SHOW:
|
|
- or go back to the newest paste.
| 1 | (diagram relates to question http://ubuntuforums.org/showthread.php?t=2090887 ) | |
| 2 | - | +-----------------------+ |
| 2 | + | +-----------------------+ |
| 3 | - | | | |
| 3 | + | | | |
| 4 | - | | [OpenVPN | |
| 4 | + | | [OpenVPN | |
| 5 | - | | server] | |
| 5 | + | | server] | |
| 6 | - | | (outside of my | |
| 6 | + | | (outside of my | |
| 7 | - | | control) | |
| 7 | + | | control) | |
| 8 | - | +--------+--------------+ |
| 8 | + | +--------+--------------+ |
| 9 | - | | {other end of tun0}
|
| 9 | + | | {other end of tun0}
|
| 10 | - | | |
| 10 | + | | |
| 11 | - | | +-------------------------+ |
| 11 | + | | +-------------------------+ |
| 12 | - | | | | |
| 12 | + | | | | |
| 13 | - | ========{ [Router] |
|
| 13 | + | ========{ [Router] |
|
| 14 | - | {INTERNET} | |
|
| 14 | + | {INTERNET} | |
|
| 15 | - | | [LAN switch] | |
| 15 | + | | [LAN switch] | |
| 16 | - | +------------+------------+ |
| 16 | + | +------------+------------+ |
| 17 | - | | (192.168.0.1) |
| 17 | + | | (192.168.0.1) |
| 18 | - | | |
| 18 | + | | |
| 19 | - | | +-----------------------+ eth0: 192.168.0.bbb |
| 19 | + | | +-----------------------+ eth0: 192.168.0.bbb |
| 20 | - | | |[OpenVPN client, KVM | 14:da:xx:xx:xx:xx |
| 20 | + | | |[OpenVPN client, KVM | 14:da:xx:xx:xx:xx |
| 21 | - | | | host and ICS server] | |
| 21 | + | | | host and ICS server] | |
| 22 | - | +------------{eth0 tun0 | br0
|
| 22 | + | +---------{eth0 tun0 | br0
|
| 23 | - | | | \ | mac: 2a:0d:xx:xx:xx:xx |
| 23 | + | | | \ | mac: 2a:0d:xx:xx:xx:xx |
| 24 | - | | | \ {packet fwd} |
|
| 24 | + | | | \ {packet fwd} |
|
| 25 | - | | | br0 (start) | tun0: 10.8.0.ccc or ddd /24 |
| 25 | + | | | br0 (start) | tun0: 10.8.0.ccc or ddd /24 |
| 26 | - | | | | | |
| 26 | + | | | | | |
| 27 | - | | +---------+-------------+ |
| 27 | + | | +---------+-------------+ |
| 28 | - | | | br0 (end) |
| 28 | + | | | br0 (end) |
| 29 | - | +--------+-----------+ +-------+------------+ |
| 29 | + | +--------+-----------+ +----+---------------+ |
| 30 | - | | | | eth0 | eth0: 192.168.0.yyy/24 |
| 30 | + | | | | eth0 | eth0: 192.168.0.yyy/24 |
| 31 | - | |[Other LAN clients] | | | mac: 14:da:xx:xx:xx:xx |
| 31 | + | |[Other LAN clients] | | | mac: 14:da:xx:xx:xx:xx |
| 32 | - | | | | [Example guest VM] | |
| 32 | + | | | | [Example guest VM] | |
| 33 | - | | 192.168.0.xxx/24 | | (access only | |
| 33 | + | | 192.168.0.xxx/24 | | (access only | |
| 34 | - | | (internal net) | | via tun0) | |
| 34 | + | | (internal net) | | via tun0) | |
| 35 | - | +--------------------+ +--------------------+ |
| 35 | + | +--------------------+ +--------------------+ |
| 36 | ||
| 37 | # Commands used to set up {packet fwd}:
| |
| 38 | # (1) Allow initiation of connections from the virtual machines | |
| 39 | # (guest machines) to the VPN connection | |
| 40 | iptables -I FORWARD -i br0 -o tun0 -s 192.168.0.0/24 -d 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT | |
| 41 | # (2) Allow bi-directional and related traffic once | |
| 42 | # connection is established | |
| 43 | iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| 44 | ||
| 45 | Issues - | |
| 46 | if I comment out the line: | |
| 47 | bridge_ports eth0 | |
| 48 | from the definition of br0 in /etc/network/interfaces on the [OpenVPN client and ICS server] machine, and restart networking using init.d (and remove the bridge interface from the guest VM XML file using virsh edit [guestVM]), then I lose network connectivity completely on both machines, i.e. ping 8.8.8.8 and ping 192.168.0.1 both fail on both machines. |
