WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Domain with openvpn-server-bridge to Dom0-bridge problem

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Domain with openvpn-server-bridge to Dom0-bridge problem
From: Felix Kuperjans <felix@xxxxxxxxxxxxxxxxxx>
Date: Mon, 21 Jun 2010 15:33:00 +0200
Delivery-date: Mon, 21 Jun 2010 06:34:35 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C1F639E.5000203@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4C1DF1AE.6060002@xxxxxxxxx> <AANLkTimc517jG6znJ66U5r2o40Pu9JEP5mkKOV-x_kYj@xxxxxxxxxxxxxx> <4C1F639E.5000203@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100613 Shredder/3.0.4
If I'm reading your information correctly, the bridge (br0) of your
Openvpn domain only connects to eth1 (XEN-Dom0) and to tap0 (Openvpn's
virtual interface), but not to eth0 (pass-through real nic). If that was
true, your problem lies there.

Another point could be, that your routes are messed up. You seem to be
using 192.168.100.x as the real external network *and* the internal XEN
network. But by assigning two ip addresses to eth0 and eth1 in Openvpn
domain, you get two routes for 192.168.100.0/24, leaving the choice to
the operating system. There should be only one address assigned to the
bridge, I think.

I hope one of those points helps you.

Regards,
Felix Kuperjans

Am 21.06.2010 15:05, schrieb Tegger:
> I think i have a working openvpn, i can connect to openvpn without
> errors.
> I have at the moment 2 Domains and Dom0. After succesful vpn
> connection, i can connect to the other Domain and Dom0, with SSH and RDP.
> So the Bridge from eth0(real Card,internet connection) to eth1 (XEN)
> seem to be working. But i can't connect to real Network thats
> connected to the Network Card at Dom0. All Domains and Dom0 can ping
> and connect to the PC's in the network.
>
>
> The real Network is     192.168.100.x
> Dom0                         192.168.100.201
> WindowsDomain         192.168.100.19
> OpenvpnDomain         192.168.100.205     eth1 -- br0 -- tap0
>                                    192.168.0.10          eth0
> Router                        192.168.0.1
>
>
> Openvpnclient             192.168.100.210
>
> Openvpnclient can connect 192.168.100.201 and 192.168.100.19, but not
> 192.168.100.1, this is a physical PC in network
>
>
> Am 21.06.2010 03:36, schrieb Fajar A. Nugraha:
>> On Sun, Jun 20, 2010 at 5:47 PM, Tegger<xen@xxxxxxxxx>  wrote:
>>   
>>> Hi,
>>>
>>> i have a problem with bridging. I have a Openvpn Domain, with server
>>> bridge.
>>>      
>> I can't read your ASCI art, so the information there does not make
>> sense to me. Sorry.
>>
>>   
>>> with this constellation i can't connect/ping to the real Network
>>> with an
>>> external VPN Connection. The Openvpn Domain itself can ping
>>> and connect to services in real network. An external VPN User can
>>> only ping
>>> and use Dom0 and other Domains Services.
>>> I can't find the error.....
>>>      
>> Usually the errors are caused by openvpn-specific setup. I'd make sure
>> that you have a working openvpn setup first, possibly using a phisical
>> machine. A common pitfall it that you're using openvpn bridge, with
>> tap interface on domU, but you forgot to create a bridge connecting
>> the tap interface to domU's eth0 interface.
>>
>> Another possible pitfall is that you want to make the domU act as
>> router, but you forgot to setup iptables on domU.
>>
>>    
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users