[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] domU access to dom0/ tap device

Dennis Muhlestein wrote:
> I'm working on setting up an openvpn server on a domU.  I've got the
> openvpn working but access to hosts on the same physical machine as
> the openvpn server doesn't work.  
It works fine for me.
> Someone on the openvpn list pointed
> out this guide:
>
> http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F
>
> The guide is not written for Xen, but rather for vserver.  I think the
> problem is the same though.
>
I don't think it is.
Networking in vserver and xen is somewhat different. You don't need to
manually create tun/tap device in dom0 to use openvpn in domU.
> i created a tap0 on domO as the guide mentions, but don't know how to
> export that device for OpenVPN to use in domU.
>

I use bridge networking in my xen setup. My setup is rather complicated
(involves trunks and vlans) but let's say that in terms of networking
dom0 and domU behaves like two different physical host on the same network.

Once you have that working (common problems are iptables, arp, or MTU)
it really doesn't matter what service you run on domU, including openvpn.

Some things you might want to check :
- use bridge setup for xen networking. IMHO it's the simplest way.
- use static mac-address for domU (specified in domU config file)
- disable iptables and selinux on dom0 and domU (makes things easier for
first setup. you can turn them on later if you want)
- verify that network connectivity between dom0 and domU works as
expected (ping, ssh, bandwitdh and latency, etc. I like to use netio to
test it.)
- verify that IP forwarding in domU is turned on
- verify that the exact openvpn setup works on real physical machine (to
isolate any openvpn problems)
- try openvpn on domU

Using latest available version of xen might also help. Some of my
servers (DELL) uses a network card which doesn't work with xen 3.0.2 (it
works perfectly on non-xen setup), but works fine on xen >= 3.0.3.

Regards,

Fajar


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.