into a
>> VE, and it was just what I wanted to do by inserting kernel module into a
>> VE...
>>
> Wy you want use VPN inside _container_ (not VirtualMachine)? You may
> use IPsec on hardware node...
> We use IPsec beetween HW nodes in VE0
>
>
Actually, we use Xen. We have an IPSec connection to our concentror on
Dom0 and a IPSec connection into a vm for clients access purpose. We
want separating clients access to our access (by isolating clients into
a vm).
But we virtualize debian into debian, so using OpenVZ seems to be a
great thing.
> But, we use OpenVPN server (it's user-mode part) inside container,
> and, please see this:
> http://wiki.openvz.org/Download/vzctl/3.0.24
>
>
>> Why there is such a limitation ? If a VE can access the kernel, why it can't
>> access a module ? (as the module IS inserting from de host !)
>>
> Becouse OpenVZ has virtualizated network stack inside containers. But,
> in OpenVPN container, you may add permishions "net_admin" to this
> container
>
Okey, so the matter with IPSec is that a VE can't use a netlink socket ?
I will use OpenVPN, but I wanted IPSec+L2TP because the client is a part
of Windows (for clients).
And most of all, I juste wanted to understand why it is not possible,
for my own culture :)
OpenVZ is a great product by the way. Congrat !
Thank you for your help !
>
>
>
>
--
--
Alfred Sawaya
More information about the Users
mailing list