openvpn-as in openve container

  • Thread starter Thread starter garrettwp
  • Start date Start date
G

garrettwp

Guest
I am trying something new here. I have been using KVM's for the last year or so and wanted to create an openve container. I am using the ubutnu 8.04 64bit template and installed the latest openvpn-as 1.2 deb package. I have enabled the iptable modules in the /etc/vz/vz.conf file to allow openvpn-as to run in the openve container. e.g.

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

The problem I am having is that I can not get the openvpn-as to start the service. Here is the output I get when I go to start the openvpn server from the openvpn-as admin webpage:

Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: ['iptables-restore: line 38 failed']: svc/svcnotify:25,internet/defer:243,internet/defer:312,internet/defer:328,sagent/iptsvc:888,sagent/iptsvc:842,util/error:49,util/error:29
service failed to start due to unresolved dependencies: set(['iptables_openvpn', 'user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])

Can anyone give any help on to what this means and how to go about fixing this?

Much appreciated,

- Garrett
 
Anyone have any ideas? It looks like the iptable modules are not loading into the container.

- Garrett
 
Sorry for double post. The forums were acting a little slow between requests.

- Garrett
 
There are no modules available for the openvz container. I installed openvpn-as in a kvm virtual machine and all is well. But I would like to try this out in an openvz container. I am new to openvz containers and not sure how kernel modules are loaded for containers. At the top of the error message is complains about iptables-restore.

- Garrett
 
I do not see any iptables_openvpn module. I have it working great in a KVM machine, but would like to get it working in an openvz container. I have seen a few guides doing the same thing and followed them exactly as they have instructed and still get the same errors. Any ideas? One thing the error message is complaining about is the iptables_restore. I am also using bridge networking.

- Garrett
 
Once I spend one week trying to install OpenVPN in OpenVZ container....
All my attempt failed.
In forums was some mention that one guy did it. But he did by recompiling kernel.....
He promise to make manual HowTO but never did....

In result I gave up and install OpenVPN on directly on server.

If you will successfully install OpenVPN could you like to write HowTo?

Thank you advance.
 
When I have time I will try and play with it more later. For now I have it installed in a kvm that has my other network software installed. For now it works and works really well. My intentions were to play with an openvz container more. But with these limitations of what the openvz container can and can not due makes me want to stay with kvm more. It is a shame as the resources for openvz are a lot lower then what is required by a kvm virtual machine.

- Garrett
 
You will get this to work - but if you need to migrate the container - it doesnt like it. (the modules don't seem to unload in the container cause the reference to tun never go to 0) -

If you need this to migrate use kvm- think it will be cleaner.
 
I don't need to migrate, just need to get OpenVPN working. If im not migrating should I use Openvz or KVM?

If Openvz is the best choice, how do I fix the iptables errors?

thx
 
I would do it in kvm - not worth the hassle of dealing with the kernel setup in the openvz container.
(And then later - when you want to migrate it to another container - if it's kvm - you are done - if it's opennvz - it's going to be irritating.)

(Although - migrating the openvpn configuraiton isn't a huge deal - it's pretty portable - the device setup is going to be a manual task for every hypervisor you install and want that functionality in .)

I did it with openvz - and then I"m moving it to kvm.

--Adrian
 
Hello all,

Im trying to do the same but since my Host does not have VT-x capable CPU, im stuck with openvz.
This is the error im getting..

Error:


Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=1]: ['iptables-restore: line 46 failed']: python/context:37,internet/epollreactor:223,internet/posixbase:191,internet/process:260,internet/process:762,internet/process:775,internet/_baseprocess:60,svc/pp:116,svc/svcnotify:26,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:105,sagent/ipts:39,util/error:52,util/error:32
service failed to start due to unresolved dependencies: set(['user', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])


Did anyone get this running? I dont have a choice but to stay in openvz containers, or buy a new box...
 
You must log in or register to reply here.
Top Bottom