<br><br><div class="gmail_quote">On Wed, Aug 25, 2010 at 9:06 PM, Tim Nelson <span dir="ltr"><<a href="mailto:tnelson@rockbochs.com">tnelson@rockbochs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div style="font-family:Times New Roman;font-size:12pt;color:#000000"><div><div></div><div class="h5">----- "Marc Aymerich" <<a href="mailto:glicerinu@gmail.com" target="_blank">glicerinu@gmail.com</a>> wrote:
<br>> <br>> <br>> </div></div><div class="gmail_quote"><div><div></div><div class="h5">> On Wed, Aug 25, 2010 at 8:37 AM, Marc Olive <span dir="ltr"><<a href="mailto:marc.olive@grupblau.com" target="_blank">marc.olive@grupblau.com</a>></span> wrote:<br>
> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>>
Hello,<br>>
<br>>
I've setup an openvpn server inside an openvz container, it works fine, but I<br>>
had to make a veth interface instead a venet in order to reach hosts behind<br>>
the vpn server.<br>>
As this is not mentioned in the wiki[1] I had some troubles at first since I<br>>
realized it. It should be mentioned in the wiki.<br>>
<br>>
Regards,<br>>
<br>>
[1] <a href="http://wiki.openvz.org/VPN_via_the_TUN/TAP_device" target="_blank">http://wiki.openvz.org/VPN_via_the_TUN/TAP_device</a><br>>
<font color="#888888"><br>>
--<br>> </font></blockquote><div><br>> </div><div><br>> </div><div>Hi Marc,</div><div>I have too an openvn server running inside a container and I use venet interface without any trouble. Why do you think that veth is necessary? </div>
<div> </div></div></div><div>---</div><div><br></div><div><br></div><div>Yes, but are you routing traffic from the VPN connected clients through your container to other hosts? Because of the way venet works, there are some intermediary hops and internal routing that happens which makes this setup somewhat difficult. I'm still trying to find the answer to this myself. Switching to veth works fine, but unfortunately breaks another component of the applications we use. It's complicated... long story.</div>
<div><br></div><font color="#888888"><div></div></font></div></div></div></blockquote></div><div><br></div><div>Hi Tim,</div><div>I use OpenVPN in order to reach the datacenter(DC) private network from the office workstations. I have the OpenVPN server running inside a container in one of the DC servers. On the office side I have 2 vpn clients. The clients can reach any DC private ip destination. To avoid complicated routing tables on the VPN server I use NAT :). Maybe I don't have problems because I use NAT, but until this morning I solved any venet related problem using tcpdump and iproute sentences. I'm saying "until this morning" because just right now I have sent an email to the list asking for help for problems related to venet routing :) </div>
<div><br></div><div>Is out there any 'low level' documentation to understand how venet internally works? I'd really appreciate to read something about that. </div><div><br></div><br clear="all"><br>-- <br>
Marc<br>