thr3ads.net - Xen users - [Xen-users] Can''t access xen machines via vpn connection [Mar 2010]

If this information is useful, please help other people find it:
Share via:

john ewing

2010-Mar-22 14:44 UTC

[Xen-users] Can''t access xen machines via vpn connection

Hi,

I have a Centos based Xen server on my lan which works perfectly appart from
it appears to ignore traffic arriving over our VPN connection.

The vpn connection is via an IPCOP box which has the Zerina Open VPN package
installed.
The network setup on the VPN box is >> this is the lan interfaceeth0      Link encap:Ethernet  HWaddr 00:C0:9F:0A:F2:ED
          inet addr:192.168.0.3  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5071269 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7092516 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:828541223 (790.1 MB)  TX bytes:2636364890 (2514.2 MB)
          Interrupt:20 Base address:0xecc0
Memory:fe123000-fe123038>> this is the external internet connectioneth1      Link encap:Ethernet  HWaddr 00:02:B3:AB:8C:1C
          inet addr:10.10.10.3  Bcast:10.10.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:6544488 errors:1 dropped:0 overruns:0 frame:1
          TX packets:5350765 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2326050702 (2218.2 MB)  TX bytes:812206696 (774.5 MB)
          Interrupt:30 Base address:0xec80 Memory:fe122000-fe122038

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:91 errors:0 dropped:0 overruns:0 frame:0
          TX packets:91 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:21208 (20.7 KB)  TX bytes:21208 (20.7 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
          inet addr:10.89.240.1  P-t-P:10.89.240.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:260387 errors:0 dropped:0 overruns:0 frame:0
          TX packets:143080 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:329927086 (314.6 MB)  TX bytes:13037548 (12.4 MB)


I can ping and connect to any other machine on the LAN subnet (192.168.0.x) but
when I try to contact
either Dom0 192.168.0.4 or one of the DomU VMs 192.168.0.6 I just get
"Request Timeout for icmp_seq"
I can ping these ips from within the LAN no problem, and I have tried completely
disabling the firewall on the DOM0 machine
but it makes no difference.

Any help appreciated 

Cheers

John.


The network setup on the xen server is 
#ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:02:B3:CA:0B:0E
          inet addr:192.168.0.4  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::202:b3ff:feca:b0e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7739767 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5355591 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:627301593 (598.2 MiB)  TX bytes:399085564 (380.5 MiB)

eth1      Link encap:Ethernet  HWaddr 00:C0:9F:21:FE:1D
          inet addr:10.10.10.29  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::2c0:9fff:fe21:fe1d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15970 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4296 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8628848 (8.2 MiB)  TX bytes:365795 (357.2 KiB)

lan       Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:1002013 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:119949040 (114.3 MiB)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3008 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3008 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:411818 (402.1 KiB)  TX bytes:411818 (402.1 KiB)

peth0     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:104108735 errors:0 dropped:0 overruns:0 frame:0
          TX packets:124569365 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3045586779 (2.8 GiB)  TX bytes:4121122264 (3.8 GiB)

peth1     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:4445260 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2063177 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1293307650 (1.2 GiB)  TX bytes:868202984 (827.9 MiB)
          Base address:0xecc0 Memory:fe120000-fe140000

vif0.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:5355637 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7739790 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:399092840 (380.6 MiB)  TX bytes:627302973 (598.2 MiB)

vif0.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:92497 errors:0 dropped:0 overruns:0 frame:0
          TX packets:175446 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10660969 (10.1 MiB)  TX bytes:155208263 (148.0 MiB)

vif2.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:95670639 errors:0 dropped:0 overruns:0 frame:0
          TX packets:106452505 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:1428673350 (1.3 GiB)  TX bytes:3730955382 (3.4 GiB)

vif2.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:1928227 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1763740 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:827725678 (789.3 MiB)  TX bytes:990494758 (944.6 MiB)

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:9622 (9.3 KiB)

wan       Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:58395 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5527685 (5.2 MiB)  TX bytes:0 (0.0 b)

#brctl show
bridge name     bridge id               STP enabled     interfaces
lan             8000.feffffffffff       no              vif2.0
                                                        peth0
                                                        vif0.0
virbr0          8000.000000000000       yes
wan             8000.feffffffffff       no              vif2.1
                                                        peth1
                                                        vif0.1


      

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Luca Sironi

2010-Mar-22 16:01 UTC

head link

Re: [Xen-users] Can''t access xen machines via vpn connection

Hi John,
i''ve got a system similar (but not identical) to your.
In fact i''ve got openvpn running on the dom0 and thus serving also the
domU and the rest of the lan (another physical server)

- check that the dom0 has ip_forwarding enabled (sysctl net.ipv4.ip_forward)
- check as well to have a return static route on all the servers you
want to reach trough openvpn

for example on my openvpn server.conf i''ve got

server 192.168.3.0 255.255.255.0

and my return static route for all the domU is something like

route add -net 192.168.3.0 192.168.100.5

where 192.168.100.5 is the private ip of my dom0/openvpn server

hope it helps

BR
Luca
-- 
http://www.sironi.tk

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Xen users - Mar 2010 - Can''t access xen machines via vpn connection

[Xen-users] Can''t access xen machines via vpn connection

Re: [Xen-users] Can''t access xen machines via vpn connection