OpenVpn between Hosts for Private LAN

A

andy77

Renowned Member
Proxmox Subscriber
Jul 6, 2016
248
14
83
42
Hello @all,

i am actually thinking about if it is possible to realize the following with proxmox:

Connect a few proxmox hosts via OpenVPN to have a secondary private LAN for the guests?

This way I would like to have two virtual switches in Proxmox to assign to the guests. The normal one with direct internet access, and one that is the private LAN where all guests can communicate similar to a VLAN.

Thanks a lot for any help

Best Regards
 
It's Linux, so it's most probably possible :-D

Do you want to have a cluster over a OpenVPN tunnel or only guests talking to each other? In the later case you'll have to bridge and route everything. Maybe a Site-2-Site tunnel is better suited.

So, every Proxmox host has one special VPN VM for site-2-site to other hosts and is responsible for the routing itself. This should work.

I use a lot of VPN VMs to bridge different hosts from different off-site networks directly into our network. All kinds of vpn programs work.
 
Hello,

no I don't want to have a cluster. I just want the guests to "talk" to each other in a private LAN (open Firewall).

So your idea is to let a separate VM do the OpenVPN thing on every host instead of having OpenVPN installed directly on the host?

Thx
 
I always like to have everything in a VM, so that I can change the underlying Proxmox. You can also setup your VPN-stuff on your host, yet there is more potential to screw with things and the worst cast would be to be locked out. I'd only do it if you have physical access.
 
Technically possible, but the latency is crucial here. You need very good ping times (<5ms) for the cluster sync daemon - I read it somewhere but couldn't locate it right now, maybe you'll find the actual reference...
 
Ok, even if I do not want to use HA, the ping time should be that great?
Anyhow, this ping time shouldn't be a problem, all servers are in the same Datacenter but have just different IP ranges.
 
Then it should not be a problem.

Just curious:
Everything in one datacenter and you do not trust your own network and want to encrypt with OpenVPN?
 
You must log in or register to reply here.
Top Bottom