This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Domain with openvpn-server-bridge to Dom0-bridge proble

To: Tegger <xen@xxxxxxxxx>
Subject: Re: [Xen-users] Domain with openvpn-server-bridge to Dom0-bridge problem
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>
Date: Mon, 21 Jun 2010 08:36:32 +0700
Cc: Xen Users <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Sun, 20 Jun 2010 18:37:55 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C1DF1AE.6060002@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4C1DF1AE.6060002@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On Sun, Jun 20, 2010 at 5:47 PM, Tegger <xen@xxxxxxxxx> wrote:
> Hi,
> i have a problem with bridging. I have a Openvpn Domain, with server bridge.

I can't read your ASCI art, so the information there does not make
sense to me. Sorry.

> with this constellation i can't connect/ping to the real Network with an
> external VPN Connection. The Openvpn Domain itself can ping
> and connect to services in real network. An external VPN User can only ping
> and use Dom0 and other Domains Services.
> I can't find the error.....

Usually the errors are caused by openvpn-specific setup. I'd make sure
that you have a working openvpn setup first, possibly using a phisical
machine. A common pitfall it that you're using openvpn bridge, with
tap interface on domU, but you forgot to create a bridge connecting
the tap interface to domU's eth0 interface.

Another possible pitfall is that you want to make the domU act as
router, but you forgot to setup iptables on domU.


Xen-users mailing list