I have three servers in a proxmox cluster:
pmn1
pmn2
pmn3
Each server has 2 physical NICs:
eth0
connected to the public IP address
eth1
connected to an RPN
RPN also has a 4th server - an RPN VPN server which is not part of the Proxmox cluster and is not in my control (it is to enable me to VPN into the RPN network).
Currently the cluster is formed over the RPN network as follows:
All nodes can talk to each other on the RPN.
All nodes can access the Internet via their public IP (bridged to vmbr0 as standard).
Problem
When I connect to the RPN VPN I need to be able to access all the linux containers on all the nodes over the VPN (I have staff who need to do this also).
I cannot figure out how to do two things:
1. How to create a VLAN so that all containers on all nodes are on the same network. I have tried with openvswitch but I cannot get it to work.
2. How to bridge the VLAN to the RPN so that all the containers can be accessed over the VPN.
I am new to this type of networking so please, if you provide any insight assume I know nothing.
What I have managed to do:
1. Setup a bridge on a single cluster node with DHCP - all containers on the node can see each other, they can also ping the public IP of the host node and the RPN IP of the host node (although they cannot see the other nodes on the RPN). I need this across all nodes instead of isolated on a per node basis.
What I don't need.
I do not need to forward any traffic from the containers onto the Internet - most of the containers are only supposed to be accessed over the VPN and I have failover IPs for any services which need them.
I have been reading stuff all day but either it is as clear as mud or it simply doesn't work as described. So could really use some help here.
Thanks in advance.
pmn1
pmn2
pmn3
Each server has 2 physical NICs:
eth0
connected to the public IP address
eth1
connected to an RPN
RPN also has a 4th server - an RPN VPN server which is not part of the Proxmox cluster and is not in my control (it is to enable me to VPN into the RPN network).
Currently the cluster is formed over the RPN network as follows:
Code:
Membership information
----------------------
Nodeid Votes Name
0x00000001 1 10.91.150.134 (local)
0x00000002 1 10.91.156.172
0x00000003 1 10.91.156.173All nodes can talk to each other on the RPN.
All nodes can access the Internet via their public IP (bridged to vmbr0 as standard).
Problem
When I connect to the RPN VPN I need to be able to access all the linux containers on all the nodes over the VPN (I have staff who need to do this also).
I cannot figure out how to do two things:
1. How to create a VLAN so that all containers on all nodes are on the same network. I have tried with openvswitch but I cannot get it to work.
2. How to bridge the VLAN to the RPN so that all the containers can be accessed over the VPN.
I am new to this type of networking so please, if you provide any insight assume I know nothing.
What I have managed to do:
1. Setup a bridge on a single cluster node with DHCP - all containers on the node can see each other, they can also ping the public IP of the host node and the RPN IP of the host node (although they cannot see the other nodes on the RPN). I need this across all nodes instead of isolated on a per node basis.
What I don't need.
I do not need to forward any traffic from the containers onto the Internet - most of the containers are only supposed to be accessed over the VPN and I have failover IPs for any services which need them.
I have been reading stuff all day but either it is as clear as mud or it simply doesn't work as described. So could really use some help here.
Thanks in advance.