[Users] openvpn in openvz

Pavel Odintsov pavel.odintsov at gmail.com
Sun Jun 22 10:52:38 PDT 2014 

Hello!

IPsec should work from 84.8 kernel according to
https://openvz.org/IPsec but I found explicit reference about IPsec
only in 84.10: http://openvz.org/Download/kernel/rhel6-testing/042stab084.10

Did you restart CT after loading kernel modules for l2tp?

On Sun, Jun 22, 2014 at 7:05 PM, Rene C. <openvz at dokbua.com> wrote:
> Ok I gave your suggestion a shot, using your link through Google
> translate and http://www.maxwhale.com/how-to-install-l2tp-vpn-on-centos/
> for comparison.
>
> Everything seems to go well until the 'ipsec verify' part when it says:
>
> [root at vps1418 /]# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                             [OK]
> Linux Openswan U2.6.32/K(no kernel code presently loaded)
> Checking for IPsec support in kernel                         [FAILED]
>  SAref kernel support                                       [N/A]
> Checking that pluto is running                               [OK]
>  Pluto listening for IKE on udp 500                         [FAILED]
>  Pluto listening for NAT-T on udp 4500                       [FAILED]
> Checking for 'ip' command                                   [OK]
> Checking /bin/sh is not /bin/dash                           [OK]
> Checking for 'iptables' command                             [OK]
> Opportunistic Encryption Support                             [DISABLED]
>
> I think the biggest problem here is the "Checking for IPsec support in kernel"?
>
> I use 2.6.32-042stab085.20 - I know it's not the latest kernel, but
> supposedly ipsec support should be in kernels after stab084?
>
>
>
> On Sat, Jun 21, 2014 at 7:28 PM, Pavel Odintsov
> <pavel.odintsov at gmail.com> wrote:
>> Hello!
>>
>> In modern version of OpenVZ you can use l2tp with ipsec support
>> instead OpenVPN: http://habrahabr.ru/company/FastVPS/blog/205162/
>> (sorry this manual in russian language but it's very simple). It's
>> very useable because you do not need any special clients on Windows
>> hosts. Maybe you can try this?
>>
>>
>>
>> On Sat, Jun 21, 2014 at 2:11 PM, Benjamin Henrion <zoobab at gmail.com> wrote:
>>> On Sat, Jun 21, 2014 at 8:47 AM, Rene C. <openvz at dokbua.com> wrote:
>>>> I got the openvpn part itself down, no problem, but getting it to work
>>>> in a container is a lot of hassle. Many pages, but most are outdated
>>>> and things keeps changing. Anyone know how to get it to work TODAY?
>>>>
>>>> The server is an otherwise normal server with public ip addresses and
>>>> works with cpanel, no problem that far. The problem is getting an
>>>> openvpn service to work in it.
>>>>
>>>> I've already added the tun device, and I can connect to the server
>>>> with the openvpn client, just can't continue from there, so some
>>>> routing is missing.
>>>>
>>>> I've followed the general routing instructions but because openvz
>>>> doesn't support MASQ it doesn't work.
>>>>
>>>> - which modules to insmod on the hwnode
>>>
>>> Just make sure "tun" is present in lsmod.
>>>
>>>> - which modules to add into /etc/vz/vz.conf
>>>
>>> The same. "tun" should be part of the list of modules in vz.conf, so
>>> it gets loaded at vz start.
>>>
>>>> - which modules to add into /etc/vz/<ct>.conf
>>>
>>> And the for the CTID you want to run openvpn access in:
>>>
>>> https://openvz.org/VPN_via_the_TUN/TAP_device#Granting_container_an_access_to_TUN.2FTAP
>>>
>>> Can you provide openvpn-client debug messages?
>>>
>>> --
>>> Benjamin Henrion <bhenrion at ffii.org>
>>> FFII Brussels - +32-484-566109 - +32-2-4148403
>>> "In July 2005, after several failed attempts to legalise software
>>> patents in Europe, the patent establishment changed its strategy.
>>> Instead of explicitly seeking to sanction the patentability of
>>> software, they are now seeking to create a central European patent
>>> court, which would establish and enforce patentability rules in their
>>> favor, without any possibility of correction by competing courts or
>>> democratically elected legislators."
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>
>>
>>
>> --
>> Sincerely yours, Pavel Odintsov
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users



-- 
Sincerely yours, Pavel Odintsov

More information about the Users mailing list