[Users] openvpn in openvz
Rene C.
openvz at dokbua.com
Sun Jun 22 08:05:04 PDT 2014
Ok I gave your suggestion a shot, using your link through Google
translate and http://www.maxwhale.com/how-to-install-l2tp-vpn-on-centos/
for comparison.
Everything seems to go well until the 'ipsec verify' part when it says:
[root at vps1418 /]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K(no kernel code presently loaded)
Checking for IPsec support in kernel [FAILED]
SAref kernel support [N/A]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [FAILED]
Pluto listening for NAT-T on udp 4500 [FAILED]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
I think the biggest problem here is the "Checking for IPsec support in kernel"?
I use 2.6.32-042stab085.20 - I know it's not the latest kernel, but
supposedly ipsec support should be in kernels after stab084?
On Sat, Jun 21, 2014 at 7:28 PM, Pavel Odintsov
<pavel.odintsov at gmail.com> wrote:
> Hello!
>
> In modern version of OpenVZ you can use l2tp with ipsec support
> instead OpenVPN: http://habrahabr.ru/company/FastVPS/blog/205162/
> (sorry this manual in russian language but it's very simple). It's
> very useable because you do not need any special clients on Windows
> hosts. Maybe you can try this?
>
>
>
> On Sat, Jun 21, 2014 at 2:11 PM, Benjamin Henrion <zoobab at gmail.com> wrote:
>> On Sat, Jun 21, 2014 at 8:47 AM, Rene C. <openvz at dokbua.com> wrote:
>>> I got the openvpn part itself down, no problem, but getting it to work
>>> in a container is a lot of hassle. Many pages, but most are outdated
>>> and things keeps changing. Anyone know how to get it to work TODAY?
>>>
>>> The server is an otherwise normal server with public ip addresses and
>>> works with cpanel, no problem that far. The problem is getting an
>>> openvpn service to work in it.
>>>
>>> I've already added the tun device, and I can connect to the server
>>> with the openvpn client, just can't continue from there, so some
>>> routing is missing.
>>>
>>> I've followed the general routing instructions but because openvz
>>> doesn't support MASQ it doesn't work.
>>>
>>> - which modules to insmod on the hwnode
>>
>> Just make sure "tun" is present in lsmod.
>>
>>> - which modules to add into /etc/vz/vz.conf
>>
>> The same. "tun" should be part of the list of modules in vz.conf, so
>> it gets loaded at vz start.
>>
>>> - which modules to add into /etc/vz/<ct>.conf
>>
>> And the for the CTID you want to run openvpn access in:
>>
>> https://openvz.org/VPN_via_the_TUN/TAP_device#Granting_container_an_access_to_TUN.2FTAP
>>
>> Can you provide openvpn-client debug messages?
>>
>> --
>> Benjamin Henrion <bhenrion at ffii.org>
>> FFII Brussels - +32-484-566109 - +32-2-4148403
>> "In July 2005, after several failed attempts to legalise software
>> patents in Europe, the patent establishment changed its strategy.
>> Instead of explicitly seeking to sanction the patentability of
>> software, they are now seeking to create a central European patent
>> court, which would establish and enforce patentability rules in their
>> favor, without any possibility of correction by competing courts or
>> democratically elected legislators."
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>
>
>
> --
> Sincerely yours, Pavel Odintsov
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
More information about the Users
mailing list