I want to cluster two XenLinux machines at two sites and join them to appear to be one intranet using a VPN daemon. Thus it would make my LAN appear to have more hosts directly attached to it when they are really miles away: 10.0.0.2 web1.xen1.example.com <-- XenLinux machine 1 at Site 1 10.0.0.3 mail1.xen1.example.com <-- XenLinux machine 1 at Site 1 10.0.0.4 web2.xen2.example.com <-- XenLinux machine 2 at Site 2 10.0.0.5 mail2.xen2.example.com <-- XenLinux machine 2 at Site 2 ... Can I run the VPN daemon inside a guest domain? Or should I run it on domain0? Or do I need to run it externally? CD _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
I have had very good success running the KAME/IPSec-Tools in 2.6 xenU domains. I would suggest this exact setup as it has failed to go down in the 6 months of uptime. Setup routing as you usually would. I believe 3des/SHA1 had the quickest reconnect times. -- Christian Hergert <christian.hergert@medsphere.com> Medsphere Systems Corporation On Tue, 2005-07-19 at 12:53 -0400, Chris de Vidal wrote:> I want to cluster two XenLinux machines at two sites and join them to > appear to be one intranet using a VPN daemon. Thus it would make my LAN > appear to have more hosts directly attached to it when they are really > miles away: > 10.0.0.2 web1.xen1.example.com <-- XenLinux machine 1 at Site 1 > 10.0.0.3 mail1.xen1.example.com <-- XenLinux machine 1 at Site 1 > 10.0.0.4 web2.xen2.example.com <-- XenLinux machine 2 at Site 2 > 10.0.0.5 mail2.xen2.example.com <-- XenLinux machine 2 at Site 2 > ... > > Can I run the VPN daemon inside a guest domain? > > Or should I run it on domain0? > > Or do I need to run it externally? > > CD > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, you would best setup all the VPN stuff in xen0. I would recommend setting up OpenVPN in bridge mode to transparently connect the two xen0 systems and within the xenU machines you want to get connected in the end. With OpenVPN and the linux bridging stuff you can even set up redundant transports between the systems (with spanning tree). Regards, Schlomo On Tue, 19 Jul 2005, Chris de Vidal wrote:> I want to cluster two XenLinux machines at two sites and join them to > appear to be one intranet using a VPN daemon. Thus it would make my LAN > appear to have more hosts directly attached to it when they are really > miles away: > 10.0.0.2 web1.xen1.example.com <-- XenLinux machine 1 at Site 1 > 10.0.0.3 mail1.xen1.example.com <-- XenLinux machine 1 at Site 1 > 10.0.0.4 web2.xen2.example.com <-- XenLinux machine 2 at Site 2 > 10.0.0.5 mail2.xen2.example.com <-- XenLinux machine 2 at Site 2 > ... > > Can I run the VPN daemon inside a guest domain? > > Or should I run it on domain0? > > Or do I need to run it externally? > > CD > > >-- Regards, Schlomo _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users