2,253
 edits
Changes
m
Robot: Automated text replacement  (-VE +container)
An OpenVZ VE container can join an IPsec VPN - specifically the type provided by the Cisco VPN client and 'vpnc' package.
== Using the Cisco VPN client ==
The vpnc package is part of Debian.
It runs entirely in userspace. There's a daemon which communicates with a remote VPN gateway and provides a local TUN device as a network interface for the VE container to use.
Here are brief instructions to get it going:
# When using kernel 2.6.18, use revision ovz028stab047 or later. Earlier revisions are unable to create a raw socket of the necessary protocol.
# Enable the TUN device within your VEcontainer. See [[VPN via the TUN/TAP device]].
# Firewall configuration: allow UDP port 500 in and out of your client. This is used for authentication setup.
# Firewall configuration: allow protocol 50 (0x32) in and out of your client. This is used for VPN data.