Open main menu

OpenVZ Virtuozzo Containers Wiki β

VPN using IPsec

Revision as of 13:24, 11 March 2008 by Botinki Kira (talk | contribs) (Robot: Automated text replacement (-VE +container))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

An OpenVZ container can join an IPsec VPN - specifically the type provided by the Cisco VPN client and 'vpnc' package.

Using the Cisco VPN clientEdit

The Cisco VPN client can be downloded from Cisco, if you have an account with them. It builds a kernel module.

I have not tested this, so I don't have any instructions to set it up.

Elronxenu 19:46, 15 November 2007 (EST)

Using the 'vpnc' packageEdit

The vpnc package is part of Debian. It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the container to use. Here are brief instructions to get it going:

  1. When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol.
  2. Enable the TUN device within your container. See VPN via the TUN/TAP device.
  3. Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup.
  4. Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data.