OpenVPN with Masquerade support

R

r.fluttaz

Guest
A OpenVPN distribution, with iptable masquerade support will be very usefull ...
 
Well, I sort of take the "easily installed" part back ... as it turns out it's actually not that easily installed as an OpenVZ container. :eek:

Still working on it, but it seems to require additional iptables modules on the Proxmox host to be inserted, which I haven't fully figured out yet. If anyone has a recipe for how to do it, please let me know.

One more vote for 'OpenVPN with Masquerade support' as a Proxmox virtual appliance! ;)
 
Hi,

It's actually very easy... I had it up and running within a couple of minutes only..

I use this line in my /etc/vz/vz.conf file:

## IPv4 iptables kernel modules

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"


Marius
 
Marius,

So, I got it to work by inserting the kernel modules per your instructions.

I had also originally used venet instead of veth. Changed that and got OpenVPN to work ... almost.

The last thing I'm stuck on is the TUN/TAP adapter. I'm getting an error saying:

Code:
Cannot open TUN/TAP dev /dev/as0t0: No such file or directory

Then I ran "modprobe tun" and got the following error:

Code:
FATAL: Could not load /lib/modules/2.6.24-2-pve/modules.dep: No such file or directory
Googling around I found this thread:

https://www.proxmox.com/forum/showthread.php?t=1098

... essentially saying, if I'm understanding it correctly, that loading the tun module in an OpenVZ container isn't possible.

How did you get OpenVPN installed in an OpenVZ container with the TUN/TAP interface loaded?

Thanks /// Martin
 
Hi Martin,

You have access to the host system? if you do, i want you to follow this little guide:


To load the tun module into the HOST os.

Code:
modprobe tun

This is to grant your container to access tun/tap devices.
Code:
vzctl set VEID --devices c:10:200:rw --save
vzctl set VEID --capability net_admin:on --save


This is to make the tun/tap device (with the name openVPN choose)
Code:
vzctl exec VEID mknod /dev/as0t0 c 10 200
vzctl exec VEID chmod 600 /dev/as0t0[FONT=Verdana]
After this, you can restart the container[/FONT]
and it will work like charm (did with me atleast)

(Run everything on HOST-OS)

Give me an 'report' on how it went! :)

Marius
 
Last edited:
Well ... I tried that ... and now I'm getting another error message:

Code:
['SIOCSIFADDR: No such device', 'as0t0: ERROR while getting interface flags

It's a bit strange because that is the device it was complaining about earlier, and that is the device I just added. tun is running on the host.

Any other ideas?
 
Hi again,

Hmm, i think i have misleaded you abit here, i looked trough my config again, and it looks like i have :p

Code:
rm -rf /dev/as0t0
[FONT=Verdana]vzctl exec VEID mkdir -p /dev/net[FONT=verdana]
[/FONT]vzctl exec VEID mknod /dev/net/tun c 10 200[/FONT]
[FONT=Verdana]vzctl exec VEID chmod 600 /dev/net/tun

(restart the container)

After this, it should be working, remember to have an working 'lo' device in the container.

Marius
[/FONT]
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!