Tomasz After experimenting with TINC, OpenVPN & others I found and have used PeerVPN to do this:
https://peervpn.net/ PeerVPN is a full-mesh VPN and is auto-learning.. - Ethernet tunneling support using TAP devices. - IPv6 support. - Full mesh network topology. - Automatically builds tunnels through firewalls and NATs without any further setup (for example, port forwarding). - Shared key encryption and authentication support. At the time *I found PeerVPN much simpler to configure that TINC !* A PeerVPN mesh is extremely easy to configure as you only have to install PeerVPN on each host server and edit its config file on that server. The brief tutorial page (https://peervpn.net/tutorial/) shows that config for a basic PeerVPN only requires about 7 lines on each of your servers. In Apr 2015 I documented a proof-of-concept test setup <https://bmullan.wordpress.com/2015/05/12/proof-of-concept-using-mesh-vpn-to-interconnect-lxc-containers-on-multiple-hosts-on-multiple-clouds/> I'd done to interconnect LXC containers on AWS, DIgital Ocean and here locally (so much like you want to do I think). *NOTE: * that documentation *was before* my use of LXD ! *The reason I mention this is that with the advent of LXD the entire > container IP addressing setup using PeerVPN becomes even easier ! * This > is because when I did those tests I never took the time to create a single > DHCP source for all lxc containers on all hosts. In my 2015 > proof-of-concept test of PeerVPN I just a quick & dirty config using the > assumption that no 2 containers (for my test purposes) would get assigned > the same 10.0.3.x IP address by their local Server/Host. Today, LXD *during installation* allows you much more control over each Server/Host's LXDBR0 bridge IP and the 10.x.x.x IP address range that is used for that Host's lxc containers. *So if you were to use PeerVPN, during LXD installation on each server just reserve a portion of the 10.x.x.x IP address range for each Server/Host to avoid any possibility of any 2 containers on any 2 Hosts getting assigned the same IP.* The last config step on each Server/Host is to connect the PeerVPN mesh Tunnel End Point (TEP to the local LXDBR0 bridge to enable all the containers attached to that bridge to pass data over the VPN tunnel to the other servers since my documentation set up a Layer 2 VPN (note PeerVPN supports a Layer 3 tunnel as well I believe). Since the PeerVPN TEP "interface" ... called "peervpn0" in my tutorial example is just like any other Linux ethernet interface you only have to use the "ip link" command to connect "peervpn0" to the LXD "lxdbr0" bridge. *$ sudo ip link set dev peervpn0 master lxdbr0* After you've done that on all 3 hosts your containers on all the hosts should be able to reach each other since they would all be on what logically is the same "ethernet" via the VPN & the fact that you setup all of the LXD installs with the same same 10.x.x.x network. Also, the containers on each Server/Host still get external Internet access (if you permit it) via their local Host. Anyway, I thought I'd send this info in case it is helpful as this should work with servers locally or remotely using LXD. Brian
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
