This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] domU access to dom0/ tap device

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] domU access to dom0/ tap device
From: "Fajar A. Nugraha" <fajar@xxxxxxxxxxxxx>
Date: Tue, 15 May 2007 16:14:25 +0700
Delivery-date: Tue, 15 May 2007 02:13:01 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <eeed88270705141145x34d79d4fl9dfe4f9740c6207b@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <eeed88270705141145x34d79d4fl9dfe4f9740c6207b@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20070326)
Dennis Muhlestein wrote:
> I'm working on setting up an openvpn server on a domU.  I've got the
> openvpn working but access to hosts on the same physical machine as
> the openvpn server doesn't work.  
It works fine for me.
> Someone on the openvpn list pointed
> out this guide:
> http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F
> The guide is not written for Xen, but rather for vserver.  I think the
> problem is the same though.
I don't think it is.
Networking in vserver and xen is somewhat different. You don't need to
manually create tun/tap device in dom0 to use openvpn in domU.
> i created a tap0 on domO as the guide mentions, but don't know how to
> export that device for OpenVPN to use in domU.

I use bridge networking in my xen setup. My setup is rather complicated
(involves trunks and vlans) but let's say that in terms of networking
dom0 and domU behaves like two different physical host on the same network.

Once you have that working (common problems are iptables, arp, or MTU)
it really doesn't matter what service you run on domU, including openvpn.

Some things you might want to check :
- use bridge setup for xen networking. IMHO it's the simplest way.
- use static mac-address for domU (specified in domU config file)
- disable iptables and selinux on dom0 and domU (makes things easier for
first setup. you can turn them on later if you want)
- verify that network connectivity between dom0 and domU works as
expected (ping, ssh, bandwitdh and latency, etc. I like to use netio to
test it.)
- verify that IP forwarding in domU is turned on
- verify that the exact openvpn setup works on real physical machine (to
isolate any openvpn problems)
- try openvpn on domU

Using latest available version of xen might also help. Some of my
servers (DELL) uses a network card which doesn't work with xen 3.0.2 (it
works perfectly on non-xen setup), but works fine on xen >= 3.0.3.



Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>