Mailing List Archive: VPN

VPN

Jul 19, 2005, 9:53 AM

Post #1 of 3 (246 views)

I want to cluster two XenLinux machines at two sites and join them to
appear to be one intranet using a VPN daemon. Thus it would make my LAN
appear to have more hosts directly attached to it when they are really
miles away:
10.0.0.2 web1.xen1.example.com <-- XenLinux machine 1 at Site 1
10.0.0.3 mail1.xen1.example.com <-- XenLinux machine 1 at Site 1
10.0.0.4 web2.xen2.example.com <-- XenLinux machine 2 at Site 2
10.0.0.5 mail2.xen2.example.com <-- XenLinux machine 2 at Site 2
...

Can I run the VPN daemon inside a guest domain?

Or should I run it on domain0?

Or do I need to run it externally?

CD

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Re: VPN [ In reply to ]

christian.hergert at gmail

Jul 19, 2005, 1:11 PM

Post #2 of 3 (241 views)

Permalink

I have had very good success running the KAME/IPSec-Tools in 2.6 xenU
domains. I would suggest this exact setup as it has failed to go down in
the 6 months of uptime. Setup routing as you usually would. I believe
3des/SHA1 had the quickest reconnect times.

--
Christian Hergert <christian.hergert@medsphere.com>
Medsphere Systems Corporation

On Tue, 2005-07-19 at 12:53 -0400, Chris de Vidal wrote:
> I want to cluster two XenLinux machines at two sites and join them to
> appear to be one intranet using a VPN daemon. Thus it would make my LAN
> appear to have more hosts directly attached to it when they are really
> miles away:
> 10.0.0.2 web1.xen1.example.com <-- XenLinux machine 1 at Site 1
> 10.0.0.3 mail1.xen1.example.com <-- XenLinux machine 1 at Site 1
> 10.0.0.4 web2.xen2.example.com <-- XenLinux machine 2 at Site 2
> 10.0.0.5 mail2.xen2.example.com <-- XenLinux machine 2 at Site 2
> ...
>
> Can I run the VPN daemon inside a guest domain?
>
> Or should I run it on domain0?
>
> Or do I need to run it externally?
>
> CD
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

Re: VPN [ In reply to ]

xen-users at schlomo

Jul 19, 2005, 1:31 PM

Post #3 of 3 (236 views)

Permalink

Hi,

you would best setup all the VPN stuff in xen0. I would recommend setting
up OpenVPN in bridge mode to transparently connect the two xen0 systems
and within the xenU machines you want to get connected in the end. With
OpenVPN and the linux bridging stuff you can even set up redundant
transports between the systems (with spanning tree).

Regards,
Schlomo

On Tue, 19 Jul 2005, Chris de Vidal wrote:

> I want to cluster two XenLinux machines at two sites and join them to
> appear to be one intranet using a VPN daemon. Thus it would make my LAN
> appear to have more hosts directly attached to it when they are really
> miles away:
> 10.0.0.2 web1.xen1.example.com <-- XenLinux machine 1 at Site 1
> 10.0.0.3 mail1.xen1.example.com <-- XenLinux machine 1 at Site 1
> 10.0.0.4 web2.xen2.example.com <-- XenLinux machine 2 at Site 2
> 10.0.0.5 mail2.xen2.example.com <-- XenLinux machine 2 at Site 2
> ...
>
> Can I run the VPN daemon inside a guest domain?
>
> Or should I run it on domain0?
>
> Or do I need to run it externally?
>
> CD
>
>
>

--
Regards,
Schlomo

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Mailing List Archive

Mailing List Archive

Attached Files: