Le 30/06/2010 16:35, Galia Lisovskaya a écrit :
2010/6/30 Alfred Sawaya<wildhuji.li...@gmail.com>:
Le 25/06/2010 20:29, Galia Lisovskaya a écrit :
To some devices(in devfs) you may take access, see examples:
http://wiki.openvz.org/USB_Printing_in_VE
http://wiki.openvz.org/Installing_Trixbox_2.0_in_CentOS_VE
http://wiki.openvz.org/VPN_via_the_TUN/TAP_device
Well, I see on Wikipedia that OpenVZ doesn't support IPSec and L2TP into a
VE, and it was just what I wanted to do by inserting kernel module into a
VE...
Wy you want use VPN inside _container_ (not VirtualMachine)? You may
use IPsec on hardware node...
We use IPsec beetween HW nodes in VE0
Actually, we use Xen. We have an IPSec connection to our concentror on
Dom0 and a IPSec connection into a vm for clients access purpose. We
want separating clients access to our access (by isolating clients into
a vm).
But we virtualize debian into debian, so using OpenVZ seems to be a
great thing.
But, we use OpenVPN server (it's user-mode part) inside container,
and, please see this:
http://wiki.openvz.org/Download/vzctl/3.0.24
Why there is such a limitation ? If a VE can access the kernel, why it can't
access a module ? (as the module IS inserting from de host !)
Becouse OpenVZ has virtualizated network stack inside containers. But,
in OpenVPN container, you may add permishions "net_admin" to this
container
Okey, so the matter with IPSec is that a VE can't use a netlink socket ?
I will use OpenVPN, but I wanted IPSec+L2TP because the client is a part
of Windows (for clients).
And most of all, I juste wanted to understand why it is not possible,
for my own culture :)
OpenVZ is a great product by the way. Congrat !
Thank you for your help !
--
--
Alfred Sawaya
_______________________________________________
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users
