Add a new route to access to a VPN inside a container from the others containers ?

[Elodie]

Greetings,

I would like add a new route to access to a VPN inside a container from the others containers.

I have a new device "tun" inside the container venet openVZ 192.168.0.22 and this device have as IP 172.16.0.6.

I would like access to this new network (172.16.0.6 and 172.16.0.1 the VPN server) from the other VE 192.168.0.x.

My default route from the real host is :

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.8 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.11 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.10 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.13 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.12 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.14 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.16 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.19 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.18 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.21 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.20 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.4 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.7 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.22 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.0.6 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
188.165.242.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr1
0.0.0.0 188.165.242.254 0.0.0.0 UG 0 0 0 vmbr0

I have tried this :

route add -net 172.16.0.0/16 gw 192.168.0.22 dev venet0
route add -net 172.16.0.0/16 gw 0.0.0.0 dev venet0
route add -host 172.16.0.6 gw 192.168.0.22 dev venet0
route add -host 172.16.0.6 gw 0.0.0.0 dev venet0

with a route del on each attempt but nothing, i can't ping 172.16.0.6 from 192.168.0.2

172.16.0.6(tun) is hosted on 192.168.0.22

i can ping 192.168.0.22 from 192.168.0.2 but i can't ping 172.16.0.x from 192.168.0.2, even with the several route that i have tested.

Do you have a solution instead to move the tun inside the real host, i don't want modify the hyperviser to much, just add a route. I hope it's possible or i will be forced to move the openvpn client inside the real host but it's don't enjoy me ...

Thanks so much

 

[dietmar]

Re: Add a new route to access to a VPN inside a container from the others containers

Maybe the rp_filter problem:

http://forum.proxmox.com/threads/70...ems-with-openvz-container?highlight=rp_filter

please test.

 

[Elodie]

Re: Add a new route to access to a VPN inside a container from the others containers

Thanks for the replay,

I have find into your link this :

Added to /etc/sysctl.d/vzctl.conf the parameter

net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0

and my /etc/sysctl.d/vzctl.conf have :

net.ipv4.conf.all.rp_filter = 1

I could try to change "1" to "0" and add "net.ipv4.conf.default.rp_filter = 0" into my file.

But i need to reboot all my real host ?

 

[tom]

Re: Add a new route to access to a VPN inside a container from the others containers

see also /etc/sysctl.d/vzctl.conf

 

[Elodie]

Re: Add a new route to access to a VPN inside a container from the others containers

Thanks but when i have modify the file /etc/sysctl.d/vzctl.conf what i need to do to apply my modification please ?
Restart only the VE with the "tun" device or all the system with a reboot ?

 

[dietmar]

Re: Add a new route to access to a VPN inside a container from the others containers

Thanks but when i have modify the file /etc/sysctl.d/vzctl.conf what i need to do to apply my modification please ?
Restart only the VE with the "tun" device or all the system with a reboot ?

Please set the value to 2.

The run

# sysctl -p