[Users] openvpn in openvz

Rene C. openvz at dokbua.com
Sun Jun 22 08:05:04 PDT 2014

Ok I gave your suggestion a shot, using your link through Google
translate and http://www.maxwhale.com/how-to-install-l2tp-vpn-on-centos/
for comparison.

Everything seems to go well until the 'ipsec verify' part when it says:

[root at vps1418 /]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             [OK]
Linux Openswan U2.6.32/K(no kernel code presently loaded)
Checking for IPsec support in kernel                         [FAILED]
 SAref kernel support                                       [N/A]
Checking that pluto is running                               [OK]
 Pluto listening for IKE on udp 500                         [FAILED]
 Pluto listening for NAT-T on udp 4500                       [FAILED]
Checking for 'ip' command                                   [OK]
Checking /bin/sh is not /bin/dash                           [OK]
Checking for 'iptables' command                             [OK]
Opportunistic Encryption Support                             [DISABLED]

I think the biggest problem here is the "Checking for IPsec support in kernel"?

I use 2.6.32-042stab085.20 - I know it's not the latest kernel, but
supposedly ipsec support should be in kernels after stab084?

On Sat, Jun 21, 2014 at 7:28 PM, Pavel Odintsov
<pavel.odintsov at gmail.com> wrote:
> Hello!
> In modern version of OpenVZ you can use l2tp with ipsec support
> instead OpenVPN: http://habrahabr.ru/company/FastVPS/blog/205162/
> (sorry this manual in russian language but it's very simple). It's
> very useable because you do not need any special clients on Windows
> hosts. Maybe you can try this?
> On Sat, Jun 21, 2014 at 2:11 PM, Benjamin Henrion <zoobab at gmail.com> wrote:
>> On Sat, Jun 21, 2014 at 8:47 AM, Rene C. <openvz at dokbua.com> wrote:
>>> I got the openvpn part itself down, no problem, but getting it to work
>>> in a container is a lot of hassle. Many pages, but most are outdated
>>> and things keeps changing. Anyone know how to get it to work TODAY?
>>> The server is an otherwise normal server with public ip addresses and
>>> works with cpanel, no problem that far. The problem is getting an
>>> openvpn service to work in it.
>>> I've already added the tun device, and I can connect to the server
>>> with the openvpn client, just can't continue from there, so some
>>> routing is missing.
>>> I've followed the general routing instructions but because openvz
>>> doesn't support MASQ it doesn't work.
>>> - which modules to insmod on the hwnode
>> Just make sure "tun" is present in lsmod.
>>> - which modules to add into /etc/vz/vz.conf
>> The same. "tun" should be part of the list of modules in vz.conf, so
>> it gets loaded at vz start.
>>> - which modules to add into /etc/vz/<ct>.conf
>> And the for the CTID you want to run openvpn access in:
>> https://openvz.org/VPN_via_the_TUN/TAP_device#Granting_container_an_access_to_TUN.2FTAP
>> Can you provide openvpn-client debug messages?
>> --
>> Benjamin Henrion <bhenrion at ffii.org>
>> FFII Brussels - +32-484-566109 - +32-2-4148403
>> "In July 2005, after several failed attempts to legalise software
>> patents in Europe, the patent establishment changed its strategy.
>> Instead of explicitly seeking to sanction the patentability of
>> software, they are now seeking to create a central European patent
>> court, which would establish and enforce patentability rules in their
>> favor, without any possibility of correction by competing courts or
>> democratically elected legislators."
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
> --
> Sincerely yours, Pavel Odintsov
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users

More information about the Users mailing list