This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] domU networking problem

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] domU networking problem
From: Christian Herrler <christian.herrler@xxxxxxxxxxxxxx>
Date: Wed, 17 Nov 2010 02:26:50 +0100
Delivery-date: Tue, 16 Nov 2010 17:28:05 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=DJ9CdlMPUl1DaGQ3Yo7n8eZcgb85/LzeJQvRJR5nWio=; b=XUdAnO3DV0xANacTUQOyWURrjVoPVdLZF2jhdnrm8ZRkDnwBqqsUc3aRIbxGp6lhNk Zud9xkxG5AM6b5aRnLDvv7M1FCDVATzqYoIp1F+XWW1WSmtlJIv3NPDOAS2pgB5niYgg UrnYDcxHPQEYPD6w3dc4VnlNC3trNvKDmR5BU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Qzrms3yRKz1BYnn6wmX2s1ckNFLI7CNpJVUMZ4F1jabz97nsgslkSsK1DiZHVdhInW 1INLH3coe8IsjSfJM/8xQJh3zC45u6NE3nz2ntIBU8fJcbeRCC49XmFhG5wy2/SpB38U pdSKIPvTNUUvZoB3tt4mnWmle3FV3le+gRiBg=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

I have a xen server (xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p /
kernel 2.6.24-28-xen).

I have some domUs, one of them is a fli4l router, the others are
eisfair domUs (fileserver, webserver and mailserver). All of the domUs
are connected via vif network interface with a bridge in dom0.

There is a problem invoking following command in every domU:

openssl s_client -connect pop.googlemail.com:995 -showcerts

After some minutes the command stops with an ssl handshake error. In a
tcpdump I can see, that after SSLv2 Client Hello only TCP
retransmissions are sent by the domU. There is no answer from the
server. The TCP handshake with the server is ok, the TCP finish too.

If I call the same command in dom0, everything works, after SSLv2
Client Hello the server answers with SSLv2 Server Hello and so on.
Finally the requested certificate is shown.

I think there is no problem with the fli4l router because dom0 has
unlimited access. The problem could be the vif network interfaces in
my opinion.

All of the domUs have access to the internet via port 80, e.g. get a
file using wget.

Can you tell me, what the problem is?


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>