Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (diagram relates to question http://ubuntuforums.org/showthread.php?t=2090887 )
- +-----------------------+
- | |
- | [OpenVPN |
- | server] |
- | (outside of my |
- | control) |
- +--------+--------------+
- | {other end of tun0}
- |
- | +-------------------------+
- | | |
- ========{ [Router] |
- {INTERNET} | |
- | [LAN switch] |
- +------------+------------+
- | (192.168.0.1)
- |
- | +-----------------------+ eth0: 192.168.0.bbb
- | |[OpenVPN client, KVM | 14:da:xx:xx:xx:xx
- | | host and ICS server] |
- +---------{eth0 tun0 | br0
- | | \ | mac: 2a:0d:xx:xx:xx:xx
- | | \ {packet fwd} |
- | | br0 (start) | tun0: 10.8.0.ccc or ddd /24
- | | | |
- | +---------+-------------+
- | | br0 (end)
- +--------+-----------+ +----+---------------+
- | | | eth0 | eth0: 192.168.0.yyy/24
- |[Other LAN clients] | | | mac: 14:da:xx:xx:xx:xx
- | | | [Example guest VM] |
- | 192.168.0.xxx/24 | | (access only |
- | (internal net) | | via tun0) |
- +--------------------+ +--------------------+
- # Commands used to set up {packet fwd}:
- # (1) Allow initiation of connections from the virtual machines
- # (guest machines) to the VPN connection
- iptables -I FORWARD -i br0 -o tun0 -s 192.168.0.0/24 -d 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
- # (2) Allow bi-directional and related traffic once
- # connection is established
- iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- Issues -
- if I comment out the line:
- bridge_ports eth0
- from the definition of br0 in /etc/network/interfaces on the [OpenVPN client and ICS server] machine, and restart networking using init.d (and remove the bridge interface from the guest VM XML file using virsh edit [guestVM]), then I lose network connectivity completely on both machines, i.e. ping 8.8.8.8 and ping 192.168.0.1 both fail on both machines.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
